OVIC has a number of investigative functions:
- Examine and audit — OVIC may examine the practices or audit the records of a regulated body to assess compliance with the IPPs. OVIC may conduct an examination or audit as a periodic assurance tool, to assess a potential privacy breach or to better understand an issue.
- Investigate and issue a Compliance Notice — Where OVIC identifies serious, flagrant or repeated breaches of the IPPs, OVIC may investigate and issue a Compliance Notice. A Compliance Notice is a notice requiring the regulated body to take specified action within a specified time to remedy breaches and comply with IPPs and the PDP Act.
- Investigate on own motion – OVIC can investigate how regulated bodies comply with the FOI Act.
This page contains reports of investigations, audits, and examinations.
Reports published by OVIC:
- Disclosure of myki travel information: investigation report and compliance notice, August 2019. Published with myki incident: lessons for organisations.
- Examination of Local Government Privacy Policies, May 2019. Published with IPP 5 Self Assessment Tool.