Event recap: inaugural Victorian Privacy Network meeting
In October 2018, OVIC re-established the Victorian Privacy Network to bring together privacy and information management professionals across Victoria.
The first meeting took place on 21 November 2018 in the Melbourne CBD, attracting a fantastic turnout of people attending in person and via the live stream. This conference style event explored a range of interesting and diverse topics, bringing together an exciting range of guest speakers and panellists.
Sven Bluemmel, Victoria’s Information Commissioner opened the event by welcoming attendees and highlighting the importance of the Network as a channel to reach stakeholders across Victoria.
OVIC was delighted to have the following guest speakers present or participate in a panel discussion to launch the meeting of the re-established Victorian Privacy Network:
Victorian Auditor-General report – Security and Privacy of Surveillance Technologies in Public Places
Ben Hasker– Sector Director, Performance Audit, Victorian Auditor-General’s Office
Tony Brown– Senior Manager, Performance Audit, Victorian Auditor-General’s Office
Ben and Tony provided an interesting overview of the Security and Privacy of Surveillance Technologies in Public Placesaudit report, which looked at whether select Victorian councils’ CCTV surveillance practices are in line with the Privacy and Data Protection Act 2014 (Vic) (PDP Act). From a privacy and data protection perspective, the audit found the selected councils need to better protect the privacy of individuals by improving and testing physical security and access controls. The report can be accessed here for those wanting to learn more about the audit.
Privacy under the Health Records Act 2001
Ralph Haller-Trost – Assistant Commissioner Investigations, Legal and Policy, Health Complaints Commissioner
Felicity Lathrop – Health Complaints Commissioner
Ralph and Felicity discussed health privacy under the Health Records Act 2001 (Vic) (HR Act). They provided a helpful overview of the Health Complaints Commissioner’s functions, its complaint handling processes, and compliance notices under section 66 of the HR Act.
Panel discussion: Responding to data breaches
Moderated by OVIC’s Annan Boag, Assistant Commissioner, Privacy and Assurance, the panel consisted of:
- Juliette Cox – Director, Knowledge, Privacy and Records, Department of Education and Training
- David Cullen– Principal Advisor, Cyber Incident Management and Analysis, Department of Premier and Cabinet
- Veronica Scott– Special Counsel, Minter Ellison
- Dermot Dignam– Manager, Privacy Guidance, OVIC
Annan led the panel through several case studies, drawing on panel members’ experiences to provide hands on advice and guidance on responding to a data breach and the privacy implications involved. For example, one case study involved the accidental dissemination of a sensitive letter to the wrong recipient. Panellists provided practical insights into managing the breach, such as collecting and understanding the facts of the incident, risk assessment, containment, notification and reporting. The importance of ‘owning’ the incident by apologising and accepting fault for the breach was also a key message.
Reasonable security – Tips from the Information Security Team at OVIC
- Anthony Corso– Assistant Commissioner, Information Security, OVIC
- Laurencia Dimelow – Principal Advisor, Information Security, OVIC
Anthony and Laurencia discussed the relationship between information security and privacy, guiding us through OVIC’s risk based approach to protecting personal information and what it means to take ‘reasonable steps’ under Information Privacy Principle 4. Anthony and Laurencia highlighted the importance of reviewing the controls your organisation has in place to ensure they are, and remain, appropriate and effective.
Rachel Dixon, Victoria’s Privacy and Data Protection Deputy Commissioner closed the event by thanking attendees and noting the positives that the Victorian Privacy Network will bring in engaging with professionals across Victoria.
We would like to extend our thanks and appreciation to our guest speakers, panellists and everyone who attended the day or watched the live stream. We look forward to the next meeting in April 2019.
More information regarding the Victorian Privacy Network, including presentation slides and how to join the Network, can be accessed here.
A recording of the event is available on OVIC’s Periscope channel (please note there are two recordings from the morning and one afternoon recording).