Part 4 of the Privacy and Data Protection Act 2014 (Vic) outlines protective data security and focuses on public sector information maintaining its:
- confidentiality – information is accessed by the right people;
- integrity – information is accurate, complete and up to date; and
- availability – people have timely and reliable access to information.
This is achieved through the implementation of protective measures across:
- governance including executive sponsorship of and investment in security management, utilising a risk based approach, security policies and procedures, training, business continuity, security incident management, external party engagement and oversight;
- information security including protection of information across the information life cycle from when it is created to when it is disposed or destroyed;
- personnel security including. engagement and ongoing management to ensure the continued eligibility and suitability of people accessing official information;
- information and communication technology (ICT) security including secure communications and technology systems processing or storing information; and
- physical security including facilities, equipment and services and the application of physical security measures to protect information.
This means that any public sector information a Victorian public sector organisation holds is protected from unauthorised access, disclosure and use.