Our purpose, functions, and activities
Our purpose and legislative functions
The Office of the Victorian Information Commissioner (OVIC) provides independent oversight of the Victorian public sector’s collection, use and disclosure of public sector information.
Our functions are set out in the Freedom of Information Act 1982 (FOI Act) and the Privacy and Data Protection Act 2014 (PDP Act).
The Freedom of Information Act 1982
Under the FOI Act, the key functions of OVIC include:
- promoting understanding and acceptance by agencies and the public of the FOI Act and its object;
- conducting reviews of decisions made by agencies and Ministers under the FOI Act;
- handling complaints made under the FOI Act;
- providing advice, education, and guidance to agencies and the public in relation to OVIC’s functions;
- developing and monitoring compliance with professional standards; and
- providing advice, education, and guidance to agencies and the public in relation to compliance with the professional standards.
The Privacy and Data Protection Act 2014
Under the PDP Act, the key functions of OVIC include:
- promoting awareness and understanding of the Information Privacy Principles (IPPs);
- receiving complaints about possible breaches of the IPPs by the Victorian public sector;
- conducting audits to assess compliance with the IPPs;
- undertaking research, issuing reports, guidelines and other materials with regard to information privacy;
- developing the Victorian Protective Data Security Framework;
- issuing protective data security standards and promoting their uptake by the Victorian public sector;
- conducting monitoring and assurance activities to assess compliance with those standards; and
- undertaking research, issuing reports, guidelines and other materials with regard to information security.
Functions and activities of our business areas
Our Public Access team is responsible for the case management of freedom of information review and complaint matters, monitoring compliance with the Professional Standards, and any other relevant matters arising from the FOI Act. The team uses communication and negotiation skills to attempt to successfully resolve review and complaint matters.
The Public Access team is also responsible for hosting our Information Access Series, a monthly seminar for FOI practitioners in the Victorian public sector.
The Public Access team can be contacted via firstname.lastname@example.org.
Our Privacy Guidance team exists to ensure that the human right to privacy is protected for all Victorians. The team does this by empowering Victorians to become aware of and to exercise their right to privacy, and by assisting public sector organisations to improve privacy practice by providing high quality and frank guidance.
The Privacy Guidance team develops privacy resources for the public and organisations, handles privacy complaints, data breach notifications, and privacy enquiries from organisations and the public. The team also manages our Privacy Roundtable, a forum comprising representatives from departments and agencies from various government sectors.
The Privacy Guidance team can be contacted via email@example.com.
Our Information Security Unit is responsible for the administration of Part 4 of the PDP Act. Part 4 of the PDP Act provides for the Victorian Protective Data Security Framework (VPDSF), Victorian Protective Data Security Standards (VPDSS), as well as a number of obligations for certain Victorian public entities.
The Information Security team develops guidance on the VPDSF, VPDSS, and other information security matters, handles enquires from organisations, and engages directly with organisations to build capability.
The team also manages the Victorian Information Security Network, a platform for stakeholders across government and industry to discuss information security issues and initiatives.
The Information Security team can be contacted via firstname.lastname@example.org.
Investigations and Assurance
The Investigations and Assurance team is responsible for planning and conducting assurance and compliance activities for under the PDP Act and the FOI Act, and developing our overall assurance and investigations program of work. The team works across all business areas, providing regulatory advice or undertaking regulatory action to current or emerging threats and issues across the privacy, public access, or information security landscapes.
The team also provides recommendations to agencies, and develops regulatory priorities each year that guides our regulatory action.
The Investigations and Assurance team can be contacted via email@example.com
The Policy team works to uphold all Victorians’ information rights and improve policy outcomes in privacy and public access spheres. The team does this by actively engaging with stakeholders, modelling best practice, and being a trusted source of knowledge for the Victorian public sector.
The team is responsible for a variety of activities that includes making submissions, researching and monitoring emerging technologies, developing guidance for organisations, reviewing and commenting on draft legislation, and consulting with organisations on initiatives. The Policy team is also responsible for leading key events throughout the year including Privacy Awareness Week, International Access to Information Day, and the Victorian Privacy Network, as well as managing the Public Access Agency Reference Group.
The Policy team can be contacted via firstname.lastname@example.org
Communications and Education
The Communications and Education team is responsible for informing key stakeholders about OVIC’s work. This involves designing and developing a range of publications, digital content, managing OVIC’s website and social media channels, and sending out a monthly newsletter to stakeholders.
The team is also responsible for the development and provision of education and awareness programs to Victorian public sector staff. This includes delivering free training programs, webinars, e-Learning modules, and guidance materials to build capability across FOI, privacy, and information security.
The team is also responsible for stakeholder management through designing, developing and implementing materials and hosting events for major campaigns including Privacy Awareness Week and International Access to Information Day.
Each year the Communications and Education team deploys a stakeholder engagement survey to measure and evaluate the effectiveness of OVIC’s engagement activities, and is responsible for project managing the annual report submitted to Parliament.
The Communications team can be contacted at email@example.com.
The Legal team provides independent legal advice and solutions to all business areas within OVIC. This work covers a range of topics including procurement processes and drafting service agreements, interpreting and applying legislation; case law research, policy queries, appearances at Courts or Tribunals, general strategy and guidance, and legal advice.
The Corporate team manages all aspects of the day-to-day corporate operations and administration of the OVIC. This includes human resources, financial, information technology and resource management. In addition, the team provides authoritative advice and expertise regarding corporate governance and leads the legislative reporting requirements.