Skip to Content

Agency reporting obligations

August 2019 Reporting

Following the submission of High level Protective Data Security Plans to OVIC in August 2018, agencies have completed the first reporting period of the Victorian Protective Data Security Framework (The Framework).

While OVIC analyses these submissions, your agency’s protective data security obligations under the Framework remain unchanged. This includes reporting obligations under Standard 12.

Agencies must submit their 2019 attestation to OVIC by the 30th of August, 2019.

For more information about the August 2019 reporting requirements, please see the letter from the Victorian Information Commissioner to agencies sent on 15th of April, 2019.

Option 1 – Single Organisation 2019 Attestation Template

Option 2 – Multiple Organisation 2019 Attestation Template

August 2018 Reporting

All agencies that are subject to Part 4 of the Privacy and Data Protection Act 2014 (Vic) are required to submit information about their implementation of the VPDSS.

Agencies must submit a high-level Protective Data Security Plan (PDSP) and attestation.

The first round of reporting is due by 31 August 2018, and follow-up reports must be submitted every two years thereafter (or sooner if there is significant organisational change).

For more information about the August 2018 reporting deadline, please see the letter from the Victorian Information Commissioner to Departmental Secretaries, CenITex and Victoria Police sent on 27 February 2018.

Option 1 – Single Organisation

An organisation may submit a high level PDSP and provide an attestation on its own behalf.

These organisations should use the High Level Protective Data Security Plan – Single Organisation template.

Option 2 – Multiple Organisations

An organisation may submit a consolidated high level PDSP and provide an attestation on its own behalf, and for and on behalf of one or more additional public sector agencies or bodies.

The multiple organisation model may be used in a portfolio setting where agencies or bodies fall within the portfolio of responsibilities of a Department, or where a number of organisations of a similar form or function choose to consolidate their reporting efforts.

These organisations should use the High Level Protective Data Security Plan – Multiple Organisation template.

Note. We not mandate the use of any particular approach, with the selection of either reporting option residing with each organisation. We have published an information sheet ‘Attestation and Reporting Options’ explaining the options for completing a high level PDSP.

Submission process

Please see the instructions on the PDSP submission process.

See also:

Back to top

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

I'm interested in

You have Successfully Subscribed!

You will need to confirm your subscription to our newsletter. An automated reply will be sent to your email address with a confirmation link.