The Guidelines to the Information Privacy Principles (IPP Guidelines) explain how the Information Privacy Principles (IPPs) should be interpreted and applied. The IPPs are the core of privacy law in Victoria and set out the minimum standard for how Victorian public sector organisations should manage personal information.
IPP 1 – Collection
IPP 2 – Use and Disclosure
IPP 3 – Data Quality
IPP 4 – Data Security
IPP 5 – Openness
IPP 6 – Access and Correction
IPP 7 – Unique Identifiers
IPP 8 – Anonymity
IPP 9 – Transborder Data Flows
IPP 10 – Sensitive Information
Foreword to the 4th edition of the IPP Guidelines
This fourth edition of the Guidelines to the Information Privacy Principles (IPP Guidelines) marks five years since the passage of Victoria’s Privacy and Data Protection Act 2014 (Vic) (PDP Act). The update reflects the profound changes that have occurred in the privacy and information landscape, both locally and globally, since the Guidelines were last published under the Information Privacy Act 2000 (Vic) in 2011.
These changes include the establishment of the Office of the Victorian Information Commissioner (OVIC) in September 2017, which combined oversight of information privacy, information security and freedom of information in Victoria under one regulatory body. Legislative changes at state and national levels, in areas such as information sharing, recognise the growing importance of data for the work of government and industry. Technological developments continue to have important privacy and security implications, and challenge the principles underpinning information privacy. Around the world, public awareness of privacy has grown as individuals, organisations and governments alike become increasingly cognisant of the potential of personal information to deliver economic and social benefits.
We have also witnessed the potential for personal information to be compromised, with countless reports of data breaches in the media. Protecting the privacy and security of personal information is crucial in an environment where data sharing is both common and expected. The PDP Act and the Information Privacy Principles (IPPs) continue to remain crucial to the protection of Victorians’ privacy.
Resources and guidance materials for privacy practitioners need to be current. This is why we have decided to publish these Guidelines in a digital format. By publishing online we will be able to update the Guidelines as new developments occur and the sector’s experience in applying the IPPs grows, whether through enquiries and complaints that come to OVIC, determinations made at the Victorian Civil and Administrative Tribunal, or drawing on the experiences of other jurisdictions and regulators with similar privacy regimes.
This iteration of the Guidelines was made possible through the valuable contributions of many people. I thank all those who provided feedback during the public consultation on our draft chapters, as well as those who gave input into our working groups and consultations. I also thank staff members involved in the development of previous versions of the Guidelines. Finally, I would like to thank the OVIC staff involved in this update for their tireless dedication to the project: Anna Pollock, Fotinie Boolieris, Emily Arians, Tricia Asibal, Grace Appleford, Amy Leon, Annan Boag, and Rachel Dixon, the Privacy and Data Protection Deputy Commissioner who oversaw the project.
I trust you will find the Guidelines useful. As ever, the team at OVIC is happy to help with any questions you may have.
Sven Bluemmel
Information Commissioner
14 November 2019