Record and report public interest disclosures

The Public Interest Disclosure Act 2010 (PID Act) requires chief executive officers of public sector entities to establish procedures to ensure that:

• public officers of the entity who make Public Interest Disclosures (PIDs) are given appropriate support
• public officers are offered protection from reprisals
• the entity has a management program for PIDs, in accordance with the Public Interest Disclosure standards
• PIDs made to the entity are properly assessed and investigated
• appropriate action is taken in relation to any wrongdoing that is the subject of a PID.
  
  

As the oversight agency under section 60 of the PID Act, the Queensland Ombudsman may make standards about the way in which public sector entities are to:

• facilitate the making of PIDs
• perform their functions under the PID Act
• protect people who make PIDs from reprisal.
  
  

Standards are binding on public sector entities.

On 1 March 2019 Public Interest Disclosure Standard No. 3/2019 - Public Interest Disclosure Data Recording and Reporting (PDF 138.6KB) (PID Standard 3/2019) came into effect.

PID Standard 3/2019 sets out the organisational systems and procedures that public sector entities must establish to meet their obligations under section 29 of the PID Act to keep proper records of PIDs and under section 33 to give information to the oversight agency.

Record-keeping

Public sector entities must establish and maintain a PID record-keeping system that is appropriate to the nature, size and geographic spread of the entity to record PIDs and possible PIDs.

Under the PID Act the entity must keep a record of:

• the name of the person making the disclosure (if known)
• the information disclosed
• the name of the entity that referred the disclosure (if relevant)
• any action taken on the disclosure, and
• all other information required under a standard made under section 60 of the PID Act. 
  
  

As set out in PID Standard 3/2019, an entity’s PID record-keeping systems must be:

• accurate
• complete
• secure
• confidential.

Reporting to the oversight agency

Public sector entities are required to report data about PIDs they receive to the Office of the Queensland Ombudsman.  In accordance with the PID Act, the Queensland Ombudsman is required to report annually to Parliament on the PIDs made across the public sector.

The RaPID public interest disclosure database is a bespoke reporting tool that has been designed to facilitate secure, efficient data collection. Entities can nominate users who are to be given password protected access to report data.  Entities can only view data entered by their own agency and can produce reports of PIDs received by their entity from RaPID.  Completing the data fields in a PID case in RaPID will meet the requirements of  PID Standard 3/2019.

Confidentiality

A key obligation in managing PID records is ensuring that the confidentiality requirements of section 65 of the PID Act are met.

Section 65 provides that if a person obtains confidential information because of their involvement in the administration of the PID Act they must not make a record of the information, or intentionally or recklessly disclose the information to anyone, except in certain specified circumstances.

There is a penalty for disclosing information in breach of section 65(1) of the PID Act.

What is confidential information?

Confidential information for the purposes of the PID Act includes:

• identifying information about the person who makes a PID (discloser)
• identifying information about the person about whom a PID is made (subject officer)
• the information contained in the PID
• information about an individual’s personal affairs
• information that, if disclosed, may cause detriment to a person.
  
  

When can confidential information be disclosed?

The circumstances where is it permissible under the PID Act to make a record of or disclose confidential information include:

• for the purpose of administering the PID Act (for example, to make a record required under the PID Act or refer a PID to another public sector entity)
• to comply with another Act (for example, to refer a PID of corrupt conduct to the Crime and Corruption Commission as required under the Crime and Corruption Act 2001)
• for a proceeding in a court or tribunal
• if the person to whom the confidential information relates provides written consent
• if it is not reasonable to obtain the person’s consent, and making the record or disclosing the confidential information is unlikely to harm the interests of the person and is reasonable in all the circumstances (for example, to refer a PID to another proper authority for action)
• if the person making the record or disclosing the information believes it is necessary to provide for the safety or welfare of a person (for example, to arrange for external counselling to be provided to the discloser or a witness).
  
  

How is natural justice balanced with confidentiality?

The requirement under section 65 of the PID Act to protect confidential information does not affect an obligation under the principles of natural justice to disclose information to a person whose rights would otherwise be detrimentally affected.

However, in accordance with section 65(5) of the PID Act, the identity of a person who makes a PID can only be disclosed if:

• it is essential to do so under the principles of natural justice, and
• it is unlikely a reprisal will be taken against the person making the PID because of the disclosure.
  
  

Before disclosing the identity of a person making a PID as part of a disciplinary process, show cause process or other circumstance where natural justice must be afforded, an officer of a public sector entity must:

• consider whether there is sufficient information and evidence that can be put to the subject officer without including the identity of a person making a PID
• if not, and disclosure of the identity of a person who made a PID is contemplated, conduct a risk assessment to assess the likelihood of reprisal action being taken if the identity of the person was disclosed, and
• make and keep a record of the decision whether or not to disclose the identity of a person making a PID, the information taken into account, and reasons for decision.
  
  

A Public Interest Disclosure Risk Assessment and Reprisal Management Guide has been assigned to assist public sector entities to assess the risk of reprisal.

How can confidentiality be protected?

Proactive steps that public sector entities can take to protect confidential PID information include:

• clearly explain confidentiality obligations in the entity’s PID procedure
• provide information and training to employees about confidentiality obligations, including obligations related to social media
• provide adequate training on managing confidentiality to officers who may be involved in managing PIDs
• limit the number of officers involved in the assessment and management of the PID
• as soon as possible after identifying a PID advise the discloser of their obligations to maintain confidentiality, and whom they can discuss the PID with if needed
• advise witnesses who are interviewed in the course of any investigation of the PID of their obligations to maintain confidentiality
• advise the subject officer of their obligation to maintain confidentiality at the point at which they are informed about the allegations made about their conduct
• securely store hard copy records
• implement effective security measures to protect electronic records.

PIDs and RTI

Section 12, Schedule 3 of the Right to Information Act 2009 provides that:

(1) Information is exempt information if its disclosure is prohibited by 1 of the following provisions –
    …

• Public Interest Disclosure Act 2010, section 65(1)
  
  

This means that information that is ‘confidential information’ under the PID Act is exempt from disclosure under the Right of Information Act 2009.

For further information on the Right to Information Act refer to the website of the Office of the Information Commissioner: www.oic.qld.gov.au