We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our privacy policy.

The Enquiries Line will be closed on 27 April 2026 due to the Anzac Day public holiday in NSW and will reopen on 28 April 2026. You can still lodge Privacy and FOI complaints, IC Review requests and general enquiries via our web forms.

News Join our team Contact us
About the OAIC

Our corporate information

  • On this page

Updated:  

Introduction

1 The APS Code of Conduct (Code) sets out the  behavioural standards expected of Australian Public Service (APS) employees.  The Code is set out in section  13 of the Public Service Act 1999 - external site (PS Act). The PS Act requires the head of each agency to establish procedures for determining whether an employee has breached the Code and what sanction, if any, is to be imposed if a breach is found.

Application of procedures

2 These procedures apply when determining whether a person who is an APS employee in the Office of the Australian Information Commissioner (OAIC), or who is a former APS employee who was employed in the OAIC at the time of the suspected misconduct, has breached the Code.

3 These procedures also apply when determining any sanction to be imposed on an employee in the OAIC who has been found to have breached the Code.

4 In these procedures, a reference to a breach of the Code includes conduct that occurred before the relevant employee was engaged as an employee that is taken to constitute a breach of the Code pursuant to subsection 15(2A) of the PS Act.

5 As provided for in subsection 15(7) of the Act, these procedures are publicly available on the OAIC’s website.

6 Refer to Appendix A. Suspected Breach Process flowchart (PNG, 110 KB) for the process .

Determining whether to initiate these procedures

7 A suspected breach of the Code may be identified in a number of ways, including through a complaint or report by a staff member or external person.

8 As soon as practical after a suspected breach of the Code is identified, the matter should be brought to the attention of the General Manager, Enabling Services or a person occupying one of the following roles:

  1. Executive General Manager, Regulatory Action
  2. Executive General Manager, Information Rights
  3. Australian Information Commissioner as the Accountable Authority

who will act as the Initial Decision-Maker to determine whether a suspected breach of the Code should be formally dealt with under these procedures or if another approach is appropriate.

9 The Initial Decision-Maker may need to undertake an initial information gathering process to understand the nature of the alleged conduct that gives rise to the suspected breach of the Code.

10 In order to determine a suitable and proportionate response to the suspected breach, the Initial Decision-Maker should consider the nature and seriousness of the concerns raised. Not all suspected breaches of the code need to be dealt with under these procedures, however, the more serious the alleged behaviour or the greater its potential impact on the public confidence in the APS, the more likely it is that the suspected breach should be dealt with under these procedures.

11 If the Initial Decision-Maker determines to deal with a suspected breach of the Code other than under these procedures, the Initial Decision-Maker will determine what approach should be taken. Potential approaches include, for example, an investigation, counselling, mediation between employees, or the provision of further training.

12 In performing their role, the Initial Decision-Maker should have regard to any relevant standards and guidance issued by the Australian Public Service Commissioner, including the Handling misconduct: a human resource manager’s guide - external site published by the Australian Public Service Commissioner (APSC). The Initial Decision-Maker should consider Chapter 4. When behaviour doesn’t meet expectations: preliminary decisions in the guide when dealing with conduct that may relate to both a suspected breach of the Code and a circumstance where the employee may not be demonstrating effective performance.

Breach Decision-Maker

13 Where the Initial Decision-Maker decides to initiate an inquiry under these procedures, they will select an independent person to determine in writing whether a breach of the Code has occurred (the Breach Decision-Maker).

14 The role of the Breach Decision-Maker is to determine in writing whether a breach of the Code has occurred.

15 The Breach Decision-Maker may undertake an investigation themselves or seek the assistance of an investigator. The investigator may be an OAIC employee or an external investigator. The investigator may investigate the alleged breach, gather evidence and make a report of recommended factual findings to the Breach Decision-Maker and provide any other assistance requested by the Breach Decision-Maker.

16 The Breach Decision-Maker should refer to the internal ‘Guidelines for determining suspected breaches of the APS Code of Conduct and sanction’ for guidance.

Sanction Delegate

17 The person who is to decide what, if any, sanction is to be imposed on an APS employee who is found to have breached the Code must be the Information Commissioner or hold a delegation of the powers under the PS Act to impose sanctions under section 15 of the PS Act (the Sanction Delegate).

18 The Sanction Delegate’s role will commence after a determination is made that an APS employee has breached the Code. The role of the Sanction Delegate is to determine in writing what, if any, sanction or sanctions should be imposed on an APS employee for a breach of the Code.

19 The process for imposing a sanction must be consistent with the principles of procedural fairness.

20 The Sanction Delegate should refer to the internal Guidelines for determining suspected breaches of the APS Code of Conduct and sanction for guidance on how to determine whether a sanction should be imposed and if so, the sanction(s) that are appropriate and proportionate in the circumstances.

21The Sanction Delegate may agree to a request made by the person determined to have breached the Code to have a support person when making an oral statement. The Sanction Delegate should make clear that the support person cannot act as a representative.

22 After any statement is provided by the employee in relation to the proposed sanction or sanctions, the Sanction Delegate will decide whether to proceed with imposing the proposed sanction or sanctions.

23 The Sanction Delegate may also decide to impose no sanction.

24 Sanctions may not be imposed on former employees.

Independence of Breach Decision-Maker and Sanction Delegate

25 The Breach Decision-Maker and the Sanction Delegate must be, and must appear to a reasonable person to be, independent and unbiased.

26 The Breach Decision-Maker and the Sanction Delegate must advise the Initial Decision-Maker in writing if they consider that they may not be independent and unbiased, or if they consider that they may reasonably be perceived not to be independent and unbiased; for example, if they are a witness in the matter.

Determination procedure

27 The process for determining whether a person has breached the Code must be carried out with as little formality, and as much expedition, as a proper consideration of the matter allows. The process must be consistent with the principles of procedural fairness.

28 A determination may not be made in relation to a suspected breach of the Code by a person unless reasonable steps have been taken to:

  1. inform the person, in writing, of:
    1. the details of the suspected breach of the Code (including any subsequent variation of those details); and
    2. the sanctions that may be imposed on them under section 15 of the PS Act; and
  2. give the person reasonable opportunity to make a statement in relation to the suspected breach or provide further evidence in relation to the suspected breach, within seven calendar days or any longer period that is allowed.

Record of determination and sanction

29 If a determination in relation to a suspected breach of the Code is made, a written record must be made of:

  1. the suspected breach;
  2. the determination;
  3. any sanction or sanctions imposed as a result of a determination that the employee has breached the Code; and
  4. if a statement of reasons was given to the employee in relation to the determination and/or the sanction decision — that statement of reasons.

30 The Archives Act 1983 and the Privacy Act 1988 apply to the OAIC’s records.

Suspension and temporary reassignment of duties

31 A decision to temporarily re-assign duties or to suspend an employee suspected of breaching the Code may be made at any time by the Suspension Delegate prior to or during the process of determining whether a breach has occurred and what (if any) sanction(s) may be imposed.

32 Decisions regarding suspension and temporary re-assignment of duties must be made by the Australian Information Commissioner or their delegate in accordance with section 28 of the PS Act.

33 An employee may be suspended, with or without remuneration, where the Suspension Delegate has formed a view on reasonable grounds that:

  1. the employee may have breached the Code; and
  2. the suspension is in the public or the OAIC’s interest.

34 An employee will not be suspended without remuneration for more than 30 days unless exceptional circumstances apply.

35 The suspension of an employee will be reviewed by the Suspension Delegate at reasonable intervals.

Dealing with suspected breaches by SES employees

36 SES employees have additional obligations under the PS Act to promote the APS Values, the APS Employment Principles and compliance with the Code by personal example and other appropriate means.

37 When dealing with a suspected breach of the Code by an SES employee, these additional obligations should be considered as well as the greater impact of the conduct of SES employees on the public confidence in the APS.

38 If an SES employee is found to have breached the Code and a sanction is being considered, the Australian Information Commissioner or their delegate must consult with the APS Commissioner regarding the determination and proposed sanction before it is imposed.

Advice to complainants

39 Advice to complainants about the outcomes of investigations into suspected breaches of the Code will be consistent with the requirements of the Privacy Act 1988 and any applicable guidance from the APSC.

Moving to a different agency or resignation

40 This section applies if:

  1. an ongoing APS employee in the OAIC is suspected of having breached the Code;
  2. the employee has been informed of the details of the suspected breach;
  3. the matter to which the suspected breach relates has not yet been resolved; and
  4. a decision has been made that, apart from this clause, would result in the employee moving to another Agency (including on promotion) under section 26 of the PS Act.

41 Movement between agencies (including on promotion) for employees suspected of a breach of the Code will not take effect until the matter is resolved, unless agreed by the respective Agency Heads.

42 Resolution is by:

  1. a determination being made as to whether or not the APS employee has breached the Code; or
  2. a decision that a determination is not necessary.

43 Should the Agency Heads agree to a move prior to the resolution of a suspected breach of the Code, the receiving agency may continue an investigation, determine whether or not the APS employee has breached the Code and/or impose a sanction based on the former agency’s investigation.

44 Where an employee resigns during the course of an investigation, the Information Commissioner or delegate may choose, depending on the circumstances, to discontinue or continue the process to determine whether or not the APS employee has breached the Code.

Review rights

45 Non-SES employees who have been found to have breached the Code and who wish to challenge either the determination that a breach has occurred or the sanction imposed (except in the case of termination) may lodge an application for review. Making an application for review does not stay the action.

46 An application for review of a determination that an employee has breached the Code or a sanction imposed as a result of the breach must be made to the Merit Protection Commissioner - external site. The application must be made within 60 days of the determination that the employee has breached the Code or a sanction is imposed.

47 An employee who has been dismissed may have remedies under the Fair Work Act 2009 or other Commonwealth laws.

Criminal matters

48 Where an employee has been charged with a criminal offence (including in relation to activity occurring in a person’s private life), the Initial Decision-Maker may decide that it is appropriate to investigate the matter as a possible breach of the Code.

Contact and support

49 For further assistance, contact integrity@oaic.gov.au.

References

Public Service Act 1999
Public Service  Regulations 2023
Australian Public  Service Commissioner’s Directions 2022
APS  Values and Code of Conduct in Practice
Australian  Public Service Commission, Handling misconduct: a human resource manager’s  guide
Merit  Protection Commissioner, Review of workplace decisions - external site

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia