Filing a report only with whistleblowers name/disabling anonymous reporting

[katlinar]

Hi everyone,

Could someone please help me with finding an anwser to the question, if it is possible to configure Globaleaks in way that when a whistleblower files a report, they can not do it, unless they reveal their name? In other word is it possible to disable anonymous reporting? What are the possibilities to interface an authentication software to Globaleaks?

As our national law does not allow anonymous reporting (protection is only for confidential whistleblowers), I would like to know if Globaleaks is usable in this case, as I am doing research.

Thank you in advance

[evilaliv3]

@katlinar this is possible even if not very typical under the European directive and following whistleblowing best practices.
Whistleblowers prefers and deserve to be anonymous and typically after an initial disclosure they collaborate going into court publicly.

Which law are you referring? Does the law deny anonymous reporting or just provide protections to whistleblowers that declares themselves? this difference is fundamental.

Anyhow absolutely you can enforce that only declared whistleblowers can proceed filing a report and to achieve this you just need to add a mandatory question that ask for their identity information.

[katlinar]

Thank you for your quick reply and I agree. The law does not provide protection to anonymous whistleblowers and institutions do not have the obligation to accept anonymous report. Is it possible to authenticate the person via globaleaks with another authentication software (to avoid that person does not provide their own name)?

[katlinar]

Also, if I could ask another question - is there a possibility to use Globaleaks as a centralized public sector solution that is centrally managed by one institution?

[evilaliv3]

Thank you for your quick reply and I agree. The law does not provide protection to anonymous whistleblowers and institutions do not have the obligation to accept anonymous report. Is it possible to authenticate the person via globaleaks with another authentication software (to avoid that person does not provide their own name)?

If you want to collect the name, it is best to do it with out "Would you like to provide your identity question" so that the information is directly provided confidentially only to recipients but no third party can get to know who is the whistleblower.

[evilaliv3]

Also, if I could ask another question - is there a possibility to use Globaleaks as a centralized public sector solution that is centrally managed by one institution?

Absolutely yes. GlobaLeaks embeds a multitenancy feature for this purpose.

Some examples:

• In Spain there is AOC (the external reporting channel) running platforms for the public agencies that ask to have a platform
  -In Finland there is the Chamber of Commerce that offer platforms to their members
• Worldwide there are many SaaS providers that use a platform to offer platforms to their customers.