Section 4: Managing information
4.1 Summary
4.1.1 Public access to government information is important in a healthy democracy. However, there are some circumstances where there is an overriding public interest in maintaining the confidentiality of information held by government.
4.1.2 Good recordkeeping is essential for good government and is an essential part of meeting accountability obligations. Records provide evidence of communications, decisions and actions.
4.1.3 Australian Public Service (APS) employees must be able to demonstrate that their actions and decisions have been made with appropriate consideration, with care and diligence, and using Commonwealth resources properly.
4.2 Public Service Regulation 2.1—disclosure of information
4.2.1 Leaking information is unacceptable. The inappropriate disclosure of information is against the public interest. Leaking information can damage Australia's international security or reputation and put the lives of Australian officials and others at risk. It can also damage the trust between the government, its public service advisers and the community.
4.2.2 Regulation 2.1 of the Public Service Regulations 1999 (the PS Regulations) provides that an employee must not disclose information, without authority, which is obtained or generated in connection with APS employment if:
- that information is communicated in confidence, or
- it is reasonably foreseeable that the disclosure of the information could be prejudicial to the effective working of government.
4.2.3 The regulation includes some exceptions to these rules. Employees should familiarise themselves with the requirements of regulation 2.1.
4.2.4 The regulation is not designed to regulate the disclosure of official information comprehensively. It is intended to operate alongside other restrictions on disclosure, including in other Commonwealth laws and agency-level directions.
4.2.5 Regulation 2.1 is part of the APS Code of Conduct.
Disclosure that may be prejudicial to effective working of government
4.2.6 The restriction on disclosure provided by regulation 2.1 includes information about the deliberative process that leads to the formulation of policies or programs (regulation 2.1(3)).
4.2.7 When considering disclosing information, employees might consider on each occasion whether the disclosure of information could damage the effective working of government. This may include in situations where the information is unclassified and there is no relevant agency head direction about its disclosure.
Information communicated in confidence
4.2.8 An employee must also not disclose without authority information they obtain or generate in connection with their APS employment if the information was, or will be, communicated in confidence within government or was received in confidence from outside government. This is the case whether or not the disclosure would found an action for breach of confidence (regulation 2.1(4)).
4.2.9 Information must be communicated in confidence within government where an employee is given information on the understanding that it should not be disclosed, except in the course of official duties.
4.2.10 An understanding that information should not be disclosed except in the course of official duties may be implied by the nature and context of the information. The information may have been provided by a person outside the Government subject to an express confidentiality condition. In other circumstances it may have been implied that the information is to be used only for the purpose for which it was provided.
Tip
The exemptions and conditional exemptions set out in the Freedom of Information Act 1982 (FOI Act) are a useful starting point in determining which categories of information may fall within the scope of regulation 2.1. Further information about the operation of the FOI Act can be found on the Office of the Australian Information Commissioner's website.
Information already in the public domain
4.2.11 Regulation 2.1 does not prohibit the disclosure of information that is already lawfully in the public domain.
4.2.12 However, there may be circumstances where it is not appropriate either to confirm or deny information already in the public domain. An example would be where a public servant makes a disclosure without authorisation which has the effect of confirming a previous leak of information.
4.3 Other non-disclosure obligations
4.3.1 Many APS employees are subject to duties of non-disclosure contained in legislation that governs the functions of the agency for which they work. For example, an obligation on agencies that commonly impacts on the performance of an employee's duties concerns the application of the Privacy Act 1988 (Privacy Act).
Privacy law
4.3.2 The APS holds substantial personal information about the public and APS employees, including sensitive information. The principal legislation governing the management and use of personal information in the APS is the Privacy Act.
4.3.3 Section 6 of the Privacy Act defines personal information to mean:
… information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
4.3.4 The Privacy Act includes 13 Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the collection, use, disclosure and storage of personal information, including sensitive information. The APPs apply to all APS agencies. APS agencies need to comply with their APP obligations when managing personal information about their employees as well as clients and stakeholders.
Personal information
4.3.5 Under APP 6, an agency can use or disclose personal information only for a purpose for which it was collected, unless an exception applies or consent is obtained. APP 6 provides a number of exceptions, such as where an individual could reasonably expect the entity to use or disclose the information for a secondary purpose which is related to the primary purpose. Another exception is where the use or disclosure is required or authorised under an Australian law, including the Crimes Act 1914 (Crimes Act), the Archives Act 1983 (Archives Act), the FOI Act and the Public Service Act 1999 (PS Act) and regulation 9.2 of the PS Regulations—see subsection 4.3.7 below for more information.
4.3.6 APS employees are encouraged to familiarise themselves with these obligations before making any such disclosure. Employees should also comply with agency processes and procedures and must comply with them if directed to do so.
Personal information of employees
4.3.7 Regulation 9.2 of the PS Regulations provides an exception to the use and disclosure provisions of the APPs by providing authority for the use and disclosure of personal information. The regulation allows agency heads to use or disclose personal information in circumstances where the use or disclosure is necessary or relevant to the performance or exercise of employer powers.
4.3.8 An employee who believes an agency has disclosed their personal information unlawfully should first raise the matter with the agency. If they are not satisfied with the agency's response, they may complain to the Office of the Australian Information Commissioner.
Protective Security Policy Framework
4.3.9 Employees are advised to consider the requirements of the Protective Security Policy Framework (PSPF) when considering disclosing information. The framework provides the appropriate controls for the Australian Government to protect its people, information and assets, at home and overseas. Information about the PSPF can be found on the Attorney-General's Department's website.
Dealings with ministers and their staff
4.3.10 APS employees who deal with ministers or with ministers' offices may have access to many types of information communicated in confidence. The APS Code of Conduct (the Code) requires APS employees to treat any dealings with ministers and their staff with appropriate confidentiality.
Policy and guidelines
4.3.11 Agencies may have policies and guidelines on disclosing information. If in doubt about whether information may be lawfully used or disclosed, employees should seek the advice of someone in their agency with appropriate authority.
4.4 Section 70 of the Crimes Act
4.4.1 Unauthorised disclosure of official information may breach section 70 of the Crimes Act. This section makes it an offence for a Commonwealth officer to publish or communicate any fact or document, except where authorised to do so, which comes into his or her knowledge or possession and which it is his or her duty not to disclose. A breach of section 70 carries with it a maximum penalty of two years imprisonment.
4.4.2 A disclosure that breaches regulation 2.1 of the PS Regulations may also breach section 70 of the Crimes Act.
Former APS employees and contractors
4.4.3 The Crimes Act prohibits Commonwealth officers, including contractors, and former Commonwealth officers from making an unauthorised disclosure of information that was protected at the time he or she ceased employment with the Commonwealth (section 70(2)). Information that is covered by regulation 2.1 of the PS Regulations may be protected information for the purposes of the Crimes Act—see subsection 4.2 for more information.
4.5 Disclosure in the course of duties
4.5.1 APS employees disclose information routinely in the course of their duties. In making these disclosures, employees must uphold the APS Values and Code of Conduct and comply with all relevant laws.
4.5.2 APS employees may disclose information in accordance with an authorisation given by an agency head or a delegate, or where disclosure is otherwise authorised by law.
Freedom of Information Act
4.5.3 Employees have pro-disclosure obligations under the FOI Act. The principle underlying the Act is that access to documents should be granted wherever possible.
4.5.4 Information about the operation of the FOI Act can be found on the Office of the Information Commissioner's website. Information may also be obtained from an agency's FOI Contact Officer in the first instance.
Commercial-in-confidence information
4.5.5 Confidential information should be managed in accordance with any relevant law and any confidentiality provisions in the related contract. Irrespective of the terms of the contract, disclosure of a supplier's confidential information may be necessary in some cases, for example to a parliamentary committee.
Making public comment in an official capacity
4.5.6 Some APS employees, as part of their official duties, speak to, or write to, the media and others in the community. Employees may be called upon to act as the public face of their agency, or to explain the operations of policies.
4.5.7 APS employees have an important role to explain policies and analyse the reasons behind them, to assist the elected government to achieve its policy aims and to help meet program objectives. In doing so, employees should avoid partisan comment and ensure that their approach to speaking publicly about policies supports public confidence in the capacity of the APS to be impartial.
4.5.8 Section 1: Working with the Government and the Parliament provides guidance on the involvement of public servants in Government advertising and awareness initiatives.
4.5.9 When commenting publicly in an official capacity, employees remain bound by the APS Values and Code, including the duty not to disclose certain information without authority. Employees must also have regard to their agencies' policies relating to clearance of material for public release.
Providing information to Parliamentary Committees of inquiry and Royal Commissions in an official capacity
4.5.10 The Department of the Prime Minister and Cabinet's Government Guidelines for Official Witnesses before Parliamentary Committees and Related Matters are designed to assist APS employees providing information to Members of Parliament.
4.6 Proper use of information
4.6.1 APS employees must not make improper use of information obtained in their official capacity in order to gain, or seek to gain, a benefit or advantage for themselves or others, or to cause, or seek to cause, a detriment to their agency, the Commonwealth or any other person (subsection 13(10) of the PS Act).
4.6.2 Employees must have appropriate authorisation before obtaining, accessing or using information about another person, for example, taxation or child support records. The Criminal Code Act 1995 makes it an offence for a Commonwealth officer to use official information to obtain a benefit for themselves or another person dishonestly or to cause detriment to another person (paragraph 142.2(1)). These provisions also apply to former Commonwealth public officials in relation to information obtained while employed by the Commonwealth. The offence attracts a maximum penalty of five years imprisonment.
4.6.3 Employees should also consider the agency's obligations under APP 6 when using personal information. An agency can only use personal information for a purpose for which it was collected or for a secondary purpose if consent is obtained or an exception applies. One exception is where the use of the personal information is required or authorised by an Australian law, such as regulation 9.2 of the PS Regulations.
4.7 Recordkeeping
4.7.1 The creation, maintenance and accessibility of Commonwealth records are key elements of sound public administration and accountability.
4.7.2 Good recordkeeping is important for an agency to:
- demonstrate it has taken all reasonable steps to identify and manage risks
- provide assurance that administrative processes are adequate and have integrity
- record significant events and demonstrate consideration of policy alternatives and decisions
- be able to review its decisions and processes to identify strengths and weaknesses in the process and lessons for the future
- provide support for the Commonwealth's position in the event of a legal challenge.
4.7.3 Records are not only essential for the conduct of Commonwealth administration but also:
- assist the Government and the public to scrutinise the decisions and activities of Commonwealth institutions
- allow the community to retain and transfer knowledge, learn from past experience, and protect the interests of Australians collectively and individually
- help satisfy people's interest in the decisions and actions of Government that affect their and previous generations' lives or shaped the development of Australia.
4.7.4 The level and standard of recordkeeping needs to reflect the circumstances and the importance of the decision or action being recorded.
4.7.5 Generally, it is important to record and to maintain in an accessible form:
- decisions by Ministers, and the basis for them, including advice on options and risks
- program decisions, including decisions affecting individuals or individual businesses that may be subject to administrative review, together with the basis for the decisions and the authority for making the decision
- significant events, including meetings and discussions with Ministers or stakeholders or members of the public which may be significant in terms of policy or program decision-making.
Agency policies and procedures
- Agencies have found it useful to provide guidelines to employees on handling interactions with the Minister and their office in an effective and professional way.
- Agencies are expected to establish clear policies and guidelines so that employees are aware of the provisions that govern the management of information in their agency, including employee obligations under privacy law.
- Agencies may care to consider issuing directions:
- that require employees to seek advice if they are unsure about whether to disclose information and to keep a record of that advice if authorised to disclose information
- that require employees to comply with agency-level policies on the handling of information, for example protective security or record keeping policies
- to specific groups of employees working with particular kinds of information, for example, employees working on a particular tender exercise.
- When advertising a vacancy, agencies should determine whether a security clearance is required and, if so, at what level. Employees with access to Australian Government security classified resources must hold a security clearance at the appropriate level, in accordance with the PSPF. It is good practice to advise potential job applicants in advance about the need for a security clearance.
- Agencies may find it useful to develop policies on the application of the APS Values and Code of Conduct to the specific types of public comment that their employees are expected to make in their official roles.
- Agencies are advised to develop protocols for handling media enquiries which are understood by all staff.