Whistleblower Protection Guide

What Is Whistleblowing?

Whistleblowing is the act of disclosing information about wrongdoing within an organization to people or entities that have the power to take corrective action. In the context of government, a whistleblower is someone — typically a current or former employee, contractor, or insider — who reports illegal activity, fraud, waste, abuse, corruption, or threats to public health and safety carried out by government officials or agencies.

Whistleblowing is distinct from leaking. A whistleblower discloses information about specific wrongdoing through channels — internal reporting mechanisms, inspectors general, oversight committees, or in some cases the press — with the intent of correcting the problem. A leak is the unauthorized release of information that may or may not involve wrongdoing. The distinction matters legally: whistleblower protections generally apply only when the disclosure concerns genuine misconduct and follows certain procedural requirements.

Why Whistleblowing Matters for Democracy

Democratic governments derive their legitimacy from the consent of the governed. That consent is meaningful only when citizens have access to accurate information about what their government is doing. Whistleblowers serve as a critical check on power by exposing the gap between what governments say they do and what they actually do. Without whistleblowers:

• Oversight mechanisms fail. Inspectors general and oversight committees depend on insider information. Most major government scandals were first surfaced by whistleblowers, not auditors.
• Corruption becomes self-reinforcing. When wrongdoing goes unreported, it normalizes. Officials who see colleagues engage in corruption without consequence are more likely to participate.
• Public resources are wasted. The U.S. Government Accountability Office estimates that whistleblower disclosures have saved taxpayers over $70 billion since 2000.
• Lives are at stake. Whistleblowers have exposed contaminated water supplies, unsafe drug approvals, intelligence failures, and military misconduct that endangered civilian lives.

Famous Whistleblowers and Their Impact

Daniel Ellsberg (1971)

A military analyst at the RAND Corporation, Ellsberg leaked the Pentagon Papers — a 7,000-page classified study revealing that the U.S. government had systematically deceived the public about the Vietnam War for decades. The documents showed that four successive presidents had privately assessed the war as unwinnable while publicly claiming progress. The Supreme Court ruled in New York Times Co. v. United States (1971) that the government could not prevent publication, establishing a landmark precedent for press freedom. Ellsberg faced charges under the Espionage Act carrying a potential 115-year sentence, but the case was dismissed due to government misconduct in gathering evidence against him.

Edward Snowden (2013)

A contractor for the National Security Agency, Snowden disclosed classified documents revealing the existence of mass surveillance programs including PRISM (which collected data from major tech companies), XKeyscore (which could search nearly everything a person did on the internet), and the bulk collection of telephone metadata from millions of Americans. His disclosures triggered a global debate about privacy, led to the USA FREEDOM Act of 2015 which curtailed some surveillance practices, and prompted major technology companies to adopt end-to-end encryption. Snowden was charged under the Espionage Act and received asylum in Russia. He remains one of the most polarizing figures in the whistleblower debate — celebrated by civil liberties advocates and condemned by national security officials.

Chelsea Manning (2010)

An Army intelligence analyst, Manning provided WikiLeaks with hundreds of thousands of classified documents including the "Collateral Murder" video showing a U.S. Apache helicopter killing Iraqi civilians and two Reuters journalists, diplomatic cables revealing backroom dealings between governments, and war logs from Iraq and Afghanistan documenting civilian casualties that had not been publicly acknowledged. Manning was convicted under the Espionage Act and sentenced to 35 years in military prison. President Obama commuted her sentence in 2017 after she had served seven years. The disclosures prompted reforms in how the military handles civilian casualty reporting.

Frances Haugen (2021)

A former product manager at Facebook (now Meta), Haugen disclosed internal research showing that the company knew its platforms caused harm — particularly to teenage girls — and chose profits over safety. She provided tens of thousands of internal documents to the Securities and Exchange Commission and Congress, testified before the Senate Commerce Committee, and briefed lawmakers in multiple countries. Her disclosures accelerated legislative efforts to regulate social media platforms, including the EU's Digital Services Act and proposed U.S. legislation on children's online safety. Unlike earlier whistleblowers, Haugen specifically navigated the SEC whistleblower program and retained legal counsel before making disclosures, providing a model for corporate whistleblowing.

Legal Protections by Country

Whistleblower protections vary enormously across jurisdictions. The table below compares key features of the legal frameworks in five major democracies.

Feature	United States	United Kingdom	European Union	Australia	Canada
Primary Legislation	Whistleblower Protection Act (1989); Dodd-Frank Act (2010); Intelligence Community WPEA (2014)	Public Interest Disclosure Act 1998 (PIDA)	EU Directive 2019/1937	Public Interest Disclosure Act 2013	Public Servants Disclosure Protection Act (2007)
Coverage	Federal employees, contractors, SEC/CFTC-regulated entities, tax fraud reporters	All workers including employees, agency workers, trainees, NHS practitioners	All persons in work-related context: employees, self-employed, shareholders, volunteers, job applicants	Public sector employees, private sector employees of large companies, tax affairs	Federal public servants only (significant gap)
Reporting Channels	Inspector General, OSC, Congress, SEC/IRS (sector-specific); external disclosure limited	Internal first (employer), then prescribed persons/bodies, then external (media) with escalating thresholds	Internal channels mandatory for organizations with 50+ employees; external reporting to competent authorities; public disclosure as last resort	Internal, external (to Commissioner), public (in limited circumstances)	Internal or to Public Sector Integrity Commissioner
Remedies for Retaliation	Reinstatement, back pay, compensatory damages; Dodd-Frank adds double back pay + attorney fees for SEC-related	Unlimited compensation at Employment Tribunal; no cap on damages	Protection from dismissal, demotion, harassment; effective remedies required by member states	Compensation, reinstatement, injunctions, criminal penalties for retaliation	Disciplinary action against retaliators; limited remedies for whistleblower
Financial Rewards	SEC: 10-30% of sanctions over $1M; IRS: 15-30% of collected proceeds over $2M; False Claims Act: 15-30%	No financial reward program	Not mandated by directive; individual member states may implement	ATO Tax Integrity reward program (limited)	No financial reward program
Anonymity Protections	SEC and IRS allow anonymous submissions through attorneys; OSC does not guarantee anonymity	No legal right to anonymity but identity protected during investigation where possible	Confidentiality of identity is mandatory; anonymous reports must be accepted	Criminal offense to reveal whistleblower identity	Commissioner must protect identity; criminal offense to disclose
Overall Strength	Strong but fragmented across multiple statutes	Moderate — strong on paper, enforcement gaps in practice	Strong — comprehensive framework, but implementation varies by member state	Good — strengthened significantly in 2019 reforms	Weak — covers only federal public sector, limited remedies

United States: Whistleblower Protection Act & Dodd-Frank

The Whistleblower Protection Act (WPA)

Enacted in 1989 and strengthened by the Whistleblower Protection Enhancement Act of 2012, the WPA prohibits federal agencies from taking or threatening to take adverse personnel actions against employees who disclose information they reasonably believe evidences:

• A violation of any law, rule, or regulation
• Gross mismanagement
• A gross waste of funds
• An abuse of authority
• A substantial and specific danger to public health or safety

The Office of Special Counsel (OSC) investigates complaints of retaliation. If the OSC finds that retaliation occurred, it can seek corrective action from the Merit Systems Protection Board (MSPB), including reinstatement, back pay, and attorney fees. The 2012 enhancement extended protections to disclosures made during the normal course of duties, closing a loophole that had been used to deny protection to employees whose job involved identifying problems.

The Dodd-Frank Wall Street Reform Act (2010)

Section 922 of Dodd-Frank created the SEC Whistleblower Program, which fundamentally changed the incentive structure for reporting financial fraud. Key provisions:

• Financial rewards: Whistleblowers who provide original information leading to successful SEC enforcement actions with sanctions exceeding $1 million receive 10-30% of the sanctions collected.
• Anti-retaliation: Employers who retaliate face liability for double back pay with interest, reinstatement, and attorney fees.
• Confidentiality: The SEC is prohibited from disclosing the whistleblower's identity except as required by law.
• Anonymous filing: Tips can be submitted anonymously through an attorney.

The False Claims Act (Qui Tam)

Originally passed during the Civil War to combat defense contractor fraud, the False Claims Act allows private citizens to file lawsuits on behalf of the government against entities that have defrauded federal programs. Successful qui tam relators (whistleblowers) receive 15-30% of the recovery. Since 1986, qui tam actions have recovered over $50 billion for the federal government. This law is particularly effective in healthcare fraud cases, where whistleblowers — often billing specialists or compliance officers — identify systematic overbilling of Medicare and Medicaid.

United Kingdom: Public Interest Disclosure Act 1998

PIDA was the first comprehensive whistleblower protection statute in Europe. It amended the Employment Rights Act 1996 to protect workers who make "qualifying disclosures" — disclosures of information the worker reasonably believes show that one of the following has occurred, is occurring, or is likely to occur:

• A criminal offense
• A failure to comply with a legal obligation
• A miscarriage of justice
• A danger to health or safety
• Environmental damage
• Deliberate concealment of any of the above

PIDA uses a tiered disclosure system. Internal disclosures to the employer have the lowest threshold — the worker need only have a reasonable belief that the information tends to show wrongdoing. Disclosures to "prescribed persons" (regulators such as the Financial Conduct Authority, Health and Safety Executive, or HM Revenue & Customs) require a reasonable belief that the information is substantially true. External disclosures to the media or public require meeting additional conditions: the worker must not have made the disclosure for personal gain, must reasonably believe the information is substantially true, and the disclosure must be "reasonable in all the circumstances."

EU Whistleblower Directive 2019/1937

Adopted in October 2019 with a transposition deadline of December 2021 for most member states, the EU Whistleblower Directive establishes minimum standards for whistleblower protection across the European Union. It represents the most comprehensive supranational whistleblower framework in the world.

Key Requirements

• Internal reporting channels: All legal entities in the private sector with 50 or more employees and all public sector entities must establish secure internal channels for receiving and following up on reports.
• External reporting to authorities: Member states must designate competent authorities to receive external reports, with obligations to acknowledge receipt within 7 days and provide feedback within 3 months.
• Public disclosure: Whistleblowers are protected when going public if: they first reported internally or externally and no action was taken; there is an imminent or manifest danger to public interest; or there is a risk of retaliation or low prospect of the matter being addressed.
• Prohibition of retaliation: The directive lists prohibited forms of retaliation including dismissal, demotion, withholding of training, negative performance assessments, blacklisting, psychiatric referrals, and intimidation.
• Reversal of burden of proof: In retaliation proceedings, the burden falls on the employer to prove that any adverse action was not connected to the disclosure.
• Confidentiality: The identity of the reporting person cannot be disclosed without their explicit consent, except where required by national law in the context of investigations or judicial proceedings.

Step-by-Step Guide to Reporting Wrongdoing Safely

If you have evidence of government wrongdoing and are considering making a disclosure, the following steps will help you protect yourself while maximizing the impact of your report.

Step 1: Document Everything

Before you say a word to anyone, gather and secure evidence. Copy relevant documents, emails, memos, and data. Note dates, times, locations, and witnesses. Keep a detailed personal log of events as they unfold. Store copies in a secure location separate from your workplace — not on work devices or work email. The strength of your disclosure depends entirely on the quality of your evidence.

Step 2: Understand Your Legal Protections

Research which laws apply to your specific situation. Protections vary based on whether you are a government employee, a contractor, or a private sector worker; what sector you work in (financial services, healthcare, defense, etc.); what type of wrongdoing you are reporting; and what country and jurisdiction you are in. If possible, consult a lawyer who specializes in whistleblower law before making any disclosure. Many whistleblower attorneys offer free initial consultations.

Step 3: Choose Your Reporting Channel

You generally have three options, each with different risk profiles:

• Internal reporting: Report to your supervisor, compliance department, or inspector general. Lowest risk of legal complications, but highest risk if the organization itself is complicit in the wrongdoing.
• External reporting to regulators: Report to the relevant government agency (SEC, IRS, OSHA, GAO, etc.) or oversight body. Provides legal protections in most jurisdictions and access to financial reward programs where they exist.
• Public disclosure: Report to journalists or the public directly. Highest impact but also highest personal risk. Legal protections are weakest for public disclosures. This should generally be a last resort after internal and external channels have failed.

Step 4: Secure Legal Representation

Retain a whistleblower attorney before making your disclosure. An experienced attorney can help you navigate the appropriate reporting channels, ensure your disclosure meets the legal requirements for protection, negotiate with your employer or the government, and represent you if you face retaliation. Many whistleblower cases are handled on a contingency basis — the attorney is paid from any financial award or settlement.

Step 5: Make Your Disclosure

File your report through the channel you have chosen. Be factual, specific, and thorough. Describe what happened, when, where, who was involved, and what evidence supports your claims. Avoid speculation, emotional language, or exaggeration. Stick to what you know and can demonstrate.

Step 6: Protect Yourself from Retaliation

After making your disclosure, document every interaction with your employer meticulously. Save all emails, performance reviews, and meeting notes. If you experience adverse treatment — reassignment, demotion, hostile work environment, or termination — report it immediately to your attorney and the relevant oversight body. Timeliness matters: most retaliation complaints have filing deadlines ranging from 30 to 180 days.

Secure Communication Tools for Whistleblowers

Digital security is not optional for whistleblowers. Government agencies and large corporations have sophisticated monitoring capabilities. The following tools can help protect your identity and communications.

SecureDrop

An open-source whistleblower submission system originally designed by Aaron Swartz and now maintained by the Freedom of the Press Foundation. SecureDrop allows whistleblowers to submit documents and communicate with journalists through an entirely Tor-based system. Major news organizations that operate SecureDrop instances include The New York Times, The Washington Post, The Guardian, ProPublica, and dozens of others. No IP addresses are logged. No metadata is retained. The whistleblower communicates through a codename and never needs to provide any identifying information.

Signal

An end-to-end encrypted messaging application that protects the content of your communications from anyone other than the intended recipient — including Signal itself. Use it for communicating with attorneys, journalists, or advocacy organizations. Enable disappearing messages to limit the forensic trail. Signal requires a phone number to register, so consider using a number not linked to your identity if maximum anonymity is required.

Tor Browser

Routes your internet traffic through multiple encrypted relays, making it extremely difficult to trace your online activity back to your physical location or identity. Use Tor whenever researching whistleblower protections, visiting news organization tip lines, or communicating about your disclosure. Do not use Tor on work networks — the fact that someone used Tor on a specific network is itself detectable even if the traffic content is not.

Encrypted Email (PGP/GPG)

Pretty Good Privacy (PGP) encryption allows you to send emails that can only be read by the intended recipient. Use a dedicated email address created over Tor, separate from any personal or work email. Services like ProtonMail and Tutanota provide built-in encryption. For communicating with journalists, many publish their PGP public keys on their news organizations' websites.

Tails OS

A portable operating system that runs from a USB drive and routes all traffic through Tor. Tails leaves no trace on the computer it runs on — when you shut down, everything is erased from memory. This is the recommended operating system for high-risk whistleblowers who need to ensure no forensic evidence remains on any device.

What Happens After You Blow the Whistle

Understanding the process that follows a disclosure helps you prepare mentally and practically for what can be a long and difficult experience.

Investigation Phase

After your disclosure is received, the relevant body — whether an inspector general, regulator, or newsroom — will assess the credibility and significance of your information. This can take weeks to months. You may be asked for additional documentation or clarification. During this period, maintain your documentation and continue to record any relevant developments.

Organizational Response

If you reported internally, the organization will typically launch an investigation. Be aware that the investigation may be conducted by people who are themselves implicated or aligned with those you reported. If you have concerns about the independence of an internal investigation, report externally to the relevant regulator or oversight body as well.

Public Impact

If your disclosure reaches the public — through regulatory action, media reporting, or congressional hearings — be prepared for intense scrutiny. Your motives will be questioned. Your personal and professional history will be examined. Supporters of those you exposed will attempt to discredit you. This is predictable and survivable, but you should have a support network in place: legal representation, trusted friends and family who know the full story, and connections to whistleblower support organizations.

Resolution

Outcomes vary enormously. Some disclosures lead to criminal prosecutions, regulatory sanctions, policy changes, or legislative reforms. Others result in quiet internal corrections with no public acknowledgment. Some are buried or dismissed. The timeline from disclosure to resolution can span years. The SEC whistleblower program, for example, has an average processing time of over three years from initial tip to award determination.

Retaliation Protections and What to Do If Retaliated Against

Retaliation against whistleblowers is illegal in most democratic countries, but it remains common. A 2024 survey by the Ethics & Compliance Initiative found that 44% of employees who reported misconduct experienced retaliation. Recognizing and responding to retaliation quickly is essential.

Common Forms of Retaliation

• Employment actions: Termination, demotion, reassignment to undesirable duties, denial of promotion, reduction in pay or hours
• Hostile work environment: Exclusion from meetings, removal from projects, social isolation, hostile performance reviews, excessive scrutiny of work
• Administrative harassment: Frivolous investigations, revocation of security clearance, mandatory psychiatric evaluations, placement on administrative leave
• Legal threats: Threats of prosecution for mishandling classified information, breach of contract claims, defamation suits (strategic lawsuits against public participation, or SLAPPs)
• Informal retaliation: Blacklisting within the industry, negative references, harassment of family members, online harassment campaigns

Immediate Steps If You Experience Retaliation

1. Document everything. Record dates, times, witnesses, and details of every retaliatory act. Save emails, messages, and written communications.
2. Notify your attorney. If you do not have one, contact a whistleblower legal organization immediately (see resources below).
3. File a retaliation complaint. In the U.S., file with the Office of Special Counsel (federal employees), OSHA (private sector under SOX), or the relevant sector-specific body. Meet the filing deadline — missing it can forfeit your rights.
4. Preserve your mental health. Retaliation is psychologically devastating. Connect with whistleblower support groups and consider professional counseling. You are not alone — thousands of people have navigated this experience.
5. Do not resign. Constructive dismissal (making conditions so intolerable that you quit) is a common employer strategy to avoid wrongful termination liability. Consult your attorney before making any employment decisions.

Whistleblower Reward Programs

Several jurisdictions offer financial incentives for whistleblowers whose disclosures lead to successful enforcement actions. These programs recognize that insider information is the most effective tool for detecting fraud and that whistleblowers bear significant personal costs.

U.S. Securities and Exchange Commission (SEC)

The SEC Whistleblower Program, established by Dodd-Frank, awards 10-30% of sanctions collected in enforcement actions exceeding $1 million. The percentage is determined by factors including the significance of the information, the degree of assistance provided, the SEC's programmatic interest in deterrence, and whether the whistleblower reported internally first. Tips can be submitted anonymously through an attorney via Form TCR (Tip, Complaint, or Referral). As of 2026, the program has awarded over $2.2 billion to more than 400 individuals.

U.S. Internal Revenue Service (IRS)

The IRS Whistleblower Office awards 15-30% of collected proceeds in cases where the tax, penalties, interest, and other amounts in dispute exceed $2 million (and, if the taxpayer is an individual, their gross income exceeds $200,000). For smaller cases, the award is discretionary and capped at 15%, up to $10 million. Claims are filed on IRS Form 211. Processing times are notoriously long — often 7-10 years from submission to award — because the IRS must complete its examination and collect the tax before the award is determined.

U.S. Commodity Futures Trading Commission (CFTC)

Modeled on the SEC program, the CFTC Whistleblower Program awards 10-30% of sanctions exceeding $1 million in cases involving violations of the Commodity Exchange Act. The program covers fraud in derivatives markets, manipulation, spoofing, and other commodities violations.

UK HM Revenue & Customs (HMRC)

Unlike the U.S., the UK does not have a formal financial reward program for whistleblowers. HMRC does make discretionary payments for information leading to the recovery of unpaid tax, but these are not guaranteed, not governed by statute, and are generally modest. There have been ongoing calls from advocacy groups to establish a U.S.-style incentive program in the UK.

Organizations That Support Whistleblowers

Government Accountability Project (GAP)

Founded in 1977, GAP is the oldest and most established whistleblower advocacy organization in the United States. It provides legal representation, advocacy, and public education on behalf of whistleblowers. GAP has represented whistleblowers in cases involving nuclear safety, food safety, environmental protection, and government accountability. Website: whistleblower.org

Project On Government Oversight (POGO)

An independent watchdog organization that investigates and exposes waste, corruption, abuse of power, and other failures in the federal government. POGO maintains a confidential tip line and works with whistleblowers to bring their disclosures to the attention of Congress and the public. POGO also advocates for stronger whistleblower protection legislation. Website: pogo.org

Whistleblowers UK

A charity that provides support and advice to whistleblowers in the United Kingdom. Operates a helpline offering guidance on how to raise concerns, legal rights under PIDA, and practical support for navigating the aftermath of a disclosure. Website: whistleblowersuk.org

National Whistleblower Center (NWC)

A nonprofit educational and advocacy organization that works to strengthen whistleblower protections globally. NWC operates programs focused on anti-corruption, environmental protection, and financial fraud. It maintains extensive legal resources and a directory of whistleblower attorneys. Website: whistleblowers.org

Transparency International

The global coalition against corruption operates in more than 100 countries. While not exclusively focused on whistleblowers, TI advocates for strong whistleblower protections as a core component of anti-corruption strategy and provides support through its national chapters. Website: transparency.org

Courage Foundation

An international organization that supports whistleblowers and journalists who face legal prosecution or persecution for bringing important information to the public. Provides legal defense funds, public advocacy, and connects whistleblowers with legal teams. Website: couragefound.org

The Ethical Framework: When and Why to Blow the Whistle

Deciding whether to blow the whistle is one of the most consequential moral decisions a person can face. It requires weighing competing obligations — loyalty to your employer, duty to the public, personal safety, and professional consequences. There is no formula that provides a clear answer in every case, but the following framework can help structure your thinking.

The Threshold Test

Ethicists generally agree that whistleblowing is justified when all of the following conditions are met:

1. Serious harm: The wrongdoing involves significant harm to the public — not merely a policy disagreement, personal grievance, or minor procedural violation. The harm may be financial (fraud, waste), physical (safety violations, environmental damage), or to democratic principles (surveillance overreach, obstruction of justice).
2. Credible evidence: You have direct knowledge or evidence of the wrongdoing, not just suspicion or hearsay. The strength of your evidence determines whether your disclosure will lead to corrective action or simply expose you to retaliation without result.
3. Internal channels exhausted or futile: You have attempted to address the issue through internal channels, or you have strong reason to believe that internal reporting would be futile (the wrongdoing is sanctioned by leadership) or dangerous (retaliation is likely and protections are inadequate).
4. Proportionality: The potential public benefit of your disclosure outweighs the potential harms, including national security risks, privacy implications for third parties, and harm to yourself and your family.

Common Ethical Pitfalls

• Conflating personal grievance with public interest: Be honest with yourself about your motivations. A genuine whistleblower reports wrongdoing that affects others, not just wrongs done to them personally. Overlapping motivations are normal and do not disqualify a disclosure, but the core concern must be about public harm.
• Over-disclosure: Disclose what is necessary to demonstrate the wrongdoing, not everything you have access to. Indiscriminate disclosure of classified or sensitive information can endanger lives and undermine legitimate security operations without serving the public interest.
• Weaponizing disclosure: Using whistleblower protections as a shield for partisan attacks, competitive sabotage, or personal vendettas undermines the credibility of all whistleblowers and erodes public support for whistleblower protections.

Digital Security Checklist for Potential Whistleblowers

Before, during, and after making a disclosure, follow this checklist to minimize your digital exposure.

Before You Begin

• Never search for whistleblower information on work devices or work Wi-Fi networks
• Purchase a dedicated prepaid phone or laptop with cash — do not use loyalty cards or digital payment
• Create new email accounts using Tor Browser — do not link them to your real identity
• Install Signal on your dedicated device for secure communications
• Download and prepare a Tails USB drive for high-security operations
• Research your organization's monitoring capabilities — many employers log email, internet browsing, badge access, and printer usage

Handling Documents

• Understand that digital documents often contain hidden metadata (author name, edit history, unique identifiers) that can identify the source
• Remove metadata from documents before sharing — use tools like mat2 (Metadata Anonymisation Toolkit) or print and re-scan
• Be aware of steganographic tracking: some organizations insert invisible watermarks, unique spacing patterns, or micro-differences between copies distributed to different employees
• If photographing documents, disable location services on your camera and strip EXIF data from images
• Never email documents from your work account to your personal account — this creates a clear forensic trail

Operational Security

• Compartmentalize: do not tell friends, family, or colleagues about your plans until you have made the disclosure and are prepared for the consequences
• Vary your routine — do not access sensitive files at unusual times or in unusual volumes, as anomalous access patterns trigger security alerts
• Use public Wi-Fi (not near your home or workplace) for sensitive communications, and always through Tor or a VPN
• Disable Bluetooth, NFC, and Wi-Fi on your dedicated device when not actively using them
• Consider the timing of your access — if a specific document was accessed by only three people in a given timeframe, encryption will not protect you

After Disclosure

• Securely wipe any temporary files or devices used during the disclosure process
• Continue to use secure communication channels with your attorney and any journalists you are working with
• Monitor your credit reports and online accounts for signs of surveillance or retaliation
• Maintain your documentation of the disclosure process — dates, methods, and what information was shared with whom
• Stay connected with whistleblower support organizations for ongoing advice and community