Compliance - Digital tools and personal support

Below is a lightly edited version of an interview (in Swedish) we conducted with Sara Johansson, who works with whistleblowing assessments at Lantero. We asked her what new case officers need to keep in mind when they start handling whistleblowing cases, what types of situations they may encounter, and which common pitfalls to watch out for. Interviewer: When someone steps into a role as a new case officer in a municipality and begins working with the whistleblowing function, what should they keep in mind or expect? Sara Johansson: You’ll need to find a way to separate the wheat from the chaff, because many of the reports you receive are not, in fact, whistleblowing cases. They may involve an employee having issues with their manager, comments on organisational efficiency, or opinions on how things are structured. These are typically not whistleblowing matters. Then there are cases where there is actually something to look into. In those situations, you need to determine whether the reporting individual belongs to the protected group under the legislation, and whether the report concerns a public-interest wrongdoing. This might involve signs of corruption, serious conflicts of interest, or questionable recruitment processes carried out without proper advertising. In some types of operations, there may also be risks to patient safety or collaboration difficulties in critical environments. The key is to identify and distinguish these cases from the rest. Interviewer: There is a lot of legislation underlying this work, and case officers need to apply it in their assessments. And in many organisations—especially smaller ones—actual cases are infrequent. How should one stay up to date on these issues? Sara Johansson: One challenge is that there are very few court decisions in this area, which means there's not much case law to rely on. My recommendation is therefore to read everything that is published: follow relevant accounts on LinkedIn—ours, for example—and stay updated on news reporting around the topic. At the same time, you need to keep in mind that there is a clear sequence for handling these cases: there must be a wrongdoing, and it must concern a group defined as the public. Interviewer: And if someone has questions? Sara Johansson: Then they contact Lantero. Interviewer: Do you have an example of a situation that may arise—something many case officers will encounter early on? Sara Johansson: Do you want an example of a case that isn’t a whistleblowing matter? Because most cases are not. Interviewer: Yes, describe that type of case. Sara Johansson: The most common goes something like: “You have to do something. We can’t take it anymore. Our manager has completely lost control.” Then follows a long description of everything that is not working. This is by far the most common scenario. Interviewer: And what is your advice to the client in that situation? Sara Johansson: My advice is to explain that this is not a serious wrongdoing under the law, but something that needs to be addressed through another process. Often, you raise it within the organisation as a tip—an indication that the organisation should take a closer look at how the work environment is functioning—rather than treating it as a whistleblowing case. Interviewer: If you have further thoughts or questions on this topic, you are very welcome to contact us. Otherwise, we wish you the best of luck—and thank you for watching.

When a public authority receives a request to disclose documents, the same question often arises: how much may – or must – we redact in a whistleblowing case? Many case officers find this difficult, as whistleblowing cases involve sensitive information while the principle of public access imposes strict requirements to release documents. We interviewed Andreas Wahlström (in Swedish), who works with assessments and redaction of whistleblowing cases at Lantero. He explains both the legal requirements and the practical challenges faced by municipalities and government agencies. Andreas reminds us that public documents are, as a rule, public. This means that “anyone has the right to request a whistleblowing report.” But the obligation to disclose also comes with a significant responsibility to redact. This applies to both directly identifying information and indirect details that could reveal the whistleblower. Redaction is therefore a central part of managing whistleblowing cases. The legal basis primarily comes from two chapters in the Swedish Public Access to Information and Secrecy Act: OSL Chapter 32, Section 3 b and OSL Chapter 17, Section 3 b. These regulate the protection of reporting individuals – as well as other persons mentioned in the report. In practice, the guidance is clear: redact rather more than less. If there is any uncertainty, the case officer should act cautiously to protect everyone involved. For many case officers in municipalities and government agencies, redaction is still a manual process. Andreas notes that in the past six months, new tools have emerged that make the work both faster and safer. These tools propose what should be redacted, simplify the workflow, and help the case officer produce a document that can be safely disclosed. One such example is Lantero Redact, a tool developed to help public-sector organisations manage redaction in accordance with legal requirements. It provides concrete suggestions on what to redact, is easy to use, and ensures that the material is properly anonymised before disclosure. For those who want to dive deeper or need support in a specific case, Andreas and the team at Lantero are available to help. Redaction is not only a legal requirement – it is also a crucial part of maintaining trust in the whistleblowing function and protecting reporting individuals.

Lantero interviewed Therese Forsberg, an investigator at the Department of Administration in Uddevalla Municipality. Therese works with redaction of documents in response to requests for public records, and she has been using Lantero Redact over the past months — receiving AI-based support for assessment and redaction. Below is a slightly shortened version of the interview. (Video version is in Swedish) Interviewer: Uddevalla is a municipality with around 60,000 residents. When it comes to requests for public records, what kind of volumes are you dealing with? Interviewee: It varies. It depends on what’s happening in the organisation. When incidents occur that lead to deviations or Lex Sarah cases, the volume increases. We also have some media outlets that submit weekly requests for all incoming records from the past week. That’s the case for municipalities across Sweden — some outlets do this continuously. So the amount can fluctuate a lot, especially if serious cases have come in. Interviewer: To what extent is this possible to plan for? Interviewee: Some parts are always manageable, but it becomes difficult when large volumes come in — sometimes thousands of documents. We don’t have a dedicated person working on this full-time, so our department has to share the workload. How the process used to work Interviewer: What did the routines look like before? Interviewee: We did everything the old-fashioned way. We printed out the documents and redacted them manually using Tipp-Ex. Then we copied and scanned them before sending them off. Adobe has some tools, but they haven’t been reliable. You could sometimes lift off the redaction digitally, so we always had to print and scan everything anyway. It was time-consuming and difficult to manage when working remotely. How the work is done now Interviewer: What does the routine look like now? Interviewee: It’s much faster. With the redaction service, we can mark what we want to redact digitally and save it directly. We avoid all the printing and scanning, which saves a lot of time. I also feel that we have better oversight of the documents and the process. Interviewer: One idea with the AI support is that more people could participate in the work by accepting or rejecting suggested redactions. Have you started expanding that responsibility? Interviewee: Not yet. We’ve involved some colleagues, but they have the same level of knowledge as we do. So for now, the responsibility remains within our department. Model training and new updates Interviewer: You recently received an updated version of the service. Have you had a chance to test the new capabilities? Interviewee: Very briefly, but what I saw looked good. I need to test it more before I can say anything definite. Interviewer: Do you think the assessments look similar across different municipalities? Interviewee: Yes, I think so. We all work with the same types of documents and the same regulations. The goal is always to protect the individual and avoid revealing personal data. That should lead to similar approaches to what needs to be redacted. User experience of the service Interviewer: Any final reflections? Interviewee: The service has been easy to use. We’ve found it user-friendly and free from issues. It has worked throughout the entire test period, which has been very valuable since we’ve had unusually large volumes of cases recently.