AI in the Public Sector: Protecting Whistleblowers While Enhancing Safety Oversight
Artificial intelligence can help agencies detect workplace hazards faster and strengthen safety investigations—if it’s designed with privacy protections that earn worker trust.
- By Shannon Walker
- Sep 25, 2025
Public sector agencies operate under constant pressure to safeguard both workplace safety and employee rights. Artificial intelligence (AI) bridges this gap by reshaping how organizations can detect safety risks and streamline investigations. That’s because AI can analyze patterns across multiple reports, providing faster insights into hazards and misconduct. Leveraging AI, workplace leaders can then take a proactive approach in preventing harm to whistleblowers.
Laws such as the Commodity Exchange Act and programs like the SEC Whistleblower Program require workplaces to safeguard whistleblower information to protect the identities of whistleblowers. With AI, public sector organizations can receive insights into workplace risks while integrating privacy-by-design to ensure legal compliance.
The Public‑Sector Legal Baseline: What Must be Protected
From the healthcare industry to corporate executives, the U.S. government requires protection when integrating AI into whistleblowing programs. This involves meeting the standards of various programs and regulations, some of which only apply to specific industries, like construction. General protection regulations include:
Whistleblower Protection Act: Founded in 1989, the act safeguards federal employees who report misconduct such as corruption, abuse or other illegal activities. This also bars agencies from retaliating against employees by demoting them due to reduced pay.
Whistleblower Protection Enhancement Act (WPEA): In 2012, an enhancement to the above Act was passed to provide stronger protections for federal employees who report misconduct, bridging any gaps in protection with additional clarification.
Whistleblower Protections for Contractor Employees: Prevents contractors or subcontractors from discriminating or retaliating against an employee.
U.S. Office of Special Counsel: A whistleblower’s identity is protected unless they give consent, or in extreme cases, such as if they face imminent danger or violation of criminal law.
The Privacy Act of 1974: A law that holds federal agencies accountable for protecting an individual's personal information.
What “Responsible AI” Now Means in the U.S. Government
AI is nearly everywhere, and has now made its way to many workplaces as a valuable time-saving tool. Yet, privacy concerns with AI technology have led to numerous federal AI policies that organizations must navigate if they want to adopt these platforms. The AI Risk Management Framework is a voluntary framework that offers “best practices” for using AI while mitigating its associated risks.
Adopt Risk-Based AI Governance: Establish long-term governance processes in addressing AI risk management as a long-term process. Verifying its technical risks, such as bias or reliability, and socio-technical risks from how human behaviour can affect it. This ensures AI doesn’t inadvertently expose identities or amplify retaliation risks.
Focus AI on Human and Social Responsibility: Design the AI framework from the start to be human-centric. Emphasizing its use to employees by encouraging them to think critically about its positive and negative aspects to promote responsible use. Ensuring the AI systems are used responsibly in the context of social responsibility can encourage trust within the organization.
Design for Trustworthiness: Follow the National Institute of Standards and Technology (NIST), which highlights key components that outline trust between humans and AI systems. The standards include performing tasks reliably, preventing misuse, providing a clear audit trail to maintain accountability, and explaining the output to the user. Mitigate data exposure risks and actively identify harmful bias, while providing privacy-enhanced features.
How AI Helps Safety and Ethics Teams
While AI may pose security concerns, its benefits can significantly help in preventing non-compliance risks.
Signal Amplification
AI can take many seemingly unrelated reports from hotlines, web portals or mobile apps to group them up. For example, several minor complaints about broken equipment might reveal a systemic hazard that warrants urgent inspection. Flagging issues through pattern discovery without needing a direct inspection or knowing the identities of the whistleblowers can then encourage more employees to report hazards.
According to a 2025 U.S. research report, 81% of employees have witnessed workplace misconduct, but only 72.1% of those reported it. Meanwhile, 77.8% believe AI-powered whistleblowing software can encourage more employees to make reports, as they feel the process is more confidential.
Prioritization
AI can triage incoming cases, flagging reports with words or patterns that suggest imminent danger, such as “bribe” or “leak,” and signal retaliation risk, like a report stating, “My boss said not to tell anyone.” Managers and investigators can act faster on higher-risk cases, rather than treating all reports equally in the queue.
According to the report, approximately 16% of employees find the current whistleblowing systems in their workplaces ineffective or aren’t confident in their effectiveness. Integrating the AI-powered measures to prioritize the more urgent reports could help strengthen the trust surrounding the system.
Program Insight
Once AI begins to integrate, workplaces can compare data about reports, such as how they were submitted, time-to-close, and the type of issue. Investigation outcomes can enable AI to identify which policies, training, or reporting channels are effective, while highlighting those that require refinement. For example, if most substantial cases come from anonymous web submissions, that suggests employees may feel safer reporting when their identity remains confidential.
According to the report, research revealed that most employees would prefer to report to phone hotlines, along with AI voice and chatbots, compared to a physical HR department. AI is empowering whistleblowing by safeguarding employee identities, potentially enabling leadership to improve their speak-up culture.
Privacy Downside: Where AI Can Put Whistleblowers At Risk
Implementing AI may still pose its own privacy risks; understanding how they can arise is crucial to staying ahead of them.
Freedom of Information Act (FOIA) Risks: The FOIA allows the public to request and view records from federal agencies. Public agencies face an additional risk as records may be subject to FOIA requests, meaning they will need to redact the data before releasing potentially sensitive information.
Re-Identification Risks: Even with a whistleblower’s name removed, AI systems may analyze additional metadata, such as timestamps, office location, job title, and device data.
For example, if only one employee is working early in the morning, it becomes more challenging to conceal their identity.
Cross-Linking Risks: AI can combine information from various systems, such as incident logs, HR data or email records. Doing so is essential for investigations, but it can expose who made the report.
For example, if an employee reports their “new” supervisor, but only one team received a “new” supervisor, it narrows down their identity.
Trust Risks: Organizations play a vital role in ensuring employee data and reports are well-protected. If employees believe AI systems might expose their identity, they may choose not to report.
For example, a third of employees from the 2025 research report state they are not comfortable reporting misconduct, and 33.2% have witnessed retaliation against whistleblowers.
Design principles: how to get visibility and protect identity
The challenge for public sector organizations is to strike a balance between transparency and privacy within the system from the outset. Several practical principles can help agencies maximize the benefits of AI-enabled reporting while maintaining trust and compliance.
Offer multiple intake methods: Provide employees with the option to report concerns through the channel they find most comfortable, such as via mobile apps or an anonymous phone line. Two-way communication tools allow follow-ups without revealing the whistleblower’s identity.
Separate identity from the case: Store reporter details apart from narrative case files. Access should be limited to those in roles who require case information, aligning with regulatory standards.
Proactive de-identifying: De-identify sensitive details, such as names, unique job roles, or shift times, should be stripped at intake and reintroduced only under controlled conditions.
Plan for disclosure risk: Implement redaction workflows subject to FOIA requests that align with standards under Exemptions 6 and 7(C).
Keep humans in the loop: Require staff review for high-risk triage flagged. While AI can flag potential high-risk cases, it should work as an enhancer, not a replacement for human expertise.
Protect trust with oversight: Test regularly for bias, conduct employee surveys, and provide transparent reporting on retaliation prevention. This helps employees understand AI’s role as an aid to safety, not a threat to their privacy.
Trust is the Throughput
Artificial intelligence has the potential to transform the foundation for public sector whistleblowing programs, providing agencies with sharper visibility into risks and faster ways to address hazards. But its success hinges on one factor above all: trust. If employees doubt their privacy will be protected, they will stay silent, and safety risks will go undetected.
The path forward requires designing AI systems from the outset that embed privacy, accountability, and human oversight into every stage of the process. Balancing visibility with privacy ensures workplaces become safer for everyone.