1
This guidance is aimed at helping agencies to manage cyber-bullying of their employees by members of the public.
2
Cyber-bullying is any behaviour, using digital technologies, that could reasonably be considered humiliating, intimidating, threatening or demeaning to a person, or group of people, and which creates a risk to health and safety. Examples may include harassment via mobile phone, social media, or e-mail, or setting up an offensive personal website or blog.
3 While cyber-bullying typically involves an accumulation of instances of objectionable behaviour, single instances of online abuse and harassment may constitute cyber-bullying.
Not every adverse comment or complaint using digital technologies is unreasonable or is an instance of cyber-bullying. Clients and other members of the public have a right to express their views or make a complaint online about agencies in the same way as they can in person or in writing. The problem arises when complaints are in the form of inappropriate online behaviour directed at APS employees.
4
Cyber-bullying can be difficult to deal with because it is distinct from other kinds of bullying in several key ways. In particular :
 it allows a potentially global audience to view or participate
 it is often anonymous, making it hard to hold perpetrators to account
 it can take place at any time of the day, seven days a week
 it has a degree of permanence, as information put online can be difficult to remove and may be recorded and archived
 it may be difficult to escape from, given the pervasiveness of the need to be always
‘connected’
 content can be duplicated easily and is often searchable .
5
Examples of inappropriate online conduct that may be directed at APS employees include:
 using offensive language (including terms inappropriately targeting specific groups or individuals)
 personal attacks that embarrass, humiliate, discredit, or portray the target in a negative light
 spamming (i.e. sending multiple successive and irrelevant emails or posts designed to aggravate or which cause nuisance)
 cyber-stalking —for example, using the internet to find, identify, and arrange to meet a person whom one intends to victimise; or sending multiple emails to annoy, embarrass, intimidate, or threaten a person 6
 conducting online polls about employees —for example, about their level of competence
—for the purpose of belittling them
 posting personal information about employees, including personal details (phone number, name, address, vehicle details, etc.) so they can be targeted via other avenues
 posting inappropriate content or links to disreputable websites

 publishing embarrassing or altered photos or videos of APS employees without their permission
 inappropriate and unreasonable use of online enquiry forms to convey abusive or offensive remarks to or about APS employees
 creating fake social networking profiles of APS employees.
Agencies may wish to use this guidance to develop their own protocols or procedures for dealing with unacceptable online conduct, either as stand-alone policies or as components of existing policies on social media or dealing with difficult clients.
Such policies or procedures may wish to refer to:

the potential impact of cyber-bullying on the health of APS employees, taking into account agencies ’ and managers’ responsibilities under the Work Health and Safety Act
2011 (
‘the WH&S Act’)

security issues raised by cyber-bullying

arrangements for reporting instances of cyber-bullying

providing advice and support to employees who are the target of cyber-bullying

managing inappropriate conduct by members of the public online, including by: o monitoring and keeping records of online comments o evaluating online comments o responding to online comments

reducing the risk of cyber-bullying

legal mechanisms for addressing cyber-bullying.
A list of resources is at Attachment A
.
APS employees are expected to adhere to high standards of conduct in their dealings with clients and other members of the public, including in circumstances where members of the public react disproportionately or with anger. Employee responses should be professional and courteous, consistent with the APS Values, Employment Principles, and Code of Conduct. The
Value Committed to Service requires APS employees to engage effectively with the community, and work actively to provide responsive, client-focused service delivery. Nevertheless, the requirements of the APS Values, Employment Principles, and Code of Conduct do not oblige
APS employees to submit to abuse —whether in person or online.
Dealing with members of the public who are demanding, abusive, or aggressive can be stressful and at times frightening for employees. Employees may have concerns about their personal security, and may feel the impact of stress on their health.
Agencies have a responsibility both to manage the risk to employees ’ health and safety and to provide employees with support and counselling to manage the impact of cyber-bullying.
Agencies should encourage, and provide avenues for, employees to report cyber-bullying by clients or members of the public to supervisors, Work Health and Safety (WH&S) managers or coordinators, or senior managers to enable action to be taken. Employees may choose to raise concerns initially with Health and Safety Representatives (HSRs), or Harassment Contact
Officers (HCOs). Agencies will need to consider what additional support and resources

managers, WH&S managers or coordinators, HSRs, and HCOs may need to be able to respond effectively to concerns about cyber-bullying.
The line manager has a critical role in managing the effects of cyber-bullying on their team, as well as in supporting employees who have experienced cyber-bullying. A supportive manager and team can help to buffer employees against the impact of cyber-bullying. Managers should encourage employees to access the agency ’s employee assistance program and provide other support and adjustments to work where necessary.
Cyber-bullying is a problem with multiple dimensions. Local managers may require assistance and advice from agency specialists, including IT, web services, people management, legal services, and security, to manage the problem effectively.
As with all types of bullying, cyber-bullying can have a serious impact on individuals ’ mental and physical health.
7 Cyber-bullying can therefore create a work health and safety risk.
APS agencies have a duty of care under the WH&S Act in respect of workers ’ health and safety.
Where cyber-bullying emerges as a work health and safety risk, APS agencies (including senior executives 8 ) have an obligation to protect the health and safety of workers from this risk, as far as is reasonably practicable.
9
Further information on the obligations under the WH&S Act is available from the Comcare website at http://www.comcare.gov.au/ .
Where an employee has been subjected to cyber-bullying, managers may find useful guidance on recognising signs and signals of mental ill health, and preventative measures, in the
Commission ’s joint guide with Comcare, Working Together: Promoting mental health and wellbeing at work .
Agencies should also consider how they might assist employees who are being threatened with physical or other harm online or whose work-related personal information has been subject to unauthorised disclosure.
These matters should be referred to the agency ’s IT security or physical/personnel security area. For example, an agency may be able to change the affected employee ’s contact details, or remove them from the departmental contact list in more serious cases. This could also extend in some circumstances to assisting employees to obtain a silent personal phone number, or silent elector status on the electoral roll, if the employee believes that they or their family could be at risk.
10
Information on protections available under the law, including from criminal conduct, is covered
in Part 6.5
of this guide.
This part sets out strategies that agencies may find helpful in responding to and managing inappropriate behaviour directed at employees online by clients and other members of the public. It covers the following topics:
1.
Monitoring and keeping records of online comments
2.
Evaluating online comments

3.
Responding to online comments
4.
Following up and following through.
Attachment B
provides a flowchart for managing inappropriate online conduct by clients and other members of the public.
11
a. Monitoring online comments
APS agencies may have systems in place for monitoring emails and tracking postings, comments, websites, blogs, etc. for content about their agency or employees, including by designating staff to monitor online content. These staff may also be responsible for identifying, evaluating, and responding to inappropriate online conduct.
Online tools and alerts —such as Google Alerts, Social Mention, Technocrati, TweetBeep,
Boardtracker, Dialogix, The Search Monitor, etc.
—can be used to track comments about agencies online. For example, Google Alerts can send regular email updates of the latest online mentions of an agency name or other specific search criteria, whether it is on a blog, in an online newspaper, in a video, or in a tweet, thus eliminating the need for manual searches.
Agencies will need to decide on a case-by-case basis whether to alert employees to online comments directed at them which have come to the agency ’s attention. Employees generally prefer to know if they are the subject of online harassment, but there may be circumstances where a risk assessment indicates that it would be preferable not to alert the employee. When notifying employees, it is good practice to inform the employee of how the agency intends to deal with the matter. In doing so, agencies will need to assess the risks to health and safety and be mindful of the effect that the online comments may have on the well-being of the employee, and be ready to provide support. b. Record keeping
It is important to record instances of cyber-bullying and any actions an agency has taken in response. Records assist with the following:

documenting how the agency has responded to the incident and the reasons for the agency ’s approach

explaining the agency ’s actions should these be subject to review or challenge

identifying systemic issues which may be affecting employees or clients

supporting future investigations; for example, a police investigation.
Record-keeping may include printing relevant emails, blog posts, web messages, and other information directly from the website itself, or taking screenshots of the offensive material. This will ensure there is a record in the event that comments are taken down or changed. Any online correspondence with the client or member of the public should also be recorded.
If inappropriate online content that targets an employee is identified, agencies need to determine whether:

to take steps to have it removed or have the author or creator blocked (if the content is on the agency ’s website)

a response is needed, or any other action should be taken.

This should be done promptly to minimise the impact on affected employees.
Agencies may wish to consider the following factors when considering how to respond: a. Content

Does the online material constitute legitimate criticism or is it purely malicious?

Does the content include personal information about an APS employee (or their family) that has been obtained and/or used inappropriately —e.g. personal photos, videos or address information?

Does the content include obscene language or material?

Does it contain threats to, or unsubstantiated allegations about, an APS employee?

Is the content potentially contrary to law, e.g. under racial vilification legislation or the
Criminal Code Act 1995 , in relation to ‘using a carriage service to menace, harass or cause offence ’?

Could the content be in violation of the ‘terms and conditions’ of the relevant social media platform? b. Impact

Could the online content have a detrimental effect on the physical or psychological health and safety of the employee; for example, causing stress and therefore creating a duty of care or legal liability if action is not taken?

Could the content significantly damage an agency ’s reputation or the reputation of an
APS employee?

What impact, if any, is the online content likely to have in the workplace, or on relationships between colleagues or with clients?

Has the online content had an adverse effect on the APS employee or their family?

Is the client hijacking the communication stream in a way that has an impact on its effectiveness or the ability of other people to use it in the intended way? (For example, if an agency is running a blog, Facebook, or Twitter page where employees engage in two-way communication with clients.) c. Visibility and credibility

Is the online content on a website that is highly visible and easily accessible? For example, is it on Facebook (with around 10 million Australian users), or is it on an obscure website that has been viewed by a relatively small number of people?

Has the online content ‘gone viral’—taking on a life of its own, possibly even being reported in the news media? It can be difficult to know when an online posting or website will spread and be picked up by other bloggers and the media. The online
listening tools referred to under Part 5.1(a) can be helpful because they alert the
agency when the agency ’s name, or other search criteria, is mentioned, and can help agencies to comment or deal directly with the source of the posting before matters get out of hand.

Could the online content be perceived as credible, or is it so far-fetched that it will not be believed by a reasonable person? d. Apparent purpose/objective

Does the content appear to have been created with the intention to embarrass or humiliate? Is it part of a smear campaign or a publicity stunt?

Does the content incite others to engage in unlawful or inappropriate behaviour —for example, targeting an APS employee?

e. Context

What are the circumstances surrounding the online posting? For example, does it stem from an interaction or conflict a client has had with an agency (or an employee), a decision that an agency has made, or the more general concerns of a member of the public about the agency and/or government policy?

Does the client appear to have a legitimate grievance? If so, steps should be taken to rectify the matter, even if the client ’s actions seem to be disproportionate to the circumstances. In these cases, agencies need to consider how best to address the client ’s concern without appearing to condone the manner in which the concern was raised.

What is the timing of the online content? For example, has it been created at a time when the agency (or an APS employee within the agency) is under unusual public or media scrutiny? If so, a response may be needed to correct factual information.

Has the online content been inappropriately obtained —for example, is it based on information that has been obtained or disclosed unlawfully?
Once the content has been assessed, agencies will need to make a decision about whether they should respond, and, if so, whether the response should be public or private. a. If a response is needed
Reasons for responding to inappropriate online content include that:
 the agency needs to correct the public record because there is a significant risk that the online content could mislead others (e.g. if the material contains gross misrepresentations about an APS employee, or is significantly misinformed)
 it is inflammatory, offensive, or unlawful
 it could cause significant reputational or psychological harm to an employee
 it discloses personal information about an employee or their family
 it could give rise to legal or WH&S liability if it is not acted on
 it is highly visible and accessible, or has ‘gone viral’ or is likely to do so
 it is having a significant impact on the workplace, or relationships between colleagues or with clients
 it undermines the agency ’s operations.
Any dealings an agency has with clients and other members of the public must be consistent with the APS Values, Employment Principles, and Code of Conduct. This includes any response made publicly or privately to an instance of cyber-bullying. Agencies may wish to consider the
Australian Public Service Commissioner ’s Directions 2013 on the application of the APS Values when considering how to frame a response in an instance of cyber-bullying.
Agencies must also be mindful of their obligations under the Privacy Act 1988, including those relating to the way they use and disclose personal information, in responding to cyber-bullying.
Depending on the circumstances, it may be more appropriate to publish a general response online, rather than a response that addresses the facts of a particular case.
If it is determined that a response is required, the response should be as prompt as possible, in order to defuse the situation and before the material has a chance to be picked up and spread widely.
Responses can be made on the website or forum where the online content was discovered, on the agency website, blog, or social media page, or in an online newsletter or other official

agency communication channel. They can be made by email, telephone call, face-to-face interview, or in a letter.
Depending on the circumstances, agencies may also need to decide whether to notify police and/or seek legal advice. If an agency suspects that the client ’s conduct constitutes a crime, it will generally be appropriate for the agency to report the conduct to the Australian Federal
Police or to the relevant state police authorities. Refer to Part 6.5
of the guidance for information
on the legal remedies available to agencies and APS employees. b. Public or private response?
Public response
A public response may be appropriate if the online content is on a website that is highly visible and accessible, or includes false or misleading information. Public responses should:

be factual

be consistent with the APS Values and Employment Principles, the Code of Conduct, and other laws

offer to correct things if an agency or APS employees have done something wrong.
The public audience is more likely to judge the way an agency responds than the original comment. A poor agency response can do more damage to the agency ’s reputation than the posts themselves.
If the online content poses a significant risk of reputational harm to an employee, an agency may wish to consider providing the affected employee with a public message of support as part of the agency ’s response. Agencies may wish to correct factual errors or address the language and sentiments expressed by the person posting the comment. In publishing a message of this kind, agencies are advised to get the targeted employee ’s consent and to seek advice from their Privacy Contact Officer, or the Office of the Australian Information Commissioner .
Agencies should also take into account whether their response may further inflame the situation.
Once an agency has responded publicly, it may decide to shift to private responses or correspondence with the client —for example via email, telephone, or face-to-face communication. Social media and the internet can be poor platforms for problem-solving and there may be confidentiality and privacy issues that will need to be considered. For example, a public response might not be appropriate if the client is speaking on behalf of a third person and there is a risk of personal information about that person being discussed.
Private response
A private email or telephone call may be appropriate if the online content is not on a website with high traffic. A private response can be used:

to clarify matters, including where personal information about the client or another person is involved

when the client has misunderstood something and the agency needs to provide clarification without embarrassing the client

to give the client an opportunity to remove the online content before the agency takes more decisive action, such as contacting an internet service provider to seek removal of the content or contacting the police in cases where the conduct may constitute a crime.
Agencies should consider the possibility that a private response will be made public by the recipient and whether further action (e.g. a media release or alerting the Minister
’s Office to a high-profile case) is necessary in light of that possibility.

Both public and private responses
A more comprehensive strategy may be required if the online content has spread across the internet or through social media; targets specific APS employees; is unlawful; or appears to be credible. This strategy could include elements of both a public and private response, for example:

media releases or interviews

proactive outreach to relevant clients

corrective messaging in social media and/or on agency websites or blogs

a response in other relevant publications produced by the agency.
Generally speaking, unless the response is also posted in the forum in which it originated, it may not have the effect of correcting the record for the audience engaged in the discussion.
c. No response needed
There may be circumstances in which an agency decides a response is not needed. Such circumstances may include where:

the comments constitute legitimate criticism or debate

the agency is concerned about threats to the employee and has referred the matter to the police

the only purpose that would be served would be to create controversy and/or invite media interest

any reasonable person looking at the comment would likely consider it to be far-fetched and not credible

it does not violate any laws and would not raise any duty of care, WH&S, or legal issues for agencies if it is not acted on

it is not located on a website that is highly accessible or visible to others

it is unlikely to cause reputational or psychological harm, or affect the workplace environment or a particular employee in any significant way.
If an agency decides that a response is not needed, it would nevertheless be prudent to copy the content and make a record of the incident, and the reasons for the agency taking no further action, and monitor the site in case circumstances change. d. Employees responding in a personal capacity
Employees who experience cyber-bullying may wish to respond personally to comments made about them. Agencies are advised to canvas this eventuality in any protocols or guidance they develop. APS employees are bound by the APS Values, Employment Principles, and Code of
Conduct in responding personally to online comments about them —including the requirements in the APS Values to be professional and respectful. Agencies should support their staff in making good decisions about whether (and, if so, how) to respond personally to online harassment.
There is no single answer to the question of whether employees should respond personally to cyber-bullying. Agencies may wish to advise their employees not to do so at all, or, alternatively, may issue advice to employees about how to respond appropriately, including what steps to take to remove inappropriate or offensive content posted online about individuals. It is important for employees to know, and to understand, the ramifications of a decision to respond personally.
After an incident of cyber-bullying has been dealt with, agencies may wish to continue monitoring the website where the content was located, to see if there are any new comments relating to the original posting, or any further posts of a similar kind. Agencies may also wish to check if the content has been picked up elsewhere.

In cases where it appears the client has made a legitimate complaint, agencies should consider following up with the client to make sure that the agency has satisfactorily addressed their concerns. By keeping in touch with the client, agencies demonstrate accountability and responsiveness, and increase the likelihood that a client will contact the agency in the first instance if subsequent issues arise.
Agencies who publish client service charters often take a proactive approach by making clear their expectations of clients. For example, agencies might provide a statement about the way the agency will treat clients in all dealings, including online, and may also include a statement that sets out how the agency expects clients to treat its employees —e.g. with respect and courtesy. Agencies may wish to update their service charters to make clear that these expectations extend to any online communications.
Agencies may need to consider a less personalised approach, where necessary, to service delivery, in which APS employees are not identified by name, and where emails to agency clients come from a generic mailbox rather than a personal address. It may be appropriate for agencies to divert offensive emails to a single source to minimise the impact on staff.
Depending on its business or client base, agencies will need to exercise judgement in this regard, noting the need to balance professional and efficient service delivery with the need to ensure the safety and well-being of employees.
Agencies engaging in social media should have a moderation policy in place that sets out the agency ’s terms of use for the website, blog, Facebook page, etc., and the steps the agency will take to ensure that posts are consistent with those terms (such as publishing posts only after they have been checked by agency staff). Agencies should train relevant staff on moderation procedures.
12
Agencies should also encourage employees to manage their personal online presence —for example, by encouraging them to consider whether to include personal information such as names and contact details (including personal mobile phone numbers) in communicating with the public. It may also be appropriate for employees to consider removing personal online details and public photos to protect themselves from malicious attacks using their personal information.
Where a comment has been made online that is offensive or threatening, or which contains personal information about an employee, it may be appropriate to notify the internet service provider or the host of the website or the social media platform on which the comment has been posted. Agencies should view the ‘acceptable use’ guidelines (or terms and conditions) provided by the internet service provider, website or social media platform first, so that they know whether the comment breaches its policies. Agencies can escalate issues with the service provider and request that they remove the inappropriate content, or at least the names of agency employees, citing the service provider ’s policies where relevant.

While there is no guarantee that the service provider will remove the inappropriate content — especially if the website is hosted overseas —it may still be important to bring these matters to their attention. Among other things, should the matter escalate, this will allow agencies to provide evidence of the steps taken to try to resolve the matter.
The Cooperative Arrangement for Complaints Handling on Social Networking Sites agreed to by companies such as Facebook, Google (YouTube), Yahoo!, and Microsoft, provides information on the complaints handling approaches of many social networking sites.
In addition, the Department of Communications has developed the Easy Guide to Socialising
Online , which provides information about the cybersafety features of different sites, including social networking sites, search engines, and online games. This is a helpful tool that provides information about privacy settings and how to report cyber-bullying and inappropriate content on the sites listed in the guide.
Legal remedies may be available depending on the circumstances, and particularly in situations of apprehended or actual violence, threats, intimidation, stalking, or other unlawful conduct by members of the public. In many cases it will be appropriate to pursue other mechanisms first, but, should these fail, legal remedies may be available under Commonwealth statutes, including the:
Racial Discrimination Act 1975 (Cth)
Criminal Code Act 1995 (Cth) in particular, sections:

147.1
—Causing harm to a Commonwealth public official

147.2
—Threatening to cause harm to a Commonwealth public official

149.1
—Obstruction of Commonwealth public official (including intimidation)

474.14
—Using a telecommunications network with intention to commit a serious offence

474.15
—Using a carriage service to make a threat (to kill or cause serious harm to another person)

474.16
—Using a carriage service for a hoax threat

474.17
—Using a carriage service to menace, harass, or cause offence
Mechanisms may also be available to agencies and employees under state criminal laws, including laws relating to stalking, or under other laws relating to protection or apprehended violence orders, privacy, and discrimination.
Agencies may assist employees to obtain a restraining order, institute other legal proceedings, and to defend actions brought against them for reasons related to their employment, where the employee has acted reasonably and responsibly. Such assistance must be consistent with
Appendix E of the Legal Services Directions 2005 , which states:
Assistance to employees as plaintiffs
19. Except in the case of actions for defamation, expenditure to assist an employee to institute proceedings in a matter arising from their employment may be approved where this is in the interests of the Commonwealth. For example, it may be appropriate to assist an employee to seek a restraining order against a person arising from alleged harassment in the workplace.

20. Expenditure is not to be approved to assist an employee to institute proceedings for defamation arising in the course of the performance of their duties (either for representation or the payment of legal costs). Similarly, assistance is not to be provided for any other action relating to alleged defamation, such as assistance to uphold a person ’s reputation, legally challenge comments damaging to a person’s reputation, or in obtaining an apology (as distinct from a letter merely seeking to correct the record). The policy is the same even if the employee offers to pay to the Commonwealth any damages which they may receive. (Funding defamation proceedings could give rise to a public perception that the Government was seeking to prevent legitimate criticism.)
If an agency does not provide an APS employee with assistance to institute proceedings, the employee nevertheless has the same rights as other members of the community to pursue legal action privately, although they should be advised to seek legal advice before pursuing this course of action.

1. Australian Electoral Commission. Silent Electors. Retrieved from http://www.aec.gov.au/Enrolling_to_vote/Special_Category/Silent_Electors.htm
.
2. Australian Human Rights Commission. Cyber-bullying, Human Rights and Bystanders.
Retrieved from https://bullying.humanrights.gov.au/cyberbullying-human-rights-andbystanders .
3. Australian Public Service Commission. APS Values and Code of Conduct in Practice: a guide to official conduct for APS employees and agency heads. Retrieved from http://www.apsc.gov.au/aps-employment-policy-and-advice/aps-values-and-code-ofconduct/aps-values-and-code-of-conduct-in-practice .
4. Australian Public Service Commission. Circular 2012/1: Revisions to the Commission
’s guidance on making public comments and participating online . Retrieved from http://www.apsc.gov.au/publications-and-media/circulars-and-advices/2012/circular-20121 .
5. Australian Public Service Commission. Respect: Promoting a culture free from harassment and bullying in the APS.
Retrieved from http://www.apsc.gov.au/publications-andmedia/current-publications/respect-building-a-positive-work-environment .
6. Australian Public Service Commission. 2011-12 State of the Service Report . Page 67.
Retrieved from http://www.apsc.gov.au/about-the-apsc/parliamentary/state-of-theservice/new-sosr .
7. Australian Public Service Commission and Comcare. Working Together: Promoting mental health and wellbeing at work. Retrieved from http://www.apsc.gov.au/publications-andmedia/current-publications/mental-health .
8. Australian Public Service Commissioner ’s Directions 2013 .
9. Criminal Code Act 1995 .
10. Department of Communications. The Cooperative Arrangements for Complaints Handling on Social Networking Sites.
Retrieved from http://www.communications.gov.au/online_safety_and_security/cyber_safety .
11. Department of Communications. The Easy Guide to Socialising Online.
Retrieved from http://www.communications.gov.au/easyguide/social_networking .
12. Edith Cowan University. 2009. Review of Existing Australian and International Cyber-Safety
Research , Child Health Promotion Research Centre, page 31. Retrieved from http://www.communications.gov.au/funding_and_programs/cyber_safety/cybersafety_resear ch .
13. Legal Services Directions 2005 .
14. National Centre Against Bullying. Bullying Advice Centre. Retrieved from http://www.ncab.org.au/fourkindsofbullying .
15. NSW Ombudsman. 2012. Managing Unreasonable Complainant Conduct Practice Manual
(2 nd Edition), Chapter 21 and Appendix 9. Retrieved from http://www.ombo.nsw.gov.au/news-and-publications/publications/guidelines/state-and-localgovernment/unreasonable-complainant-conduct-manual-2012 .

16. Office of the Australian Information Commissioner. OAIC Blog —Moderation Policy .
Retrieved from http://oaic.govspace.gov.au/moderation/ .
17. Privacy Act 1988 .
18. Public Service Act 1999 .
19. Racial Discrimination Act 1975 .
20. Safe Work Australia. 2011. How to Manage Work Health and Safety Risks —Code of
Practice. Retrieved from http://www.safeworkaustralia.gov.au/sites/swa/about/publications/pages/manage-whs-riskscop .
21. Work Health and Safety Act 2011 .

Discover
Find inappropriate comments or content about an employee online.
Keep records.
Support staff
Support affected staff as necessary and appropriate—e.g. counselling support.
Should agencies take steps to have the comments removed, have the author blocked (if possible)?
Is a response needed or any other action required?
Consider the following:
Does it contain legitimate criticism or is it purely malicious?
Does it contain personal information about an APS employee?
Does it contain obscene content?
Does it contain threats?
Is it contrary to law?
Can content be in violation of’terms and conditions'?
Could it impact on employee's physical/ psychological health and safety?
Could it impact on agency's/employee's reputation, or affect workplace cohesion or relationships?
Have the comments had an adverse effect on employee or their family?
Is the client hijacking the communication stream?
Is it on a highly visible and accessible website?
Has it gone viral (or is it likely to)?
Does it appear to come from a credible source?
Is it intended to embarrass or humilate?
Is it part of a smear campaign or a publicity stunt?
Does it seek to incite/influence others?
What are the circumstances surrounding the comment/content?
Does there appear to be a legitimate grievance?
What is the timing of the content?
Has the content been inappropriately obtained ?
Yes
Public response? Private response?
Both public or private responses?
Notify police or pursue legal options?
No
Keep record of negative comment/content if it is sufficiently serious.
Follow up with the client—e.g. if they had a legitimate issue.
Continue monitoring the internet for negative and/or inappropriate content.
*This flowchart has been adapted from Appendix 9 of the NSW Ombudsman ’s publication,
Managing Unreasonable Complainant Conduct Practice Manual (2 nd Edition), 2012, page 130.
** Evaluate considerations to determine if an agency response is needed.

Attachment B
is a flowchart for managing inappropriate online conduct by clients or members of
the public. These steps are explained in Part 5 (Managing inappropriate online conduct by
members of the public).
Step 1 Monitor and Record
Find negative or inappropriate comments or content about an employee online. Keep records.
Step 2 Support Staff
Support affected staff as necessary and appropriate. For example, counselling support.
Step 3 Evaluate
Evaluate considerations (i.e. content, impact, visibility and credibility, apparent purpose/objective and context).
Step 4 Act
Is a response needed (i.e. public, private, both or no response)?
Step 5 Follow-up
Follow up with the client. Continue monitoring the internet for negative and/or inappropriate content.
1 The Australian Public Service Commission would like to thank the NSW Ombudsman ’s Office for allowing the use of Chapter 21 of its Managing Unreasonable Complainant Conduct Practice Manual (2 nd
Edition) in preparing and adapting this guidance material for the Australian Public Service.
2 For the purposes of this guide, the general term ‘member of the public’ is used. This includes members of the general population, clients, non-APS employees, former employees, vendors, contractors, journalists, etc. For ease of reference in this guide, the term ‘client’ and ‘member of the public’ are used interchangeably.
3 National Centre Against Bullying website. See Bullying Advice Centre .
4 The 2011-12 State of the Service Report acknowledges very few APS employees (1%) reported being subjected to cyber-bullying in the past 12 months as a result of their APS work. For the few APS employees who reporting being cyber-bullied, other APS employees were most commonly cited as being responsible (50% of incidents), followed by members of the general public (29%), and then clients, customers, and stakeholders (23%).
5 Australian Human Rights Commission website. See Cyberbullying, Human rights and bystanders .
6 Edith Cowan University. 2009. Review of Existing Australian and International Cyber-Safety Research ,
Child Health Promotion Research Centre, page 31.
7 Australian Human Rights Commission website. See Cyberbullying, Human rights and bystanders .
8 An officer in Subsection 247(1) of the Work Health and Safety Act 2011 ( ‘the WH&S Act’) , is defined as a person who makes, or participates in making, decisions that affect the whole, or a substantial part, of a business or undertaking of the Commonwealth.
9 Safe Work Australia. 2011. How to Manage Work Health and Safety Risks —Code of Practice . This
Code of Practice provides further guidance on the risk management process.
10 For more information on becoming a silent elector, contact the Australian Electoral Commission.
11 The Australian Public Service Commission would like to thank the NSW Ombudsman ’s Office for allowing the use of Appendix 9 (page 130) of its Managing Unreasonable Complainant Conduct Practice
Manual (2 nd Edition) in preparing and adapting this flowchart for the Australian Public Service.
12 See, for example, the Office of the Australian Information Commissioner, Moderation Policy | OAIC
Blog .