Assess, investigate and deal with public interest disclosures
The Public Interest Disclosure Act 2010 (PID Act) requires chief executive officers of public sector entities to establish procedures to ensure that:
- public officers of the entity who make Public Interest Disclosures (PIDs) are given appropriate support
- public officers are offered protection from reprisals
- the entity has a management program for PIDs, in accordance with the Public Interest Disclosure standards
- PIDs made to the entity are properly assessed and investigated
- appropriate action is taken in relation to any wrongdoing that is the subject of a PID.
As the oversight agency under section 60 of the PID Act, the Queensland Ombudsman may make standards about the way in which public sector entities are to:
- facilitate the making of PIDs
- perform their functions under the PID Act
- protect people who make PIDs from reprisal.
Standards are binding on public sector entities.*
On 1 March 2019 Public Interest Disclosure Standard No. 2/2019 - Assessing, Investigating and Dealing with Public Interest Disclosures (PDF 169.4KB) (PID Standard 2/2019) came into effect.
PID Standard 2/2019 sets out the organisational systems and procedures that public sector entities should have in place to meet their obligations under the PID Act to assess and manage PIDs, and support people making disclosures of wrongdoing.
A Model Public Interest Disclosure Management Process Guide (PDF 105.7KB) has been developed by the Office of the Queensland Ombudsman, that provides an overview of the key steps in managing a PID.
A Public Interest Disclosure Management Guide to Internal and External Review Rights (PDF 260.1KB) sets out the mechanisms for internal and external review of decisions made under the PID Act.
Assessing information received
PIDs are reports of wrongdoing or danger, which differ from other complaints in that public sector entities have specific obligations under the PID Act to:
- communicate certain information to the discloser (the person making the PID)
- provide support through the management of the disclosure
- take proactive steps to identify any risks of reprisal and put in place protective measures.
All information received by a public sector entity should be assessed to determine whether it could be a PID.
- telephone calls from members of the public
- all correspondence received (emails, letters and faxes)
- written complaints from employees
- verbal concerns raised by employees.
A Public Interest Disclosure Assessment Guide (PDF 238.4KB) has been designed as a step by step checklist to help entities make a decision as to whether information meets the tests to be assessed as a PID.
The checklist will assist the assessor to decide if the information is:
- an appropriate disclosure
- of public interest information
- made to a proper authority.
What if a ‘PID’ is not a PID?
Where a person provides information and states that it is a PID, but the information is assessed as not meeting the tests under the PID Act, the agency should make and keep a written record of the assessment decision, including factors considered in reaching that decision.
A written decision should be given to the person explaining:
- the assessment that the information is not a PID
- the information relied on in making that decision
- the name of the delegated officer
- the right of review of the decision and how to exercise that right.
The person should also be advised of how their information will be acted upon, for example, through the entity’s complaints management system (CMS), Administrative Action Complaints Process (for a local council) or employee grievance procedure.
What if the ‘PID’ is not made to the ‘proper authority’?
The assessment may determine that the information would be a PID, except that it has not been made to the ‘proper authority’ (that is, one of the officers or agencies listed in the PID Act who can properly receive a PID).
In accordance with Standard 2/2019, the public sector entity should:
- if contact details are available, seek consent from the discloser to forward the information to a proper authority, or
- if the discloser is anonymous, forward the information to a proper authority, or
- invite the discloser to forward the information to a proper authority and provide them with the information to assist them to do so.
If information is forwarded to another proper authority on behalf of the discloser, this should be confirmed in writing to the discloser for their records.
What if there is another, more appropriate ‘proper authority’?
If a public sector entity receives a PID (either directly under section 15 of the PID Act or on referral from a member of the Legislative Assembly under section 34 of the PID Act), it may decide to refer the PID to another proper authority because:
- the PID is about the conduct of the other proper authority
- the PID is about the conduct of an officer of the other proper authority
- the PID is about the public sector entity or another matter, and the other proper authority has the power to investigate or remedy the matter.
The PID Act states at section 31(3) that a public sector entity must not refer the PID to another proper authority if there is an ‘unacceptable risk that a reprisal would happen because of the referral’.
The public sector entity should conduct a risk assessment, in consultation with the discloser if practicable. If the discloser is anonymous, the public sector entity should conduct the risk assessment taking into account the information disclosed in the PID and any other information reasonably available. The confidentiality of the discloser should be protected in conducting the risk assessment. The outcome of the risk assessment should be recorded in writing, including the decision whether to proceed to refer the PID and the reasons for that decision.
A Public Interest Disclosure Risk Assessment and Risk Management Guide (PDF 205KB) has been designed to assist public sector entities to assess the risk of reprisal.
If the PID is forwarded to another proper authority, this should be confirmed in writing to the discloser for their records.
Deciding what action to take
Once information has been assessed as a PID, the public sector entity must decide what action to take. Section 30(1) of the PID Act permits the entity to decide not to investigate or deal with a PID if:
- it has already been investigated or dealt with by another appropriate process
- it should be dealt with by another appropriate process
- the age of the information makes it impracticable to investigate
- it is too trivial to warrant investigation and dealing with it would substantially and unreasonably divert resources of the entity from the performance of its functions
- another entity that has jurisdiction to investigate the PID has advised that an investigation is not warranted.
If an entity decides to take no action it must:
- record the information relied upon in making a decision to take no action
- record the ground or grounds under section 30(1) of the PID Act on which it relied to make the decision, the reasons for decision and the delegated officer
- provide the discloser with written reasons for decision
- advise the discloser of their right to request a review by the chief executive officer within 28 days of receiving the written reasons.
Taking action on a PID need not necessarily involve a complex, costly investigation. Depending upon the nature of the information disclosed, options may include:
- managing the PID in accordance with the entity’s complaints management system (CMS) or Administrative Action Complaints Process (for a local council)
- managing the PID in accordance with the entity’s employee grievance procedure
- conducting an audit
- conducting a review of the implementation of or effectiveness of policies or procedures.
However, where the PID concerns corrupt conduct, the entity is required to refer the matter to the Crime and Corruption Commission (CCC) in accordance with sections 37-39 of the Crime and Corruption Act 2001, and to guided by the CCC on what action to take.
Keeping the discloser informed
When a PID has been made, the PID Act requires that the discloser be provided with:
- written confirmation of the receipt of the PID
- a written description of the action taken or proposed to be taken in respect of the PID.
In practice, PIDs often take some time to be resolved and regular communication with the discloser and updates on the action being taken will reassure the discloser that the PID is being taken seriously.
Assessing and managing the risk of reprisal
As soon as possible after receiving a PID, the chief executive of a public sector entity must determine the level of protection and support appropriate for a discloser by conducting a risk assessment.
A Public Interest Disclosure Risk Assessment and Risk Management Guide (PDF 205KB) has been designed to assist public sector entities to assess the risk of reprisal and to manage the reprisal risk to parties that are involved in a PID.
Managing confidentiality is one strategy for helping reduce the risk reprisal.
Providing support to disclosers
Research shows that one of the most effective ways to protect a discloser from experiencing negative consequences from making a PID is to provide effective support.
The PID Act requires that chief executive officers must establish reasonable procedures to ensure that disclosers are given appropriate support. PID Standard 2/2019 provides further guidance on the requirements public sector entities need to comply with.
A PID Support Officer should be assigned to the discloser as soon as practicable after the PID is assessed.
When selecting a PID Support Officer for a discloser consider:
- Does the officer have appropriate authority and knowledge about PID processes?
- Is the officer sufficiently removed from the current PID process?
- Does the officer have an established relationship with the discloser or do they have the ability to build necessary rapport?
- What assistance will the discloser need (or are they likely to need) and is the proposed officer available and able to provide that assistance?
The nominated PID Support Officer should be briefed about their role and the PID case, but only to the extent necessary to provide effective support. They should also be advised of their obligations in relation to confidentiality under section 65 of the PID Act.
Depending on the nature and context of the PID, the PID Support Officer’s role may include:
- acknowledging to the discloser that making the PID was the right thing to do and is appreciated by the entity
- reaffirming that the discloser will be supported
- providing practical support such as helping the discloser to manage their expectations and mentally prepare for stressful situations
- providing information about the process (including confirming that the investigator’s primary role is to objectively investigate the matter) and providing updates about the case to the discloser
- providing information about access to professional support services such as employee assistance
- monitoring for signs of detriment or reprisal
- proactively contacting the discloser to check on their well-being.
In addition to the nominated PID Support Officer, in some cases it may be appropriate for the entity to nominate a peer support officer for a discloser who is an employee. For example, a trusted and experienced colleague may be well positioned to offer additional support to the discloser by being a sounding board and offering positive reinforcement. In some circumstances, it may be appropriate for a peer support officer to attend interviews or meetings with the discloser. Where a peer support officer role is being considered, the discloser and the entity’s PID Coordinator should be consulted to ensure the proposed officer is not connected to the PID investigation and is appropriate for the role.
A peer support officer should be briefed about the scope of their role and the importance of confidentiality in the PID process.
*Except where the shareholding Ministers have not notified the Board of a Government owned corporation that the standard will apply.