Protected Disclosures

Protected Disclosures

Our obligations under Protected Disclosure legislation are twofold.

The information headed External Protected Disclosures sets out how we  facilitate external parties in making a disclosure.

Separately, we also have a policy relating to our internal process and it details how we facilitate ComReg workers in making a disclosure.  This internal policy may be found at the bottom of this page under ComReg’s Internal Protected Disclosures Policy.


(External Protected Disclosures)


1. Purpose

Whistleblowing is the term used when a worker (a “discloser”) discloses certain information on wrongdoing, referred to as a “protected disclosure”. A discloser has certain protections under statute when a protected disclosure is made to ComReg. The purpose of this information note is to provide guidance to a discloser on making a protected disclosure to ComReg.

2. Scope

ComReg is the statutory body responsible for the regulation of the electronic communications, postal and premium rate services sectors in Ireland. ComReg is prescribed by statute (S.I. 367/2020) as a body to receive disclosures relating to:

(a)        All matters (within ComReg’s remit) relating to the regulation of the electronic communications sector and the postal sector;

(b)        All matters relating to the regulation of access to and use of the radio spectrum; and

(c)        All matters relating to the performance of the ComReg’s consumer protection function (within the foregoing remit) in respect of the communications and postal sectors.

ComReg is an independent and autonomous reporting channel for receiving and handling information from disclosers and any disclosures will be dealt with accordingly. Disclosers are encouraged to make reports to ComReg at the earliest opportunity and in an appropriate way, in the knowledge that they will be supported, their concerns taken seriously, investigated where appropriate, and that their confidentiality will be respected in accordance with the provisions of the Protected Disclosures Act 2014

3. The Protected Disclosures Act 2014 (“the 2014 Act”)

Under the 2014 Act, a discloser is protected when they make a “protected disclosure”. This is defined in the 2014 Act as a disclosure of information which, in the reasonable belief of the worker, tends to show one or more “relevant wrongdoings”, which came to the attention of the worker in connection with the worker’s employment, and is disclosed in the manner prescribed in the 2014 Act. An obligation to act in the general public interest applies in certain limited cases.  A discloser must, therefore, satisfy the following conditions to qualify for protection under the 2014 Act.

4. Conditions under which a discloser qualifies for protection under the 2014 Act

a) The discloser must be a worker and the information must come to the attention of the worker in connection with the worker’s employment:

A “worker” is broadly defined in the 2014 Act and includes an employee, a consultant, a contractor, a sub-contractor, an agency worker, temporary workers, trainees, interns and individuals on work experience programmes. It does not include volunteers or the general public.

b) The information disclosed must tend to show one or more “relevant wrongdoings”:

Relevant wrongdoings are broadly defined in the 2014 Act, and include information tending to show that:

  • an offence has been, is being or is likely to be committed, and
  • that a person has failed, is failing or is likely to fail to comply with any legal obligation, other than one arising under the discloser’s contract of employment or other contract whereby the discloser undertakes to do or perform personally any work or services.

The full list of relevant wrongdoings is available at section 5(3) of the 2014 Act .  There are also certain exceptions in section 5.  For example, a matter is not regarded as a relevant wrongdoing if it is a matter which it is the function of the discloser or the discloser’s employer to detect, investigate or prosecute and does not consist of, or involve, an act or omission on the part of the employer.  There are also certain exceptions for information disclosed to a legal representative and covered by legal professional privilege.

c) The discloser must have a reasonable belief that the information is substantially true and comes within the categories of matters for which ComReg is a prescribed person:

When disclosing to ComReg as a prescribed person, to qualify as a protected disclosure, in addition to disclosing information in respect of a relevant wrongdoing, the discloser must reasonably believe that the information disclosed, and any allegation contained in it, is substantially true, and comes within the categories of matters for which ComReg is a prescribed person.

d) Disclosure in the manner prescribed in the 2014 Act:

A disclosure to ComReg as a prescribed person is one of the methods of disclosure provided for in the 2014 Act.

e) Trade secrets and public interest:

Where a worker makes a disclosure of relevant information concerning the unlawful acquisition, use or disclosure of a trade secret (within the meaning of the European Union (Protection of Trade Secrets) Regulations 2018 (SI No. 188 of 2018), there is an additional requirement. For such disclosure to be a protected disclosure, the worker must have acted for the purposes of protecting the general public interest.

For further information on the conditions for protections find the full Act here.

The Workplace Relations Commission and/or the courts will determine whether or not a disclosure is a protected disclosure under the legislation, not ComReg. However, it should be noted that the 2014 Act provides that, in such proceedings, all disclosures are presumed to be protected disclosures unless otherwise proven.


5. The Communications Regulation Act 2002 (“the 2002 Act”)

Whistleblower protections are also contained in the Communication Regulation Act 2002 (as amended) (“the 2002 Act”). The 2002 Act refers to persons making an appropriate disclosure of information to ComReg regarding the conduct of an undertaking (defined as “a provider of electronic communications networks or services or associated facilities”), an associate of an undertaking, an association of undertakings or a postal service provider without incurring civil or criminal liability for having done so. The conduct in question must relate to the provision of:

(i)         an electronic communications network or service or an associated facility, or

(ii)        a postal service,

and the person must believe on reasonable grounds that the information is true, or if not able to form a belief on reasonable grounds about the truth of the information, he/she must believe on reasonable grounds that the information may be true and to be of sufficient significance to justify its disclosure with a view to enabling its truth to be investigated by ComReg or by an appropriate law enforcement authority (such as the Garda Síochána).

Section 24 of the 2002 Act does not apply to a protected disclosure within the meaning of the 2014 Act, and while there are certain differences between the 2002 Act, and the 2014 Act, the 2014 Act is most relevant to disclosers making protected disclosures to ComReg.


6. How to make a protected disclosure to ComReg

ComReg has appointed a Protected Disclosures Officer (“PDO”) for the receipt of disclosures. Disclosures may be made to the PDO of ComReg by email, post, or by telephone at the following contact details:

Protected Disclosures Officer

Commission for Communications Regulation

One Dockland Central

Guild Street

Dublin 1

D01 E4X0


Ph: +353 1 6338553

Protected disclosures made to the PDO will be communicated to the Chairperson / the Commission as appropriate in accordance with S.I. 367/2020.

A protected disclosure may be made verbally, but in the interests of clarity and to avoid misinterpretation or misunderstanding, it is preferable that a protected disclosure be made in writing by email or post. If the disclosure is made verbally, the PDO will, where possible, confirm the details of the disclosure, in writing, to the discloser without undue delay. Upon request by the reporting person, a disclosure can also be received by means of a physical meeting where practicable, and within a reasonable timeframe. Record keeping and data protection requirements set out in section 9 below will be complied with.

It is recommended that at a minimum, a disclosure include:

  • that the disclosure is being made as a protected disclosure
  • the discloser’s name, position in the organisation, place of work and confidential contact details
  • the date of the alleged wrongdoing (if known) or the date the alleged wrongdoing commenced or was identified
  • whether or not the alleged wrongdoing is still ongoing
  • whether the alleged wrongdoing has already been disclosed and if so, to whom, when, and what action was taken
  • information in respect of the alleged wrongdoing (what is occurring/has occurred and how) and any supporting information
  • the name of the person(s) allegedly involved in the alleged wrongdoing (if any name is known and the worker considers that naming an individual is necessary to expose the wrongdoing disclosed); and
  • any other relevant information.

7. The procedure applicable after a protected disclosure has been made

ComReg is committed to addressing any concerns raised in an effective and timely manner.   When a disclosure is received:

  • ComReg will promptly, and in any event within seven days of receipt of the report, acknowledge receipt (unless the discloser explicitly requested otherwise, or ComReg reasonably believes that acknowledging receipt would jeopardise the protection of the reporting person’s identity);
  • ComReg may request the discloser to clarify the information reported or to provide additional information. The manner by which clarification may be sought will depend upon the circumstances of the case, and will take into account the circumstances of the disclosure, the timeframe for providing feedback, and the type and content of such feedback;
  • ComReg will diligently follow up on the disclosure. An initial screening process and assessment will be carried out;
  • ComReg will, where possible, keep the discloser informed of the outcome of the assessment, and provide feedback to the discloser within a reasonable timeframe not exceeding three months, or six months in duly justified cases. The nature of the feedback will depend upon the circumstances of each case;
  • The need to maintain confidentiality may prevent ComReg from providing specific details of an assessment, investigation and/or any action taken as a result, to a discloser, but ComReg will provide as much feedback as is reasonable taking into account ComReg’s other obligations. Where possible, ComReg will communicate to the discloser a final outcome of investigation(s) triggered by the disclosure, in a manner that complies with ComReg’s obligations under the Communication Regulation Act 2002, and related regulations;
  • Where appropriate, ComReg will transmit in due time the information contained in the disclosure to any other parties, for further investigation, for example to An Garda Siochána.

Any investigation will be carried out in accordance with the principles of fair procedures and natural justice. ComReg will take all reasonable steps to ensure that the person against whom an allegation is made (the respondent) is afforded appropriate protections in accordance with these principles.


8. Confidentiality

Section 16 of the 2014 Act provides that a person to whom a protected disclosure is made, and any person to whom a protected disclosure is referred in the performance of that person’s duties, shall not disclose to another person any information that might identify the discloser. There are exceptions to this, where the person to whom the protected disclosure was made or referred:

(a) shows that he or she took all reasonable steps to avoid disclosing any such information,

(b)believes that the discloser does not object to the disclosure of any such information, or

(c) reasonably believes that disclosing such information is necessary for:

  • the effective investigation of the wrongdoing concerned,
  • the prevention of serious risk to the security of the State, public health, public safety or the environment, or
  • the prevention of crime, or prosecution of a criminal offence,


(d) where the disclosure is otherwise necessary in the public interest or required by law.

All reasonable steps will be taken to protect the identity of a discloser and to ensure the disclosure is treated in confidence in line with the provisions of the 2014 Act. If a decision is taken to identify a discloser, they will be informed of this decision in advance unless there are exceptional reasons not to do so. Where the discloser requests a review of such a decision, a review will be carried out where practicable.

9. Record keeping and data protection

Dealing with a protected disclosure will involve keeping records and the processing of certain personal data (i.e. the collection, registration, storage, disclosure and destruction of data related to an identified or identifiable person). Records will be kept of every report received, in compliance with relevant confidentiality requirements and subject to the consent of the discloser. Records should be kept in a durable and retrievable form. Oral reporting, and any meeting with the discloser and witnesses, should be documented in the form of accurate minutes of the conversation/ meeting. The discloser / witness should be offered the opportunity to check, rectify and agree the minutes of the conversation by signing them.

Any personal data collected will be dealt with in accordance with ComReg’s Privacy Notice and Data Retention Policy and processed in accordance with the provisions of the Data Protection Act 2018, Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EU) 2018/1725.

Personal data will be kept no longer than is necessary for the purpose for which the data was collected, or is further processed, taking into account, in particular, whether the matter is or is not the subject of investigation. Personal data will be deleted promptly, and usually within two months of completion of the investigation of the facts alleged in the disclosure. There may be exceptions to this, such as where legal proceedings are initiated relating to the disclosure. Where a disclosure is found to be unsubstantiated the data will be deleted without delay. The discloser’s identity will be protected in line with the obligation in section 16 of the Protected Disclosures Act.

Key principles relating to the processing of personal data (Article 5 GDPR, section 71 of the Data Protection Act, 2018) include lawfulness, fairness, minimisation, accuracy, integrity and confidentiality. Specifically, section 71(1)(f) of the 2018 Act requires that data processors (such as ComReg) shall process data in a manner that ensures appropriate security of the data, including by the implementation of appropriate technical or organisational measures, protection against unauthorised or unlawful processing and accidental loss, destruction or damage. In determining the appropriate measures in these contexts, ComReg will ensure that the measures provide a level of security appropriate to the harm that might result from accidental or unlawful destruction, loss, alternation or unauthorised disclosure of, or access to, the data concerned. ComReg will also take all reasonable steps to ensure that employees and other relevant persons (such as contractors, temporary staff etc.) are aware of and comply with the relevant measures put in place.

For the purposes of the annual report, (see below) a register of disclosures received will be kept in a secure location. The details on a register will be maintained no longer than is necessary and in accordance with ComReg’s Privacy Notice and Data Retention Policy.

For further information on the provisions of ComReg’s Privacy Notice and Data Retention Policy see link here.


10. The remedies and procedures for protection against retaliation under the 2014 Act

ComReg recognises that disclosers may be worried that disclosing information may open them up to penalisation and/or affect their employment conditions or security. There are certain protections for disclosers under the 2014 Act.

(a) Dismissal and penalisation of a worker prohibited

The 2014 Act provides that if a disclosure is made by a worker in accordance with the channels set out in the Act, they are protected from dismissal and penalisation by their employer for making a protected disclosure. “Penalisation” means any act or omission that affects a worker to the worker’s detriment, for example suspension, layoff, dismissal, demotion, loss of opportunity for promotion, transfer of duties, adverse changes to conditions of employment, reduction in wages, disciplinary measures, unfair treatment, discrimination, threats and injury.

A claim for unfair dismissal or penalisation is made to the Workplace Relations Commission. In a case of dismissal, the discloser also has the option of making an application for interim relief to the Circuit Court, which may include an application to be put back in work, or back on payroll, pending the determination of the unfair dismissal claim before the Workplace Relations Commission.

(b) Civil immunity and criminal defence

A discloser is afforded civil immunity from a damages claim, and has qualified privilege in defamation law, in respect of the making of a protected disclosure. In a criminal charge concerning unauthorised disclosure of information it is a defence to show that that, at the time of the alleged offence, the discloser reasonably believed that the disclosure of information was a protected disclosure.  These provisions provide certain protections where a discloser breaches confidentiality when making a disclosure, but are subject to the discloser meeting the tests required by the 2014 Act.

(c) Tort action

Workers and third parties have a cause of action in tort against a person who causes detriment to them because they, or another person, have made a protected disclosure. This cause of action is in the civil courts.

(d) Protection of identity

A failure to comply with the protection of identity obligations in section 16 of the 2014 Act is actionable by the discloser if they suffer any loss by reason of the failure to comply. This cause of action is in the civil courts.

11. Annual Report

Section 22 of the 2014 Act requires the publication of a report by public bodies no later than 30 June each year relating to the number of protected disclosures made in the preceding year, and of the actions, if any, taken in response to such disclosures. While the report should contain a reasonable level of information, none of the information provided in the report will be provided in a form that enables the identification of the persons involved.

12. Review

ComReg will monitor the operation of its policies and procedures in respect of external disclosures on an ongoing basis and they may be revoked, replaced or amended at any time.

13. Disclaimer

It  should  be  noted  that  this information note  does  not  purport  to  be  a  statement or legal interpretation of the relevant sections of the 2014 Act, the 2002 Act or of any of the Regulations made under those Acts. It is intended as a general information note on the making of a protected disclosure to ComReg and is not a substitute for professional legal advice.

ComReg’s Internal Protected Disclosures Policy

ComReg’s Internal Protected Disclosures Policy is available here.