Chapter 12: Recordkeeping and managing information
12.1. There are requirements for how information about conduct matters should be kept, used, and disclosed, including in relation to recruitment and selection processes. Legislation relevant to recordkeeping and access to, and use and disclosure of such records in respect of misconduct action includes the Archives Act, the FOI Act, and the Privacy Act.
Recordkeeping requirements
12.2. Records relating to misconduct action need to be kept separate from the personnel file of the employee or former employee. The existence of a separate misconduct file should, however, be noted on the personnel file—for example, by cross-reference. Files of this kind are to be classified ‘Official: Sensitive’, consistent with the Australian Government’s Protective Security Policy Framework, and held in secure storage.
12.3. Access for management purposes should be allowed only on a need-to-know basis. Delegates who are deciding a sanction for subsequent misconduct should have access to these records to allow them to give proper weight to the employee’s prior misconduct in deciding a suitable sanction.
12.4. It is appropriate for the misconduct file to include material such as:
- all correspondence with the person under investigation, including the letter(s):
- informing them they are alleged to have breached the Code
- explaining the ‘case against them’
- advising them of the final determination decision
- outlining the proposed sanction and the reasons for it
- advising them of the sanction and their review rights
- any attachments to the correspondence
- decision records and any statements of reasons with respect to the breach determination and any suspension or sanction decisions
- all relevant electronic correspondence relating to the investigation, decision-making, or imposition of a sanction—this can include, for example, emails or chat logs
- all material associated with planning the investigation, such as records of telephone calls, letters, or emails or other electronic correspondence organising interviews
- the investigation report with all the evidence relevant to the breach and sanction decisions attached, such as IT records or transcripts of witness interviews.
12.5. Where the agency has engaged an external investigator, the agency should require the investigator to provide the following on completion of the investigation:
- the investigation report, and the evidence relevant to the breach decision and any sanction decision, for the file
- copies of any draft material provided to the employee for comment
- the employee’s response to the correspondence.
Retention periods and disposal
12.6. The National Archives of Australia’s Administrative Functions Disposal Authority Express Version 2 (AFDA Express) sets out the minimum retention requirements for various classes of records relating to misconduct matters. AFDA Express is a legal instrument issued under the Archives Act and the advice provided below is consistent with this.
12.7. Agencies should have regard to any current disposal freezes and retention notices that may be relevant to misconduct records, and determine whether these apply. Disposal freezes and retention notices generally state that agencies must not destroy any relevant records. Agencies should seek advice from the National Archives of Australia if in doubt.
12.8. Records relating to misconduct matters include records of:
- allegations of misconduct where no investigation is undertaken
- misconduct action, including matters which formed the basis for such action, and breach determinations
- misconduct investigations that find no breach of the Code
- decisions about the imposition and implementation of a sanction
- reviews of, or litigation about, misconduct action.
12.9. AFDA Express sets a minimum standard for retention, rather than an absolute limit. The decision about whether records should be kept for a period longer than the minimum rests with the agency. Agencies are advised to establish policies that set out how long different records are to be retained, make these policies readily available to all employees, and ensure that records are destroyed in accordance with these policies.
12.10. In determining how long records are to be retained, including whether they should be retained longer than the minimum standard, agencies should be guided by the underlying purpose of taking misconduct action—that is, to maintain public confidence in public administration. Misconduct action seeks to maintain proper standards of conduct by employees and protect the reputation of the APS, rather than to punish a person for the duration of their working life. Timeframes for retaining records therefore need to be fair and reasonable, and reflect a balance between the interests of the agency, the interests of the employee, and the public interest.
12.11. Included below are the minimum requirements relating to records of misconduct matters set out in AFDA Express. AFDA Express also provides direction on the retention of other records that may be relevant to misconduct matters.
Findings of no misconduct, including allegations where an investigation is not undertaken
12.12. Where an investigation results in a finding of no breach of the Code, records should be kept for 18 months after that decision is taken. However, a longer period, as specified below, may apply where the employee or former employee requests it. That longer period is:
- until the employee or former employee reaches the age of 75, or
- seven years after the last action relating to the alleged misconduct.
12.13. The employee or former employee may also request that the records be destroyed at a specified time.
12.14. If a decision is made not to investigate an allegation of misconduct—for example, because there is no utility in investigating the matter, or the allegation is considered frivolous or vexatious or without substance—all records are to be kept for at least 18 months after the last action in the file.
Investigation not finalised
12.15. If an agency decides to discontinue an investigation into alleged misconduct—for example, if the employee resigns during the course of an investigation—documents that have been obtained or created up to the date on which the investigation is discontinued should be retained on a separate misconduct file and kept in accordance with agency policies for at least 18 months.
Findings of misconduct
12.16. If, in the period of five years after a finding of breach is made in relation to an employee or former employee, there have been no new breaches of the Code:
- the misconduct record may be destroyed and any cross-reference in the personnel file removed
- the employee or former employee should be informed in writing that the misconduct record has been destroyed and that any reference in their personnel file has been removed.
12.17. If an employee or former employee who has been determined to have breached the Code is found to have breached the Code again within five years of that determination, the records of prior misconduct should be kept for a further period of five years, dating from the time of the new determination.
Access to records
12.18. Misconduct records contain sensitive information and are to be available within an agency on a need-to-know basis. Regulation 9.2 of the PS Regulations allows misconduct records to be disclosed or used where:
- the use is necessary or relevant to the exercise of an employer power, and
- the use or disclosure is consistent with any guidelines issued by the Commissioner.
12.19. This issue arises most frequently in relation to the consideration of sanctions for later misconduct, or in the context of recruitment and selection processes. However, it can also arise in other contexts, such as security clearances, organisational suitability assessments, or performance management processes.
12.20. Misconduct records should only be disclosed on a case-by-case basis, having careful regard to Commissioner guidelines and the Australian Privacy Principles (APPs), and, where relevant, the requirements of the FOI Act. Agencies should also have regard to any internal policies or procedures that relate to handling of and access to records in accordance with the Protective Security Policy Framework.
Transferring to a new agency
12.21. Misconduct records form part of the personnel file, although they are not physically attached to the personnel file, and follow the employee as they move between agencies as the personnel file does.
12.22. When passing misconduct records to a new agency, agencies should ensure that the employing agency is aware of the recordkeeping guidelines that apply to the misconduct record, including retention periods, and advise the gaining agency when any material can be destroyed in accordance with AFDA Express.
Considering misconduct in a selection process
12.23. An APS selection process is the means by which an agency gains relevant information about the ‘work-related qualities’ of candidates for APS jobs. These qualities may include skills and abilities, the standard of work performance, and relevant personal qualities genuinely required for the duties (see s.10A(2) of the PS Act).
12.24. A work history that includes a finding of misconduct, or an investigation of alleged misconduct, is not necessarily a relevant factor in deciding whether a candidate is suitable for a job vacancy. If a candidate discloses prior misconduct, or the selection delegate or panel is aware of prior misconduct, a decision on whether the candidate is suitable must be based on an assessment of the work-related qualities of the candidate against the work-related qualities genuinely required for the duties.
What do agencies need to consider when asking about prior misconduct?
12.25. It is not the intention of the APS conduct framework that historical misconduct should affect an employee’s career indefinitely, without regard to its relevance to a particular position. Agencies should not default to excluding candidates for engagement or promotion on the basis of historical misconduct alone, and should consider misconduct history in the context of genuine business needs and the inherent requirements of a role.
12.26. When considering a previous breach of the Code in the context of a selection process, the following factors may be relevant:
- the nature of the breach
- any sanction imposed
- how long ago the breach occurred
- the nature of the duties being performed at the time
- the duties of the job that is being filled
- whether this was a one-off action or indicative of a pattern of behaviour.
What do candidates need to disclose?
12.27. Candidates should be asked for information on their previous work history. This can include whether they are or have been the subject of a misconduct process—and, where relevant, any processes relating to any codes of conduct or professional standards applying to non-APS employment.
12.28. Agencies may exercise discretion in the extent of information sought, consistent with the principle that historical incidents of minor misconduct should not limit an employee’s career indefinitely. Agencies may, for example, ask candidates whether they have been subject to a misconduct investigation in the last five years, and, if so, what the result of that investigation was. Where a candidate indicates they have been the subject of a misconduct investigation, application forms should allow them to make clear that no breach was found where this is the case. To capture more serious matters, agencies may also wish to ask candidates whether they have ever had their employment terminated for conduct or performance issues.
12.29. In providing this information, candidates are obliged to meet the standards of honesty and integrity expected by the Code.
12.30. Candidates who are not APS employees at the time they provide this information are also obliged to meet these standards. Section 15(2A) of the PS Act provides that APS employees can be found to have breached the Code if, as candidates for engagement, they:
- knowingly provide false or misleading information,
- wilfully fail to disclose information that they knew, or ought reasonably to have known, was relevant, or
- otherwise fail to behave honestly and with integrity.
What can be done with the information that is disclosed?
12.31. Where information about a candidate’s past misconduct is being taken into account as part of a selection process, the candidate should be advised of the matters being considered, and provided with reasonable opportunity to comment, before the selection decision is made. In all cases, the weight to be given to records of determined misconduct will diminish over time.
12.32. A delegate in a selection process may choose to rely on the honesty of candidates’ declarations about their prior conduct records. It would, nonetheless, be prudent for a delegate to confirm that information with the candidate’s current agency or employer. If the candidate is an APS employee, regulation 9.2 of the PS Regulations allows for the disclosure of this information where it is necessary for, or relevant to, agency head employer powers—including with respect to a selection process.
12.33. Agencies may wish to consider advising candidates that information regarding their previous behaviour, including any history of misconduct, will be sought from current or previous employers.
Candidates with misconduct action in progress
12.34. If a candidate is the subject of a misconduct process that has yet to be finalised, care needs to be taken not to prejudge the outcome of the process while ensuring the candidate’s work-related qualities are appropriate for the duties to be performed. If, after the assessment of the candidate’s work-related qualities, the candidate is preferred, the available options include:
- awaiting the outcome of the investigation, if practical
- proceeding with the assignment of duties or movement if the alleged breach is relatively minor and not significant in the operational context of the employing agency
- offering the employee a temporary assignment or movement pending the finalisation of the investigation.
Referee reports and misconduct
12.35. It is a common practice for APS agencies to ask employees seeking promotion or movement at level to obtain a referee report from their current supervisor or manager.
12.36. The APPs in the Privacy Act apply to providing references, including with respect to previous misconduct.
12.37. Supervisors should avoid any comment in a referee report that is unrelated to the employee’s work performance. Any comment that is made should be relevant to the work-related qualities of the job the person has applied for, as advised by the selection panel.
12.38. In determining whether to disclose information about a prior, or alleged, breach of the Code, factors to take into account include:
- the nature of the breach or alleged breach
- how long ago the breach occurred
- the duties being undertaken at the time
- the proposed duties of the new role
- the employee’s conduct since the breach.
12.39. An employee whose conduct is under investigation may ask a referee from their agency to provide a reference to support a job application. Where the matters being investigated may be relevant to the work-related qualities required for the job, the referee could indicate that there have been concerns as yet unresolved. Care needs to be taken to avoid being seen to prejudge the situation.
12.39. Where an investigation has concluded that the employee did not breach the Code, it would generally be inappropriate for the referee to refer to the investigation except to confirm, if necessary, that no breach was found. That said, the referee may also refer to the investigation where it resulted in decisions relating to the performance or behaviour of the employee, which, although not amounting to misconduct, may nevertheless reflect on the employee’s suitability for the job in question.
12.40. If a breach of the Code has been determined, and where the breach is considered relevant, the referee may include an outline of the circumstances surrounding the breach and comment on the relevance of the breach to the work-related qualities required for the job.
Effect of misconduct finding on security clearance
12.41. The Australian Government’s Protective Security Policy Framework requires sponsoring agencies to actively monitor and manage the ongoing suitability of their security cleared employees. This means that agencies are responsible for ensuring their employees remain suitable to access Australian Government resources for the entire period of their engagement. The core requirement in the Protective Security Policy Framework for ongoing assessment of employees is that agencies share relevant information of security concern with the appropriate vetting agency. The assessment of whether information is relevant or of security concern can only be made by the agency assessing that concern.
12.42. Only authorised vetting agencies can make a determination about an individual’s eligibility and suitability to hold a security clearance. However, vetting agencies can only assess an individual’s eligibility and suitability based on the information available to them. This is why the effective sharing of information of security concern is so important.
12.43. It is good practice for agency guidance material to include information on how findings of breaches of the Code by security clearance holders are to be reported to the authorised vetting agency. It is recommended that this be done in consultation with the agency’s security area.