Corporate reports

Review of protected disclosure procedures - progress report

21/01/2016

This report assess the progress made by state and local government entities that were not meeting their obligations around protected disclosures almost two years after the PID Act came into effect.

Following the introduction of new whistleblower laws in 2013, the Independent Broad-based Anti-corruption Commission reviewed implementation of the Protected Disclosure Act 2012 (PD Act). The review looked at the protected disclosure procedures established by 114 state and local government entities. IBAC’s Review of protected disclosure procedures (December 2014) found nearly a quarter of those agencies were not meeting their obligations around protected disclosures almost two years after the PD Act came into effect. This report assesses their progress.

From 1 January 2020, the Protected Disclosure Act 2012 is replaced by the Public Interest Disclosures Act 2012. See Public interest disclosures for more information.

Related resources

  • Following the introduction of new whistleblower laws in 2013, the Independent Broad-based Anti-corruption Commission reviewed implementation of the Protected Disclosure Act 2012 (PD Act). The review looked at the protected disclosure procedures established by 114 state and local government entities. IBAC’s Review of protected disclosure procedure (December 2014) found nearly a quarter of those agencies were not meeting their obligations around protected disclosures almost two years after the PD Act came into effect. This report assesses their progress.

    IBAC’s review included checking compliance of those entities’ procedures with the protected disclosure scheme, which includes the PD Act, the Protected Disclosure Regulations 2013, and IBAC’s ‘Guidelines for making and handling disclosures’ and ‘Guidelines for protected disclosure welfare management’ (both published June 2013).

    The review was conducted pursuant to section 60 of the PD Act, and was intended to ensure that entities’ procedures were consistent with the PD Act and IBAC guidelines.

    The review resulted in IBAC making 57 recommendations to 25 entities. IBAC requested those entities report to IBAC by 15 June 2015 on the steps taken to address the recommendations.

    All of IBAC’s recommendations have been accepted and entities report the majority of those recommendations have been implemented. The remaining recommendations have been actioned, but not fully implemented.

    IBAC has engaged with a number of entities since the review to promote compliance with the protected disclosure scheme and has identified some further issues in relation to protected disclosure procedures. IBAC will continue to work with the public sector in a variety of ways to provide information and support on these matters.

    About the PD Act

    The PD Act aims to:

    • encourage and assist people report improper conduct and detrimental action taken in reprisal for a protected disclosure
    • provide certain protections for people who make a disclosure or those who may suffer detrimental action in reprisal for a protected disclosure
    • ensure that certain information about a disclosure is kept confidential – the identity of the person making the disclosure and the content of that disclosure.

  • IBAC’s review report identified a large portion of the entities reviewed had met the requirements of the PD Act. However, the report also found a number of deficiencies, including entities that had not established procedures or whose procedures were not consistent with the protected disclosure scheme.

    In summary, the review report found:

    • of the 114 entities reviewed, 88 had met the requirements of the PD Act by developing and implementing protected disclosure procedures that were largely consistent with the protected disclosure scheme.
    • twenty-six entities had not met the requirements of the PD Act because:
      • they had not developed protected disclosure procedures
      • their procedures contained information that was substantially inconsistent with the PD Act, or
      • their procedures did not include essential information about the PD Act.
    • a number of organisations’ procedures were not readily available to the public, contrary to the PD Act.

    Consultation with entities following the release of the review report clarified some issues identified in the report.

    The review report noted that VicRoads did not have protected disclosure procedures in place. This was because, although VicRoads had advised it did have procedures, these were not provided to IBAC and were not available on its website. VicRoads’ procedures have since been made publicly available.

    The Victorian Government Solicitor’s Office (VGSO) and law firm FOI Solutions provided template procedures which were used in more than half of the respondents surveyed in the review report. The review report noted some minor issues with the templates.  (Nevertheless, six of the 15 entities given a ‘gold star’ rating in the review report for their procedures were clients of FOI Solutions.)  These were subsequently discussed with both the VGSO and FOI Solutions, resulting in the identification of a small number of minor amendments which could make the template procedures fully compliant with the requirements of the PD Act. IBAC’s overall view is that the revised templates represented a current ‘best practice’ model in a challenging legislative environment.

  • As a result of the review, IBAC wrote to 25 of the reviewed entities with inadequate PD procedures in December 2014 and made a total of 57 recommendations regarding their procedures.

    IBAC requested that each of the 25 entities report to IBAC by 15 June 2015 on the steps taken to address the recommendations.

    3.1 Entities with inadequate procedures

    In the review report, IBAC identified that 17 entities had procedures in place that were not compliant with the requirements of the protected disclosure scheme. IBAC recommended that each of these entities:

    • use section 4 of the review report to ensure their procedures were drafted so they did not contain any of the defects identified in the review report, and
    • make their procedures readily available, particularly to members of the public.

    A shown in Figure 1, the entities have now reported to IBAC that:

    • all of the recommendations have been accepted
    • 11 of the 17 entities have implemented the recommendations
    • six of the 17 entities have partially implemented the recommendations.

     

    Partially implemented 35%, implemented 65%

     3.2 Entities without procedures in place

    The review report identified eight entities that had no protected disclosure procedures in place. In relation to seven of these organisations, IBAC recommended that the entities:

    1. establish protected disclosure procedures by 31 March 2015
    2. use section 4 of the review report to ensure their procedures were drafted so they did not contain any of the defects identified in the review report, and
    3. make their procedures readily available, particularly to members of the public.

    As shown in Figure 2, the entities have now reported that:

    • all of the recommendations have been accepted
    • regarding recommendation 1:
      • three of the seven entities (including VicRoads) had established procedures by the date IBAC recommended this occur (31 March 2015)
      • the remaining four had not reported to IBAC by the deadline that the recommendation had been implemented, but had done so by September 2015
    • for each of recommendations 2 and 3:
      • six of the seven entities have implemented the recommendation
      • one entity has partially implemented the recommendations

    IBAC also identified the Office of the Victorian Government Architect (OVGA) had been utilising the protected disclosure procedures of a Victorian government department when it was required to establish its own procedures. IBAC recommended that the OVGA:

    • implement its own protected disclosure procedures
    • use section 4 of the review report to ensure its procedures complied with the PD Act.

    The OVGA advised it has accepted these recommendations and is implementing them.

    3.3 Response to IBAC’s recommendations

    Overall, the response to IBAC’s recommendations was positive – all of the recommendations were accepted and the entities have reported most of the recommendations have been implemented.

    However, of the 57 recommendations made in the review report, 14 have not been fully implemented or the relevant entity has not reported to IBAC that implementation is complete. This means that a number of entities may still not be compliant with the protected disclosure scheme. IBAC will continue to monitor the implementation of these recommendations and provide assistance to entities to support their compliance.

    In addition, 19 of the 25 entities did not report to IBAC on the steps taken to address the recommendations by 15 June 2015, as IBAC had requested. While the majority of these entities quickly responded to the recommendations after further contact from IBAC, in two instances it took almost two months for IBAC to obtain a response.

     

    Partially implemented 10%, implemented 90%

     

    Procedures of entities that can receive disclosures

    Public service bodies, local councils and investigating entities can all receive disclosures under the PD Act and should include the following in their procedures:

    • Secure information management systems for the receipt, storage, assessment and notification of protected disclosures. These systems will include an internal reporting structure and will identify the roles and responsibilities of those in that reporting structure.
    • A secure process for receiving verbal or written disclosures.
    • A means of identifying a person (or persons) who can receive disclosures (known as a Protected Disclosure Coordinator).
    • A secure means of notifying IBAC of assessable disclosures.
    • Education and training for selected staff in the receipt, handling, assessment and notification of disclosures.
    • A way to collect and collate statistics on protected disclosures for annual reporting.

  • Since the publication of the review report, IBAC has consulted with and assisted more than 40 entities.  Consultation included reviewing and providing feedback on the amended procedures of some entities at their request. This assistance has supported entities implement IBAC’s recommendations and improve their compliance with the protected disclosure scheme.

    A number of entities that were not part of the review also contacted IBAC and requested feedback as to whether they were compliant with their obligations.  In addition, some entities who had engaged external consultants to develop anti-corruption and fraud frameworks sought assistance from IBAC to ensure their proposed plans were compliant with the protected disclosure regime.

    The review report noted common errors and omissions in protected disclosure procedures that were identified through the review. In the course of providing assistance following the review, IBAC found some further issues with entities’ procedures that affected their compliance. For example, some procedures comprised a policy document that did not contain sufficient information about protected disclosure processes or the rights and obligations under the scheme, while others were interspersed throughout a number of organisational documents. It is important that entities’ procedures contain adequate information to be informative and practically useful, and that they can be easily accessed and understood. As such, it is preferable to have a standalone procedure document that combines all relevant information and contains sufficient detail to provide practical guidance for dealing with protected disclosure matters.

    IBAC’s consultation also identified issues with some procedures containing incorrect information because the definitions and explanations used were inconsistent with the protected disclosure scheme and the PD Act in particular. Care should be taken in preparing procedures to ensure that terms and explanations are consistent with the legislation and guidelines, especially if re-wording or summarising parts of the PD Act.

  • IBAC provides advice to the public sector pursuant to its legislative functions and role in the protected disclosure scheme.

    In the 2014/15 financial year, IBAC engaged in a number of activities to provide information and assistance to the public sector, improve compliance, and enhance the operation of the protected disclosure scheme. These activities included:

    • responding to state and local government entities on specific queries regarding the PD Act and handling of protected disclosure matters
    • chairing the Protected Disclosure Liaison Group, which IBAC established as a forum for key bodies to discuss and resolve issues relating to the PD Act.  Membership includes investigating entities, the President of the Legislative Council, and the Speaker of the Legislative Assembly
    • delivering information sessions to public sector entities on protected disclosure matters
    • convening the annual Protected Disclosure Coordinators forum
    • launching the Protected Disclosure Coordinator e-module, which currently has more than180 subscribers.

    Both state and local government report having developed protected disclosure networks which they utilise for information-sharing, eg in relation to protected disclosure resources and ‘best practice’ procedures and processes. IBAC has helped foster these networks through its annual protected disclosure coordinator forum.

  • IBAC’s review report identified a number of deficiencies with entities’ protected disclosure procedures and made recommendations to improve compliance with the protected disclosure scheme. The response to IBAC’s recommendations has been positive, with all of the recommendations being accepted.

    While there remain some issues with compliance, on the whole, entities have taken steps to address issues and improve their understanding of the protected disclosure regime.

    IBAC will continue to monitor the implementation of the review recommendations and work with entities to provide assistance and support compliance. This may include future reviews of entities’ protected disclosure procedures or the protected disclosure scheme more generally, as well as our ongoing engagement.