Article 61
1. Member States shall ensure that competent authorities, as well as, where applicable, self-regulatory bodies, establish effective and reliable mechanisms to encourage the reporting to competent authorities, as well as, where applicable self-regulatory bodies, of potential or actual breaches of the national provisions transposing this Directive.
For that purpose, they shall provide one or more secure communication channels for persons for the reporting referred to in the first subparagraph. Such channels shall ensure that the identity of persons providing information is known only to the competent authorities, as well as, where applicable, self-regulatory bodies.
2. The mechanisms referred to in paragraph 1 shall include at least:
(a) specific procedures for the receipt of reports on breaches and their follow-up;
(b) appropriate protection for employees or persons in a comparable position, of obliged entities who report breaches committed within the obliged entity;
(c) appropriate protection for the accused person;
(d) protection of personal data concerning both the person who reports the breaches and the natural person who is allegedly responsible for a breach, in compliance with the principles laid down in Directive 95/46/EC;