Page 5 of 6
other House staff;
ii.
The password protect feature in applications, such as the Microsoft Office
suite, before attaching that file to an email; or
iii.
[IF OFFICE POLICY PERMITS] An application that provides end-to-end
encryption of messages and attachments, e.g., Signal, https://signal.org
;
k.
Hard-copy information and removable media in transit will be labeled, securely
wrapped, and affirmatively tracked;
l.
Individual House policies and procedures will be followed to return electronic
media containing House sensitive information when no longer needed or when
leaving employment with the House; and
m.
Printed documents containing House sensitive information will be shredded
when no longer needed in accordance with House records requirements.
12
12.
Third party sharing.
The general prohibition, under the House Code of Official Conduct, on public disclosure of
the identity of, or personally identifiable information about, a whistleblower will guide any
third-party sharing of sensitive whistleblower information: Information will not be shared
outside the Office without the prior, written consent of the whistleblower.
13
However,
limited exceptions will be made for the purpose of confidential consultations with House
support offices, such as Office of General Counsel, the Committee on Ethics, and the Office
of the Whistleblower Ombuds.
a.
The Office may (notwithstanding the exceptions in Clause 21 of the House
Code of Official Conduct) share sensitive whistleblower information outside
of the Office under the following conditions.
14
i.
Prior to any third-party sharing, the terms of the third party’s future use of the
information, including further sharing and public release, will be negotiated.
The whistleblower will be invited to participate in this negotiation or specify in
advance any requested boundaries around the use of their information.
ii.
On a case-by-case basis, identifying information and metadata will be stripped
out or masked before sharing. The whistleblower will be invited to inspect what
is to be shared to help ensure the adequacy of this process.
iii.
Sensitive information will be encrypted when transmitted on any public
access system, such as e-mail or via the internet.
15
12
Consult the Office of Art and Archive, a division of the Office of the Clerk, for records management advice and assistance with
identifying records for permanent retention; see
https://housenet.house.gov/campus/service-providers/office-of-the-clerk/office-of-art-
and-archives
13
Sensitive information will not be shared with Artificial Intelligence (AI) tools (e.g., ChatGPT+) that are not approved for sensitive
information; If/when any AI tools are approved for sensitive information, the guidance in this section will remain relevant for
protecting whistleblower information.
14
This may also entail sharing a whistleblower’s identity with a federal agency to obtain the release of records pertaining to the
whistleblower (after execution of a Privacy Act and HIPAA release). In cases where the whistleblower has requested confidentiality, the
use of a privacy release to obtain documents from the agency increases the likelihood that the whistleblower’s identity will be revealed.
In those cases, alternative channels for obtaining the information should be identified and used. Consult the Office of the Whistleblower
Ombuds for further guidance.
15
See section 11, above.