Skip to Content

OVIC has activated its business continuity plan due to coronavirus (COVID-19) and staff are working remotely. We have published new guidance on coronavirus (COVID-19) and freedom of information, privacy and information security. Please contact us by email where possible, we ask for your patience during this time.

Investigations, Audits & Examinations

OVIC has a number of investigative functions:

Examine and audit — OVIC may examine the practices or audit the records of a regulated body to assess compliance with the IPPs. OVIC may conduct an examination or audit as a periodic assurance tool, to assess a potential privacy breach or to better understand an issue.
Investigate and issue a Compliance Notice — Where OVIC identifies serious, flagrant or repeated breaches of the IPPs, OVIC may investigate and issue a Compliance Notice. A Compliance Notice is a notice requiring the regulated body to take specified action within a specified time to remedy breaches and comply with IPPs and the PDP Act.
Investigate on own motion – OVIC can investigate how regulated bodies comply with the FOI Act.

This page contains reports of investigations, audits, and examinations.

Reports published by OVIC:

Disclosure of myki travel information: investigation report and compliance notice, August 2019. Published with myki incident: lessons for organisations.
Examination of Local Government Privacy Policies, May 2019. Published with IPP 5 Self Assessment Tool.

Reports published by OVIC predecessor agencies:

Review of information governance in the Department of Health and Human Services, January 2017.
Review of the Victoria Police Security Incident Management Framework and Practices, January 2017.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

You will need to confirm your subscription to our newsletter. An automated reply will be sent to your email address with a confirmation link.