> It seems like a web-based reporting system may also provide a better level of security protection by encrypting the channel & contents of the communication vs. less secure email. Separate thread. You *might* want to accept PGP. Or put a notice (in the policy, on the website) that since this is handled by a team, rather than have a shared PGP key, use the webform since the PGP will be decrypted once it enters "processing." :)
