Information received on the hotline should be considered sensitive and confidential. Unauthorized disclosure may create a variety of liability situations for the organization. The Compliance Officer must be charged with ensuring proper confidential hotline security. Legal counsel knowledgeable in this area of the law should be involved in creation of hotline security protocols and should be consulted on a case by case basis.
Learn About Our Confidential Hotline ServicesGet Free Quote & Demo
The following tips should assist in carrying out your organization’s security protocols responsibilities:
- All records concerning information received or acted upon by the Compliance Office should be maintained in a secure, controlled access file storage area.
- All mail received in the Compliance Office should be kept in a secure area so unauthorized individuals cannot view the mail, alter it or remove it.
- Any sensitive information, such as identification of callers or proprietary information must be protected at all times including assuring secure storage and communications (i.e. telephone, facsimile and e-mail).
- All information received through the hotline must be retained until the matter is finally resolved.
- The Compliance Officer should develop a log-in system or control form to document the following elements of the records management process:
- Identification/indexing of all records on file.
- Log of all persons given access with details such as date, time and name of compliance official authorizing access.
- Return of records to files; and
- Destruction of records and deletion from the records inventory with specified period of retention and method of disposal.
Click here to view our free webinar about managing a cost-effective hotline operation.