When a whistleblowing concern is received, the conversation about confidentiality has only just begun. The channel through which the report arrives – a telephone hotline, a web portal, a written submission – determines how the report enters the system.
What happens next depends on the case management infrastructure that receives it. How that infrastructure is designed, who can access what, and how the data is handled throughout the life of the case are the operational realities that determine whether confidentiality is genuinely maintained or merely promised.
Case tracking software sits at the centre of that infrastructure. Understanding what it should do – and what to look for when evaluating it – is a practical concern for any compliance officer responsible for a whistleblowing programme.
The Confidentiality Challenge in Case Management
A whistleblowing case generates a trail of information from the moment it is received: the original report, any follow-up communications with the reporter, the internal notes of those handling it, documents gathered during review, decisions taken and their rationale. Each piece of that trail needs to be protected – not only from external access, but from internal access by people who have no legitimate role in the case.
This is where many organisations face a practical difficulty. General-purpose systems – shared drives, email threads, HR platforms not designed for sensitive case handling – do not provide the access controls, audit trails or data segregation that whistleblowing cases require. Using them creates confidentiality risk at every stage: a document in the wrong folder, a case update sent to a distribution list that includes the subject, a note visible to a line manager who has an interest in the outcome.
Purpose-built case tracking software addresses these risks by design rather than by workaround.
Access Controls and Role-Based Permissions
The first and most fundamental confidentiality feature of case tracking software is granular access control. Not everyone involved in handling a case needs access to every element of it. A robust system allows permissions to be set at the case level, so that only those with a defined role in that specific case can view its contents.
Role-based access typically operates across several dimensions:
- Case handler access – limited to those actively working the case
- Supervisor or reviewer access – for oversight purposes, without access to reporter identity unless strictly necessary
- Read-only access – for audit or compliance review purposes
- System administrator access – for configuration and maintenance, typically separated from case content
Well-designed systems also maintain an access log – a record of who viewed or modified each case, when and from which account. This audit trail serves two purposes: it deters inappropriate access and provides a documented record if the handling of the case is ever called into question.
Separation of Reporter Identity from Case Content
One of the more technically significant confidentiality features in case tracking software is the ability to separate reporter identity from the substance of the report. Where a reporter has provided contact details or identifying information – even where they have chosen not to remain anonymous – that information should be stored separately from the case file and accessible only to those with an explicit need to contact them.
This separation means that a case handler reviewing the details of an allegation does not automatically see who raised it, and vice versa. It also means that if a case is escalated or transferred, the receiving handler receives the substance of the concern without necessarily receiving the reporter’s identity. In practice, this requires a deliberate system architecture – not simply a policy instruction to staff about what to look at.
Data Residency and Security Standards
Where case data is stored, and how it is secured, are governance questions that sit alongside access controls. Organisations with UK operations have a legitimate interest in ensuring that sensitive whistleblowing data is held within UK jurisdiction, subject to UK data protection law and accessible only through systems that meet recognised security standards.
ISO 27001 certification – the international standard for information security management systems – provides an independently audited benchmark for the security of a case management platform. GDPR compliance, including documented data retention policies and subject access request procedures, is a legal requirement for any system processing personal data in connection with EU or UK subjects. Together, these standards set the floor for what a credible case management platform should meet.
UK data residency is a distinct requirement from ISO 27001 or GDPR compliance – a system can be GDPR-compliant while storing data outside the UK. For organisations with specific residency requirements, this should be confirmed explicitly rather than assumed.
Two-Way Communication Without Compromising Anonymity
A confidentiality feature that is sometimes overlooked is the ability to maintain communication with an anonymous reporter after the initial report has been received. Where a reporter has chosen not to identify themselves, the case management system needs to provide a mechanism through which the handling team can ask follow-up questions and the reporter can respond – without either party needing to know who the other is.
This is typically achieved through a secure, anonymised messaging function linked to the case reference. The reporter receives a case number at the point of reporting and can return to the system using that number alone. The handling team communicates through the same channel. Neither party’s identity is exposed in the exchange.
This capability is important for case quality as well as confidentiality: anonymous reporters who can be reached for follow-up provide significantly more actionable intelligence than those who cannot. The Safecall Benchmark Report 2024 records that telephone channels produce 22.7% more identified reporters than written channels – reflecting the trust dynamic at work when a reporter can interact with a professional, responsive service rather than submitting a form into an unknown process.
What to Look for When Evaluating a Platform
Organisations reviewing their case management capability should assess platforms against a consistent set of confidentiality criteria:
- Granular, role-based access controls at the case level
- Full audit trail of access and modifications
- Separation of reporter identity from case content
- Secure anonymous two-way communication
- UK data residency confirmed in writing
- ISO 27001 certification and GDPR compliance documentation
- Data retention policies aligned to legal requirements and regularly reviewed
Platforms that cannot demonstrate all of these features create confidentiality risk that policy commitments alone cannot close.
Related Resources
Whistleblowing Security & Anonymity – safecall.co.uk/resources/whistleblowing-security-anonymity/
Whistleblowing Data Privacy & GDPR – safecall.co.uk/resources/whistleblowing-data-privacy-gdpr/
How Is Whistleblower Data Stored and Protected? – safecall.co.uk/resources/how-is-whistleblower-data-stored-and-protected/
Investigation Case Management – safecall.co.uk/resources/investigation-case-management/
Speak to Safecall
Safecall provides independent whistleblowing services with ISO 27001 certified, GDPR-compliant case management and UK data residency as standard. If you are reviewing the confidentiality of your case handling infrastructure, we can help you assess where your current approach meets the standard and where it falls short.
Contact us: safecall.co.uk/en/contact-us/ | +44 (0) 191 516 7720
Sources and Further Reading
Safecall Benchmark Report 2024 – safecall.co.uk
ISO/IEC 27001:2022 Information Security Management – iso.org
UK GDPR and Data Protection Act 2018 – ico.org.uk
ISO 37002:2021 Whistleblowing Management Systems – iso.org