August 2019 Reporting
Following the submission of High level Protective Data Security Plans to OVIC in August 2018, agencies have completed the first reporting period of the Victorian Protective Data Security Framework (The Framework).
While OVIC analyses these submissions, your agency’s protective data security obligations under the Framework remain unchanged. This includes reporting obligations under Standard 12.
Agencies must submit their 2019 attestation to OVIC by the 30th of August, 2019.
For more information about the August 2019 reporting requirements, please see the letter from the Victorian Information Commissioner to agencies sent on 15th of April, 2019.
August 2018 Reporting
All agencies that are subject to Part 4 of the Privacy and Data Protection Act 2014 (Vic) are required to submit information about their implementation of the VPDSS.
Agencies must submit a high-level Protective Data Security Plan (PDSP) and attestation.
The first round of reporting is due by 31 August 2018, and follow-up reports must be submitted every two years thereafter (or sooner if there is significant organisational change).
For more information about the August 2018 reporting deadline, please see the letter from the Victorian Information Commissioner to Departmental Secretaries, CenITex and Victoria Police sent on 27 February 2018.
Option 1 – Single Organisation
An organisation may submit a high level PDSP and provide an attestation on its own behalf.
These organisations should use the High Level Protective Data Security Plan – Single Organisation template.
Option 2 – Multiple Organisations
An organisation may submit a consolidated high level PDSP and provide an attestation on its own behalf, and for and on behalf of one or more additional public sector agencies or bodies.
The multiple organisation model may be used in a portfolio setting where agencies or bodies fall within the portfolio of responsibilities of a Department, or where a number of organisations of a similar form or function choose to consolidate their reporting efforts.
These organisations should use the High Level Protective Data Security Plan – Multiple Organisation template.
Note. We not mandate the use of any particular approach, with the selection of either reporting option residing with each organisation. We have published an information sheet ‘Attestation and Reporting Options’ explaining the options for completing a high level PDSP.
Please see the instructions on the PDSP submission process.