What should reporting policies protect regarding confidentiality?

• A. Publicly disclose all reports to deter misconduct.
• B. Procedures to protect sensitive information while complying with laws.
• C. Delete all records after one week.
• D. Share details only with the team lead.

Answer: (B)

Protecting confidentiality means safeguarding sensitive information and limiting access to those who need it, while still following laws and regulations. This is why the best approach is to have procedures that protect sensitive information and ensure compliance with applicable laws. In practice, this involves secure storage, access controls, data minimization, and clear rules about who can see what, along with knowing when disclosures are legally required or permitted.

Publicly disclosing all reports would expose private details and could put people at risk of retaliation, so that option undermines confidentiality. Deleting all records after a short period would prevent proper investigations, audits, and compliance with record-retention requirements. Sharing details only with the team lead is too restrictive and could leave necessary authorities, human resources, or other mandated parties without access when their involvement is required.