How data will be stored and accessed
The data provided by organisations will be stored in accordance with the Commission’s data storage and management protocols. Access to individual records will be limited to the Commission’s Data and Insights team, while access to aggregated data will be controlled via standard IT controls (for example, username and password with appropriate permissions).
How data will be reported
The Commission will use the data provided by agencies to publish an aggregated and non-identifiable report that provides a sector wide picture of misconduct and serious misconduct outcomes. Reporting will be publicly available and may also include additional integrity related indicators to provide further context and information.
The aggregated report is likely to include the:
- number of investigations into allegations of misconduct or serious misconduct that occurred
- number of misconduct outcomes
- number of serious misconduct outcomes
- number of outcomes where no misconduct or serious misconduct occurred, or that there was insufficient evidence of misconduct or serious misconduct
- number of investigations that ceased and no findings were made, and most frequent reason(s) why this happened.
- categories of misconduct and serious misconduct that occurred most frequently.
- actions taken in response to misconduct or serious misconduct.
- number of misconduct or serious misconduct findings by job level
The report may also include cross-variable analysis to identify themes and relationships within the data. This could include identifying the most common action taken in response to different categories of misconduct and serious misconduct or trends by job level.
In addition to publishing an aggregate report, the Commission may publish some organisational specific information, where doing so does not identify an individual. As the numbers of investigations for individual organisations will be much lower than the aggregate public-sector wide total, it is likely that far less information could be published at an organisation specific level than in the aggregate, system wide report.
In all reporting, where numbers are very small or combining different pieces of information (such as entity, job level, misconduct category and outcome) could identify an individual, the information would not be published. All publication of data will adhere to the Commission’s Data Release rules, which includes requirements for the mandatory suppression of small counts.
Reporting will include analysis and commentary that contextualises findings and makes it clear there is no optimal or benchmark number of misconduct investigations that should occur each year across organisations. Variations between organisations may reflect different risk environments and high numbers of investigations may indicate mature detection, investigation and assurance frameworks. Commentary may also identify risks or signal areas where strengthened training, assurance activity, leadership development, or targeted engagement may help improve outcomes or help address inappropriate behaviour.