Investigations, Audits & Examinations

OVIC has a number of investigative functions:

• Examine and audit — OVIC may examine the practices or audit the records of a regulated body to assess compliance with the IPPs. OVIC may conduct an examination or audit as a periodic assurance tool, to assess a potential privacy breach or to better understand an issue.
• Investigate and issue a Compliance Notice — Where OVIC identifies serious, flagrant or repeated breaches of the IPPs, OVIC may investigate and issue a Compliance Notice. A Compliance Notice is a notice requiring the regulated body to take specified action within a specified time to remedy breaches and comply with IPPs and the PDP Act.
• Investigate on own motion – OVIC can investigate how regulated bodies comply with the FOI Act.

This page contains reports of investigations, audits, and examinations.

Reports published by OVIC:

• Disclosure of myki travel information: investigation report and compliance notice, August 2019. Published with myki incident: lessons for organisations.
• Examination of Local Government Privacy Policies, May 2019. Published with IPP 5 Self Assessment Tool.

Reports published by OVIC predecessor agencies:

• Review of information governance in the Department of Health and Human Services, January 2017.
• Review of the Victoria Police Security Incident Management Framework and Practices, January 2017.