Whistleblower Protections and NDIS Providers


Authors: Tom Griffith, Sarah Johnson

Service: Employment & Labour | Whistleblower Protections
Sector: Not-for-Profit

The Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability has been receiving public submissions since July 2019, and whistleblowers are expected to play an important role in the Commission proceedings.

It is likely that submissions will be made by officers or employees of disability service providers who are registered under the NDIS.

There is an even higher likelihood that submissions may be made by people with disability who receive a support or a service from a disability service provider registered under the NDIS and/or their family members, carers, independent advocates or significant others.

It is therefore timely to recap providers’ obligations under the National Disability Insurance Scheme Act 2013 (NDIS Act) with respect to protected disclosures and  the relationship of those obligations to the recently introduced whistleblower protection provisions in the Corporations Act 2001 (Cth) (Corporations Act).  The NDIS Act and Corporations Act schemes operate in parallel and a single disclosure may qualify for protection under both statutes.

Application of each Scheme

The NDIS Act sets out the categories of people to whom disclosure must be made and other important preconditions, in order for the discloser to have protection.

It is important to note that the protected disclosure obligations apply to any NDIS provider including a partnership.  By contrast, the Corporations Act whistleblower scheme covers companies limited by guarantee and incorporated associations that are “trading corporations”, that is, organisations that are significantly or principally engaged in buying or selling goods or services.

Protected disclosures can be made about breaches of the NDIS Act by current employees of NDIS providers as well as by a participant who is receiving a support or service (or their family member, carer or significant other), and by a supplier of goods or services to the NDIS provider.  The extension of the NDIS Act whistleblower scheme to participants and their family and carers is a significant and additional dimension to whistleblower protections under other schemes, which cannot be overlooked in planning whistleblower arrangements. To qualify for protection under the NDIS Act, the discloser must inform the person to whom the disclosure is made of their name, have reasonable grounds to suspect a contravention of the NDIS Act by the NDIS provider, and must make the disclosure in good faith.

Protected disclosures under the Corporations Act whistleblower scheme can be made by a wider range of people (including former employees and volunteers) and regarding a wider range of conduct (including conduct that is lawful but “improper”).

Protected disclosures under the Corporations Act whistleblower scheme do not have to be made in good faith, and any unauthorised disclosure of the identity of the whistleblower is a criminal offence (making investigation of disclosures particularly difficult).  In addition, the Corporations Act scheme includes a mandatory requirement that all companies limited by guarantee and large proprietary companies have a policy on whistleblower protections with strict content requirements in place by 1 January 2020.

The disclosure must also be made to the relevant recipient. For the NDIS Act scheme, that is the Commissioner, the NDIA or a member of the key personnel of the NDIS provider.  For the Corporations Act whistleblower scheme, the disclosure must be made to ASIC, APRA or an officer or senior manager of the entity and additional recipients can be authorised (including a third-party confidential reporting hotline).


Both Acts also set out the relevant protections if a person makes a disclosure that qualifies for protection under the relevant Act:

  • they are not subject to civil or criminal liability for making the disclosure;
  • no contractual or other remedy may be enforced against the discloser on the basis of the disclosure;
  • a contract may not be terminated on the basis that the disclosure constitutes a breach of contract; and
  • qualified privilege (a specific defence) is available in defamation proceedings in respect of the disclosure, in the absence of malice.


Victimisation of disclosers is prohibited under the NDIS Act. In particular, a person may not intentionally cause or threaten to cause detriment to another person because that person or another person has made a disclosure under the NDIS Act.

Detriment in this context includes alteration or withdrawal of services to a participant, altering the ability for a nominee, carer, family member or significant other to contact a participant, preventing a person from receiving information that they would otherwise have been entitled to receive and, in the case of an employee, includes dismissal, alteration of an employee’s position and discrimination between the discloser and other employees of the provider.

Similar provisions regarding victimisation and the causing of detriment to the whistleblower appear in the Corporations Act.


Under both schemes, a person suffering damage from victimisation has the right to be compensated by the person that caused the damage.

Parallel Obligations

In addition to parallel obligations under the Corporations Act whistleblower scheme (for those corporate NDIS providers covered by that scheme) NDIS providers have obligations under the National Disability Insurance Scheme (Complaints Management and Resolution) Rules 2018 (Cth) to ensure that reasonable steps are taken to ensure that a person who makes a complaint, or a person with a disability affected by an issue raised in a complaint, is not adversely affected as a result of the making of a complaint.

For further guidance on whistleblower protection under the Corporations Act see previous articles published by Tim Lange and the Employment Relations team below or to discuss Royal Commission readiness more generally, please contact the authors.