Skip to Content

- Read about what OVIC does, what we aim to achieve, who we work with and how you can work with us.
  
  What you can expect from us
  
  Our functions and activities
  
  Legislation we work with
  
  Regulatory action
  
  Stakeholder and regulatory networks
  
  Annual reports
- Find out more about who we are and how we are structured.
  
  Structure and Commissioners
  
  Our strategic plan
  
  Our policies and registers
  
  Gender equality action plan
- Read our publications and resources, news and media, reports and more.
  
  Research and reports
  
  Submissions
  
  News and media
  
  Consultant reports and publications
  
  More documents and resources
- Get in touch with us or follow our LinkedIn account for up-to-date information.
  
  Contact us
  
  Visit us on LinkedIn
  
  Subscribe to our Newsletter
  
  Make an FOI request to us
  
  Make a complaint about us
  
  Consulting with us
- For guidance and resources on how to interpret and administer the Freedom of Information Act 1982 (Vic) including how to process FOI requests, calculate access charges and more visit FOI resources for agencies.
  
  Popular FOI links
  
  Practice notes
  
  FOI Guidelines
  
  Review decisions by year
  
  Search review decision database
  
  Professional Standards
- For guidance and resources on privacy obligations including the Information Privacy Principles, how to undertake privacy impact assessments and more visit Privacy resources for organisations.
  
  Popular privacy links
  
  Privacy Officer Toolkit
  
  Information privacy principles
  
  Information sharing and privacy
  
  Managing the privacy impacts of a data breach
  
  Report a privacy breach
- For guidance and resources on how to protect public sector information including how to implement the Victorian Protective Data Security Framework and Standards and more visit Information security resources.
  
  Popular information security links
  
  Victorian Protective Data Security Framework
  
  Victorian Protective Data Security Standards
  
  Agency reporting obligations
  
  Notify OVIC of an information security incident
  
  Victorian Information Security Network
- International Access to Information Day
  
  Regulatory actions and investigations
  
  Learn about what we do
  
  News and media
  
  Annual reports
  
  Submissions
- In Victoria you have the right to access documents held by government, to ask for your personal information to be amended, to make a complaint about the handling of your FOI request and to request an independent review of an FOI decision. Visit FOI resources for individuals for more guidance on your FOI rights.
  
  How to make an FOI request
  
  Make an FOI request online
  
  Learn how to apply for an FOI review
  
  Learn how to make an FOI complaint
  
  Find the contact details of an agency
- In Victoria you have privacy rights when interacting with government organisations which limit what personal information can be collected, how it is used and disclosed. If you suspect your privacy rights have been breached by a Victorian government organisation you can make a complaint to OVIC. For more guidance on privacy rights visit privacy resources for individuals.
  
  Privacy resources for individuals
  
  Your privacy rights
  
  Make a privacy complaint
  
  Guidance on data breaches
- Learn more about OVIC including our functions, Commissioners and structure.
  
  News and media
  
  Annual reports
  
  Our strategic plan
  
  Gender equality action plan
Events & education

From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

Case study: Security and privacy of online forms

This case study outlines the information and security implications of when a Victorian Public Sector Organisation’s (agency) online complaint form was not configured and/or tested correctly.

The incident involved the agency’s online complaint form accidently leaking data from one complainant’s completed form to a subsequent user’s new form.

The incident was identified not through an active audit or detection program, but when an individual was presented with a pre-populated online complaint form. This pre-population inadvertently disclosed personal information from somebody else’s complaint form, a disclosure which was inconsistent with the Information Privacy Principles and public sector information obligations.

This case study identifies how the leak occurred, how it was fixed, and lessons for public sector organisations who use any type of online form to collect personal or sensitive information from their stakeholders.

__PRESENT

__PRESENT

__PRESENT__PRESENT

__PRESENT

Download

Case Study: Security and Privacy of Online Forms - PDF
Size 100.56 KB

Download

Analytics are switched on and you are providing de-identified analytics to help us improve the way our website works.

Switch off to opt out.

Analytics are switched off and you are not participating in our analytics program.

Switch on to help us improve our website.

How we use cookies for analytics

We use Matomo Analytics cookies to collect information from your browser about how you use our website. We use this information to improve OVIC's website and online resources. The information is collected in a way that does not identify anyone.

You may stop us from collecting this information by opting out of our analytics program.

For more information, please read our privacy statement.