• Security

Verbal/Electronic Threats

  • Written By: Elite Strategy Global

Verbal Aggression/Verbal Harassment 

A whistleblower should be prepared to deal with verbal aggression and/or verbal harassment from individuals who do not agree with their whistleblowing actions. These individuals may deliberately use verbiage that might hurt, shame, or scare the whistleblower. These actions could also potentially cause emotional or psychological harm.  

Should the aggressor attack the whistleblower’s character, credibility, or even your competence, the whistleblower should ignore the jabs. Do not lose your cool. Do not let the aggressor push you out of your character. If the whistleblower knows the aggressor, the whistleblower should attempt to resolve the actions as quickly and calmly as possible by having a non-aggressive conversation with the aggressor. Remain calm and grounded. The whistleblower should not retaliate or become aggressive; instead, try to reason with the aggressor to stop the harassing behavior.

Do not get into a verbal altercation with the aggressor. Instead, the whistleblower should take note of the aggressor’s words and accompanying actions. Document the encounter: note the date, time, location, and as much of the verbiage as you can remember. Should these actions take place in or near the workplace, escalate the incident to your supervisor and the office’s security department. Request that a report be generated. Get a copy of the report for your personal record-keeping.  

If the aggressor is someone unknown to the whistleblower, take special note of the aggressor’s physical characteristics, verbiage, and actions. If possible, the whistleblower should try to prevent the verbal blows from escalating by simply ignoring the aggressor. Remove yourself from the situation if you can. If it is impossible to walk away, keep as much distance between you and the aggressor as possible and call for help. Seek help from bystanders (who will later become witnesses if you opt to file a formal report).   

Should the verbal attacks veer into Title VII protected classes (race, color, religion, sex, national origin, familial status, or handicap), the whistleblower should take the actions indicated above AND immediately contact the department’s Equal Employment Opportunity (EEO) Office to report the discriminatory statements. The whistleblower should keep potential legal action to his/herself and allow the EEO Office to handle any future or impending actions.

Internet-Based Threats (Email/Social Media Threats)

A whistleblower should be prepared to deal with internet-based threats and/or social media slander. Even online hate-filled writings can lead to violence directed at the whistleblower. Should a whistleblower experience such issues, they should immediately take note of the sender’s online profile and/or internet address and respond as directed below. 

Should a whistleblower receive a threatening email or social media post, DO NOT RESPOND and DO NOT DELETE. Immediately escalate to your manager, then your IT department. Print out the email or post and save an electronic copy. Even if the email/post was sent anonymously, it can be used as evidence. DO NOT BLOCK the sender — your organization’s IT department can most likely determine the sender’s IP address and location. 

If the threatening message was sent via a social media site (third-party messaging system), immediately escalate to your manager, then your IT department. Based on the severity of the post, you may be directed to the social media site’s security department. Each social media site has privacy, safety, security, policies, and reporting sections. Select the category that best fits the message you received and send an anonymous report. 

Note: Your IT department may ask that you block the person from your social media account and/or your messenger account. Take your lead from your internal IT department.

If the email or post communicates an immediate threat (whether you are in the workplace or at your home), escalate to your building’s onsite security company.  If you do not have onsite security at your location at the time the threat was received, then immediately escalate to the local police. Onsite security or the local police will guide you on the next steps for your immediate safety.

Once you have determined that you are safe, file a report with the onsite security team and/or the local police department. Capture anything that could be useful and allow law enforcement officials to physically review the threats and take photos. Most law enforcement agencies have their own cyber-security departments that can immediately locate the sender’s IP address.  

Note: The act of sending a threatening email is a punishable offense, regardless of the intent (18 USC 875). 

Cyberbullying  

Despite the efforts you might have taken to mind your business and stay under the radar, a whistleblower should be prepared to deal with cyberbullying. At the onset, the whistleblower can opt to ignore the communications. Do not let the online presence aggravate you or make you lose your cool. If the bullying occurs on a work-based system, escalate to your immediate supervisor and the company’s IT department. 

If the cyberbullying occurs on the whistleblower’s private computer and/or social media accounts, block the bully. The whistleblower has a right to refuse to receive persistent postings and/or unsolicited feedback from known or unknown persons. Unfriend, unfollow, or block the bully’s online account. Report the bullying to the website administrators. Social media sites have terms of use agreements in place to protect users from cyberbullying situations. If the cyberbullying is on Twitter and the whistleblower blocks the account, the social media outlet specifically prevents the person from following you and the bully’s replies or mentions will not show in the notifications tab.

Record all cyberbullying incidents. Make copies of messages, posts, and all threatening communications.  Take screenshots for use as evidence should you need them.  Further, review your privacy settings, do not “accept” unknown friend requests, and remove any “friends” you do not know.  While it might be tempting, do not forward the messages.

While there is no federal statute against cyberbullying, most states have policies and/or laws against it. Seek legal advice from a lawyer or your local police department. 

Publishing Whistleblower’s Personally Identifiable Information (PII)  

Whistleblowers should be wary of someone publishing their Personally Identifiable Information (PII) due to their whistleblowing actions.  According to the US Department of Labor, “PII is defined as information:

  • (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or
  • (ii)  by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors).
  • (iii)  Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.” (Guidance on the Protection of Personal Identifiable Information | U.S. Department of Labor (dol.gov)

 

OMB clarifies that Protected PII is any information that can be used to identify a specific person name in combination with any of the below information:

Protected PII means an individual’s first name or first initial and last name in combination with any one or more of types of information, including, but not limited to, social security number, passport number, credit card numbers, clearances, bank numbers, biometrics, date and place of birth, mother’s maiden name, criminal, medical and financial records, educational transcripts. This does not include PII that is required by law to be disclosed. CFR-2018-title2-vol1-sec200-79.pdf (govinfo.gov)

Whistleblowers’ PII should not be released on public forums, online accounts, or published without his or her consent. Should the whistleblower find or suspect that someone has published his or her PII, immediately report the incident to your IT Department, Privacy Officer, and your Security Clearance Department. If the whistleblower is no longer employed with the agency, report the violation to your local police department and obtain a copy of the report for your records.

Most states provide that the violated person can be sued for publishing private information or facts about another person, as long as those facts were not already exposed or considered newsworthy. Publication of Private Facts | Digital Media Law Project (dmlp.org)

For individual publication of private facts by State visit: State Law: Publication of Private Facts | Digital Media Law Project (dmlp.org)

Note: See also the Privacy Act of 1974 (The “No Disclosure Without Consent” Rule). Privacy Act of 1974 – Wikipedia

Telephonic/Bomb Threats

A telephonic threat or a bomb threat/warning may be received by any employee; however, should a whistleblower receive a bomb threat while in the workplace, follow the precautions as described below. Note that persons making such calls may not call the whistleblower’s direct line. While threatening calls of this nature might be specifically targeting the whistleblower, these types of calls could very well be received by anyone answering the company phone. Nonetheless, the caller will deliver the message to the first person contacted. Consequently, it is important that a call of this nature be handled in accordance with this established procedure. All bomb threats should be considered dangerous and should be taken seriously. The employee receiving the call should try to obtain all the information listed on the below Telephone Bomb Threat Checklist.

Note: Whistleblowers should avoid using their cell phones during these incidents as radio signals have the potential to detonate a bomb.

If the whistleblower receives the telephonic bomb threat on his or her personal phone, take the caller seriously.  Do not hang up. Get as much information from the caller as you can (to include the incoming telephone number).  Make note of the sound of the caller’s voice (male or female), distinguishable characteristics of the voice, and or surroundings (detecting the sound of an accent, are there background noises, etc.).  Keep the caller talking as long as you can in order to provide the onsite security and/or local police with as much information about the caller as possible. 

Do not attempt to locate any objects described by the caller (even if the caller tells you it object’s exact location).  Immediately remove yourself from the space and do not re-enter the premises until you have received the all-clear for the bomb squad and/or the onsite police commander. 

Statement of transparency

This entire project is worthless if the tech workers who come to it cannot trust where the information is from, who is behind its creation, and who manages the site. For that reason, I have identified every organization and individual who has been instrumental in its development.

The time and resources required to put together the Handbook were funded by Omidyar Network. This is a wholly independent project owned and managed by me. No identifying data will ever be collected or shared about who accesses this site — with anyone. That said, I do NOT advise accessing this from a company device. Your employer can, and will likely, track visits to a resource like this Handbook. 

You can find a list of the data WordPress automatically collects about site visits here.

 

— Ifeoma Ozoma, Founder of Earthseed, Creator of the Tech Worker Handbook