Reporting channels are an important complement to AUPs and a significant mechanism to identify non-compliance. While many companies have hotlines or ethics lines for internal employees, very few have channels specifically designed to receive feedback on how their products and services are being used, or more specifically, if they are being misused or abused. Companies should consider who should host the reporting channel (e.g., the SaaS provider, the customer or company deploying the technology, or both), and what types of reports might be reasonably anticipated on each. We recommend that each company establish its own reporting channel or integrate external reporting mechanisms into existing hotlines and “speak up” channels. Key characteristics of these reporting channels, based on international best practice (such as principle 31 of the UNGPs), include: Accessible: known by those for whose use they are intended; with language, accessibility, prominence, and other factors considered Predictable: provide known procedures with clear communications with the reporter at each stage Equitable: clear information and guidance on how to use Source of learning: gain insights into misuse to improve AUPs, gating, etc. Transparency Reports SaaS companies have reported limited interaction with law enforcement agencies today; however, global trends show increased government demands for data from a wider range of companies. Responding to overly broad law enforcement requests for user data could raise human rights concerns, especially when those requests come from countries with weak rule of law or poor human rights track records. Companies receiving law enforcement and government requests for data should begin publishing annual transparency reports that elaborate on the requests received and the company response. 42 Human Rights Assessment of the Software-as-a-Service Sector
Human Rights Assessment of the Software-as-a-Service Sector Page 42 Page 44