Version Number: 3.0
Revision Date: April 4th, 2023
Policy Owner: Corporate Secretary
Table of Contents
The University’s core values guide and underpin its actions and processes. In line with these values, the University is committed to conducting it affairs lawfully, honestly and with integrity, and expects every member of the University community to maintain the highest standards.
This Policy expresses the University’s commitment to:
- addressing concerns about any wrongdoing that may arise; and
- protecting workers who make disclosures under this Policy.
A culture of openness and accountability is essential in order to prevent wrongdoing and to address wrongdoing if it does occur.
The University recognises that workers have an important role to play in achieving these goals and the importance of workers having avenues to raise concerns in respect of matters which they believe to be true.
This Policy is not intended to act as a substitute for normal day to day operational reporting or other internal employment procedures. For example, a grievance around the worker’s own contract of employment and grievances about interpersonal conflicts should be processed under one of the other University policies, such as the Grievance Procedures, the Duty of Respect and Right to Dignity Policy, etc.
The circumstances in which Disclosures may be made to an external party are also set out in this Policy.
In this Policy, the following capitalised terms (which are used throughout this Policy) shall have the following meanings:
This Disclosures Policy
The Protected Disclosures Act 2014 (as amended by the Protected Disclosures (Amendment) Act 2022)
|Disclosure||A report made under this Policy which is dealt with under this Policy.|
|Disclosure Recipient||The member of the Disclosure Group to whom a Disclosure is made under this Policy.|
|Reporting Person||A Reporting Person is a Worker who makes a Disclosure. This Policy extends only to Workers as defined in the Act, namely employees, independent contractors, agency workers, volunteers, unpaid trainees, members of administrative, management, and includes members of the Governing Body and Governing Body Committees, supervisory bodies, job applicants and all individuals working in UCC who acquire information on Relevant Wrongdoings in a work-related context.|
This Policy covers the disclosure of information which, in the reasonable belief of the Reporting Person, tends to show one or more of the following wrongdoings has been, is being or is likely to be committed:
(a) a criminal offence;
(b) a failure to comply with any legal obligation other than one arising under the contract of employment of the person making the disclosure;
(c) a miscarriage of justice;
(d) the endangering of the health and safety of any individual;
(e) damage to the environment;
(f) unlawful or improper use of funds or resources of a public body;
(g) an act or omission by or on behalf of a public body which is oppressive, discriminatory, grossly negligent or constitutes gross mismanagement;
(h) an act or omission that is unlawful or that defeats the object or purpose of certain rules of the European Union in the following areas:
(i) public procurement
(ii) financial services, products and markets, and the prevention of money laundering and terrorist financing;
(iii) product safety and compliance;
(iv) transport safety;
(v) protection of the environment;
(vi) radiation protection and nuclear safety;
(vii) food and feed safety and animal health and welfare;
(viii) public health;
(ix) consumer protection;
(x) protection of privacy and personal data, and security of network and information systems;
or affects the financial interests of the European Union or the internal market; or
(i) the deliberate concealment of any of the above matters.
For the purposes of this Policy information is Relevant information if –
(a) in the reasonable belief of the Reporting Person, it tends to show one or more Relevant Wrongdoings; and(b) it came to the attention of the Reporting Person in a work-related context.
Penalisation as defined in the Act, means any direct or indirect act or omission which occurs in a work-related context, is prompted by the making of a report and causes or may cause unjustified detriment to a Reporting Person, and in particular includes the items set out in Appendix 3.
|University or UCC||University College Cork – National University of Ireland, Cork|
Aims and Objectives of this Policy
- To provide avenues for Reporting Persons to make Disclosures in confidence;
- To encourage Reporting Persons to feel confident and safe in making Disclosures;
- To engage with Reporting Persons with respect to Disclosures made; and
- To protect Reporting Persons from penalisation or any threat of penalisation where the Reporting Person reasonably believes that the Disclosure tends to show Relevant Wrongdoing.
This Policy applies to all Workers in the University
Roles and Responsibilities
The Disclosure Group are responsible for:
(a) acknowledging receipt of the disclosure in writing to the Reporting Person;
(b) conducting an initial assessment of the Disclosure to determine whether there is evidence that a Relevant Wrongdoing may have occurred;
(c) managing the Disclosure in accordance with this Policy;
(d) providing the Reporting Person with periodic updates;
(e) dealing with any Disclosures from an external body following the procedures set out in this Policy;
(f) advising the Chair of the Audit and Risk Committee when a Disclosure is received and initially assessed; and
(g) considering the outcome of any investigation and advising the President accordingly.
The Disclosure Group shall be supported by administrative staff.
The Audit and Risk Committee are responsible for:
(a) Providing independent advice to Governing Body on the disclosure processes;
(b) Reviewing the effectiveness and adequacy of this Policy and staff awareness of it; and
(c) Ensuring Disclosures are properly recorded and accounted for in the financial statements where appropriate.
The Reporting Person is responsible for:
(a) Bringing the matter to the attention of the Disclosure Recipient or the Disclosure Group;
(b) Providing information related to the reported Relevant Wrongdoing;
(c) Cooperating with any process with which they are requested to; and
(d) Exercising discretion and committing to keeping the reporting and investigation process confidential.
The Disclosure Recipient is responsible for:
(a) Bringing the matter to the attention of the Disclosure Group; and
(b) Cooperating with any process as requested.
For the avoidance of doubt, a Reporting Person should not pursue their own investigations, however well intended, as this could compromise the University’s ability to take effective action.
Making a Disclosure
What is a Disclosure?
What can be raised?
A Disclosure must contain relevant information which, in the reasonable belief of the Reporting Person tends to show one or more Relevant Wrongdoings, and which came to the attention of the Reporting Person in a work-related context.
The University does not expect absolute proof of any Relevant Wrongdoing. However, the Reporting Person will be expected to provide information which forms a reasonable basis for the belief.
Reporting Persons can be assured that the University shall provide all reasonable supports where possible for any individual making such a Disclosure.
A matter is not a relevant wrongdoing (and does not come within the terms, or attract the protections and redress of the Act) if it is the function of the Worker or the University to detect, investigate or prosecute and does not consist of or involve an act or omission on the part of the University. Even if the Relevant Wrongdoing is a function of the Reporting Person to detect, investigate or prosecute, it will still be a Protected Disclosure if the Relevant Wrongdoing involves an act or omission on the part of the University.
This Policy is not intended to act as a substitute for normal day to day operational reporting or other internal employment procedures. For example, a grievance around the Discloser’s own contract of employment, should be processed under one of the other University policies, such as the Grievance Procedure, the Duty of Respect and Right to Dignity Policy, etc.
This Policy is intended to deal with reports of Relevant Wrongdoing as defined in this Policy. A matter concerning interpersonal grievances exclusively affecting a Reporting Person, such as grievances about interpersonal conflicts involving the Reporting Person and another Worker, or a complaint to the University or about the University which concerns the Worker exclusively, is not a Relevant Wrongdoing for the purposes of this Policy. Interpersonal grievances should be processed under one of the other University policies, such as the Grievance Procedure, the Duty of Respect and Right to Dignity Policy, etc.
Safeguards and Penalisation
If a Reporting Person makes a Protected Disclosure, they are protected by law against Penalisation as a result of making a Protected Disclosure.
A Reporting Person, who makes a Disclosure, which they reasonably believe tends to show one or more Relevant Wrongdoings, will not be disciplined by the University if the matter disclosed turns out to be unfounded.
If it is concluded that the Reporting Person has knowingly reported false information, they may be subject to disciplinary action in accordance with the University’s disciplinary procedures, and any person who suffers damage as a result may have a cause of action against them as set out in Section 13A of the Act.
The Disclosure Group or anyone else to whom a reported Relevant Wrongdoing is shared with to allow them to carry out their functions in relation to the reported Relevant Wrongdoing, cannot disclose the identity of the Reporting Person to anyone else (or any information that might reveal the identity of the reporting person) without the explicit consent of the Reporting Person, other than strictly within the provisions permitted in the Act. However, this does not include people with whom the Disclosure Group reasonably considers it may be necessary to share the identity with, for example associated administrative staff, for the purposes of the receipt, transmission, or follow-up of the reported Relevant Wrongdoing. Such other persons also cannot disclose the identity of the Reporting Person.
Where action is to be taken following a Disclosure, the Disclosure Group will consult with the Reporting Person and, where possible, gain the informed consent of the Reporting Person, prior to any action being taken that could identify them. This may include when reports are being referred by the University to an external party.
It should be noted that the Act allows the identity of the Reporting Person to be disclosed in certain prescribed circumstances apart from the situation in 6.11 even where the Reporting Person does not consent to their identity being disclosed such as:
I. The person to whom the disclosure was made or transmitted shows that he / she took all reasonable steps to avoid such disclosure. Note: This relates to a situation where all reasonable steps were taken to avoid disclosure of the identity, but the identity has been revealed in some manner, for example through an unforeseeable error or other unavoidable occurrence.
II. The person to whom the disclosure was made or transmitted had a reasonable belief that it was necessary for the prevention of serious risk to the security of the State, public health, public safety or the environment;
III. Where the disclosure is otherwise required by law;
IV. Where the disclosure is a necessary and proportionate obligation imposed by European Union law or the law of the State in the context of investigations or judicial proceedings, including with a view to safeguarding the rights of defence of the person concerned.
Where it is decided that it is necessary to disclose the identity of the Reporting Person or other information that may or will disclose the identity of the Reporting Person, in the cases referred to at II or IV above, the Reporting Person will be informed of this decision in advance of the disclosure, and the reasons for the disclosure, unless the notification would jeopardise:
I. The effective investigation of the wrongdoing,
II. The prevention of serious risk to the security of the State, public health, public safety or the environment, or
III. The prevention of crime or prosecution of a criminal offence
Workers who are concerned that their identity is not being protected should notify either a member of the Disclosure Group or the Director of Human Resources who will assess the matter and take appropriate action where necessary.
No attempt should be made by any person in the University, to whom the identity has not been revealed, to identify the individual as part of the receipt and follow-up of the report of a Relevant Wrongdoing. If such attempts are made, whether successful or not, the person making the attempt may be subject to the University’s disciplinary procedures.
Consistent with the discharge of its duties under this Act , the University will also seek to protect the confidentiality of the identity of any third party mentioned in a report.
Making a Disclosure - Internal Procedures
To whom should a Reporting Person make a Disclosure?
The Reporting Person may make a Disclosure to:
the Disclosure Group at email@example.com; or
an individual member of the Disclosure Group.
The members of the Disclosure Group are:
Deputy President and Registrar firstname.lastname@example.org
Corporate Secretary email@example.com
If the Disclosure concerns a member of the Disclosure Groupthe theReporting Person may make the Disclosure to one of the other members of the Disclosure Group or to the President at President@ucc.ie . The Disclosure will not be made known to the relevant member of the Disclosure Group concerned, they will recuse themselves and a substitute will be appointed in their place by the President.
If the Disclosure concerns the President, the Reporting Person may make the Disclosure to the Chair of the Governing Body at firstname.lastname@example.org. The Chair of the Governing Body will establish a special Disclosure Group, consisting of external members of the Governing Body, who will exercise the functions of the Disclosure Group as set out in this Policy.
The Reporting Person should:
give any documentation or other form of evidence to the Disclosure Recipient;
not mention the Disclosure to anyone except for the Disclosure Recipient;
not talk to any other staff about the Disclosure;
not send information relating to the Disclosure to any person other than the Disclosure Recipient;
not contact the person about whom the Disclosure is made, or tell them about the Disclosure; and
exercise discretion and commit to keeping the reporting and investigation process and the identity of persons named in or identifiable from the Disclosure confidential.
For the avoidance of doubt, a Reporting Person may take legal advice on the Disclosure from a lawyer or a Trade Union official.
The Corporate Secretary will advise the President that a Disclosure has been received and confirm, with the President, if any additional members are needed on the Disclosure Group.
The Corporate Secretary will convene the Disclosure Group.
A conflict of interest check will be carried out in accordance with the University’s Conflict of Interest Policy on the members of the Disclosure Group and external investigators/ professional advisers (if engaged) to ensure no conflict of interest exists. This will be documented.
If any member of the Disclosure Group has a conflict of interest in relation to a Disclosure, they must declare it to the Corporate Secretary and absent themselves from the case. If the Corporate Secretary has a conflict of interest they will advise the President and the President will appoint someone to take responsibility for this Disclosure.
How to make a Disclosure?
It is expected that a Disclosure will be made in writing. A template Disclosures Form available for making Disclosures is set out in Appendix 2. A Reporting Person may arrange a meeting with a member of the Disclosure Group on the understanding that any Disclosure will need to be documented for consideration by the Disclosure Group. It is recommended that, as far as possible, Disclosures should be factual and include:
the Reporting Person’s name, position in the organisation, place of work and confidential contact details;
relevant information in respect of the reported Relevant Wrongdoing (what is occurring / has occurred and how) and any supporting information;
the date of the reported Relevant Wrongdoing (if known) or the date the reported Relevant Wrongdoing commenced or was identified;
where and when the reported Relevant Wrongdoing occurred;
whether or not the reported Relevant Wrongdoing is still ongoing;
whether it has been reported to anyone else within the University or externally and if so to whom, when and what action was taken; and
any other relevant information.
While the focus of the University will be the Disclosure rather than the Reporting Person, the University does not encourage Reporting Persons to make Disclosures anonymously because a proper investigation may be more difficult or impossible if the University cannot obtain further information from the Reporting Person. While the University reserves the right to process anonymous disclosures, the University has no obligation to do so and may choose not to do so.
Accordingly, anonymous Disclosures will be considered at the discretion of the Disclosure Group. When exercising this discretion, the Disclosure Group shall take into account:
the seriousness of the issue(s) raised;
the credibility of the concern; and
the capacity of the University to investigate the allegation without being able to engage with the Reporting Person.
Any anonymous Reporting Person who subsequently identifies themselves as the Reporting Person shall be afforded protections under the Act where the matter disclosed constitutes a Disclosure.
How will a Disclosure be dealt with?
The Disclosure Group shall acknowledge, in writing, to the Reporting Person receipt of the Disclosure within 7 days of receipt of the Disclosure.
The Disclosure Group will carry out an Initial Assessment of all disclosure(s) to determine what action may be appropriate.
The assessment process will include the following steps:
Determining the nature of the information disclosed and the procedure or procedures (e.g. disclosure process; grievance process, etc.) most appropriate for addressing the matter;
Clarifying the basis of the concerns raised and establishing whether there is prima facie evidence that a Relevant Wrongdoing may have occurred. Prima facie evidence means sufficient evidence that, unless rebutted will be sufficient to prove that the Relevant Wrongdoing may have taken place.
Gauging the risk associated with the issue and taking immediate action if the reported Relevant Wrongdoing involves a serious loss or danger to others; and
Have due regard to the nature and seriousness of the reported Relevant Wrongdoing.
The Disclosure Group may seek further information from the Reporting Person.
If it is determined that the matter disclosed meets the criteria of a Protected Disclosure under the Act, the assessment will include consideration of whether the Relevant Wrongdoing disclosed is something that can or should be investigated and, if so, by whom.
If, having carried out the Initial Assessment, the Disclosure Group decides that there is no evidence that a Relevant Wrongdoing may have occurred and that no further action should be taken, they will close the file.
Where the assessment concludes that the matter is appropriately dealt with under another University policy including but not limited to:
Duty of Respect and Right to Dignity
UCC Code of Research Conduct
The Disclosure Group will advise the Reporting Person of the appropriate steps to take. The Disclosure Group will be advised of the outcome of the ensuing process by the owner of the University policy. University policies are available on the OCLA website and the HR website.
In exceptional circumstances and where appropriate to do so, the Disclosure Group may commission an investigation into disclosures that do not appear to meet the criteria of a disclosure under the Act.
The Disclosure Group will provide feedback to the Reporting Person within a reasonable time, being not more than 3 months from the date the acknowledgement of receipt of the report was set to the Reporting Person and, where he or she so requests in writing, further feedback at 3 month intervals until such time as the procedure relating to the report concerned is closed.
What happens in an Investigation?
If the Disclosure Group decides that there is prima facie evidence of the Relevant Wrongdoing and to commission an investigation into the matter, the Disclosure Group will determine the nature and extent of the investigation and issue Terms of Reference to the investigator. The nature of the investigation will vary depending on the nature and seriousness of the matter disclosed and could range from an informal approach for apparently less serious Relevant Wrongdoings to a detailed and extensive investigation of apparently serious Relevant Wrongdoings, including referral to an appropriate external body such as An Garda Síochána where appropriate.
The Disclosure Group will appoint person or persons (either internal and/or external to the University) who is or are most appropriately placed to investigate the particular disclosure in question (the “Investigator(s)”).
The Reporting Person will be provided with periodic updates by the Disclosure Group.
The principles of natural justice and fair procedures will apply in respect of any member of the University who is requested to cooperate with any investigation. The Terms of Reference in respect of any investigation will address all of these matters. If any person who is required to cooperate with the investigation fails to do so, the Disclosure Group may refer this to the Director of Human Resources or other appropriate person.
The Corporate Secretary, on behalf of the Disclosure Group, shall advise the Chair of the Audit and Risk Committee when a Disclosure is received and initially assessed. The information provided will be as follows:
Type of issue
Steps to be taken as determined by the Disclosure Group
The Investigator(s) will send a Report to the Disclosure Group.
The Disclosure Group will consider the outcome and report on the outcome to the President. Upon receipt of the outcome, the President will take such steps as they consider appropriate by reference to University policies and procedures (including relevant Disciplinary policies and procedures) where appropriate.
Disclosures to an External Party
The aim of this Policy is to provide an avenue within the University for making Disclosures. The University acknowledges that there may be circumstances where a Reporting Person wishes to make a Disclosure externally and the Act provides for a number of avenues in this regard. A Reporting Person may make a disclosure to one of the prescribed persons listed in Protected Disclosures Act 2014 (Disclosure to Prescribed Persons) Order 2020. A full list of prescribed persons by sector is available on gov.ie. For further information, see sections 7 to 10 of the Act on these avenues and the criteria to be satisfied.
If any person, on behalf of the University, receives a Disclosure from an external party, it must be sent to the Disclosure Group. The Disclosure Group will follow the procedures set out above.
 A Reporting Person may make a disclosure to a prescribed person if it falls within the description of matters in respect of which the prescribed person by reason of the nature of their responsibilities or functions appear appropriate to be the recipient of the disclosure and that the information disclosed, and any allegation contained in it, are substantially true. In general, prescribed persons have regulatory functions in the area which are the subject of the allegations.
 If the organisation is regulated or a specific prescribed person applies to them, this prescribed person or prescribed persons should be specifically called out here.
Reporting and Other Matters
Any party may seek a review of a decision or process if they have been affected by any of the following processes: (i) The conduct or outcome of any follow-up actions (including any investigation) taken on foot of the receipt of a report; (ii) The conduct or outcome of any investigation into a complaint of penalisation; and (iii) Any decision to disclose the identity of a Reporting Person (except in exceptional cases)
A review may be requested by writing to a member of the Disclosure Group setting out the reason(s) they are requesting a review, no later than 6 months after the outcome has been reported to the President and the Disclosures Group will refer same to the President on receipt
Reviews may be undertaken by a senior officer in the University or a suitably qualified external person, as appropriate. In all cases, reviews will be undertaken by a person who has not been involved in the initial assessment.
Reporting the Outcome
The Disclosure Group may advise the outcome to other external bodies as appropriate, including but not limited to:
- The University Insurers;
- An Garda Síochána;
- Higher Education Authority;
- Department of Further and Higher Education, Research, Innovation and Science; and
- Any other relevant person.
Following completion of the steps prescribed by the Disclosure Group after its assessment, the Corporate Secretary, on behalf of the Disclosure Group, will provide a report to the Audit and Risk Committee setting out:
- Description of disclosure
- Name of investigator and Terms of Reference (if any)
- Any other relevant information/recommendations
Penalisation and Retaliatory Actions
If the Reporting Person believes that they have been subject to Penalisation as a result of making the Disclosure, they should report the matter to the Disclosure Group or a member of the Disclosure Group immediately.
The Disclosure Group will itself deal with the matter appropriately or will refer the matter to the Director of Human Resources to do so.
The protection against penalisation will not apply to the extent it is concluded the Reporting Person has culpability in relation to the Wrongdoing and in those circumstances the Reporting Person may be subject to disciplinary action in accordance with the University’s disciplinary procedures.
The University may restrict certain data subject access rights under data protection law to ensure complete protection of the identity of Reporting Persons and others and to prevent any efforts to impede, frustrate or slow down follow-up on Disclosures received and to protect the processing of a Disclosure under this Policy.
An Annual Report shall be published on the University website in accordance with Section 22(1) of the Act, in relation to the Protected Disclosures received in the preceding calendar year. The Annual Report shall maintain the anonymity of all those involved and shall include information on:
The number of Protected Disclosures made to the University;
The broad nature of the Protected Disclosures; and
The action (if any) taken in response to each Protected Disclosure.
Review and Approval
Review and Approval
It is the responsibility of the Corporate Secretary to arrange a review of this Policy every three years or earlier on the introduction of any amendments to the Act.
This Policy may be amended or replaced from time to time by the Governing Body.
|Policy Approval Pathway||
University Leadership Team
Audit and Risk Committee
|Corporate Secretary||Approved by Governing Body, April 4th 2023|
If you have any queries in relation to this Policy, please contact:
Policy Development Manager
Office of Corporate and Legal Affairs
Supporting Policies, Procedures and Functions
This Policy should, where appropriate, be read in conjunction with other University policies and codes including UCC’s:
- Conflict of Interest Policy
- Data Protection Policy
- Anti-Fraud Policy and Procedure
- The Principal Statute https://www.ucc.ie/en/ocla/statutes/statutes/
- Code of Conflict of Interest in Relation to Recruitment and Promotions Code of Conflict of Interest in Relation to Recruitment & Promotions | University College Cork (ucc.ie)
- Procurement Policies https://www.ucc.ie/en/procurement/
- HR Policies: Recruitment | University College Cork (ucc.ie)
- OCLA Policies: Policies | University College Cork (ucc.ie)
Appendix 1: Protected Disclosures Reporting Form_2023
Appendix 2: Examples of Penalisation
Section 3 of the Act provides the following examples of penalisation:
a) suspension, lay-off or dismissal,
b) demotion or loss of opportunity for promotion or withholding of promotion,
c) transfer of duties, change of location of place of work, reduction in wages or change in working hours,
d) the imposition or administering of any discipline, reprimand or other penalty (including a financial penalty)
e) coercion, intimidation or harassment or ostracism,
f) discrimination, disadvantage or unfair treatment,
g) injury, damage or loss,
h) threat of reprisal,
i) withholding of training,
j) a negative performance assessment or employment reference,
k) failure to convert a temporary employment contract into a permanent one, where the worker had a legitimate expectation that he or she would be offered permanent employment,
l) failure to renew or early termination of a temporary employment contract,
m) harm, including to the worker’s reputation, particularly in social media, or financial loss, including loss of business and loss of income,
n) blacklisting on the basis of a sector or industry-wide informal or formal agreement, which may entail that the person will not, in the future, find employment in the sector or industry,
o) early termination or cancellation of a contract for goods or services,
p) cancellation of a licence or permit, and
q) psychiatric or medical referrals.