Part 4 of the Privacy and Data Protection Act 2014 (Vic), protective data security, focuses on public sector information and maintaining its:
- confidentiality (information is accessed by the right people);
- integrity (information is accurate, complete and up to date); and
- availability (people have timely and reliable access to information).
This is achieved through the implementation of protective measures across governance and the four security domains:
- Governance (e.g. executive sponsorship of and investment in security management, utilising a risk based approach, security policies and procedures, training, business continuity, security incident management, external party engagement and oversight).
- Information security (e.g. protection of information across the information lifecycle from when it is created to when it is disposed or destroyed).
- Personnel security (e.g. engagement and ongoing management to ensure the continued eligibility and suitability of people accessing official information).
- ICT security (e.g. secure communications and technology systems processing or storing information).
- Physical security (e.g. secure physical environment i.e. facilities, equipment and services and the application of physical security measures to protect information).
This means that any official information an organisation holds is protected from unauthorised access, disclosure and use.