OVIC has a number of investigative functions:
- Examine and audit — OVIC may examine the practices or audit the records of a regulated body to assess compliance with the IPPs. OVIC may conduct an examination or audit as a periodic assurance tool, to assess a potential privacy breach or to better understand an issue.
- Investigate and issue a Compliance Notice — Where OVIC identifies serious, flagrant or repeated breaches of the IPPs, OVIC may investigate and issue a Compliance Notice. A Compliance Notice is a notice requiring the regulated body to take specified action within a specified time to remedy breaches and comply with IPPs and the PDP Act.
- Investigate on own motion – OVIC can investigate how regulated bodies comply with the FOI Act.
This page contains reports of investigations, audits, and examinations.
Reports published by OVIC:
- Disclosure of myki travel information: investigation report and compliance notice, August 2019. Published with myki incident: lessons for organisations.
- Examination of Local Government Privacy Policies, May 2019. Published with IPP 5 Self Assessment Tool.
Reports published by OVIC predecessor agencies:
- Review of information governance in the Department of Health and Human Services, January 2017.
- Review of the Victoria Police Security Incident Management Framework and Practices, January 2017.
- Foodbowl Modernisation Project : report of an investigation into Goulburn-Murray Rural Water Corporation and the Northern Victorian Irrigation Renewal Project, February 2012.
- Mr C’s case : report of an investigation pursuant to Part 6 of the Information Privacy Act 2000 into Victoria Police and Department of Justice in relation to the security of personal information in the Law Enforcement Assistance Program (LEAP) and E*Justice databases, July 2006.
- Jenny’s case : report of an investigation into the Office of Police Integrity pursuant to Part 6 of the Information Privacy Act 2000, February 2006.