We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.
Reporting obligations hub
Latest updates
Information security and privacy incident notification form has been launched Updated 18/07/2023
Victorian public sector stakeholders has been updated Updated 23/02/2023
Information security tips for Class B Cemetery Trusts has been published Updated 26/07/2023
All Victorian public sector organisations subject to Part 4 of the Privacy and Data Protection Act 2014 have the following reporting obligations.
Attestation
Victorian public sector organisations must annually attest to the progress of activities identified in their Protective Data Security Plan (PDSP) submitted to OVIC.
Protective Data Security Plan
Victorian public sector organisations must submit a PDSP to OVIC at least every two years, or upon significant change.
Significant Change
When organisations experience a significant change to their operations the associated risks to their information assets and their protective data security obligations can change as a result.
Incident Notification
Organisations must notify OVIC of incidents with a business impact level (BIL) of 2 (limited) or higher that have an adverse impact on the confidentiality, integrity or availability of public sector information.
Information Security Resources
This page contains a suite of resources to assist in understanding and implementing the Victorian Protective Data Security Framework and the Victorian Protective Data Security Standards.
Contact us
If you need help, please contact us on 1300 006 842 (1300 00 OVIC) between 9am and 5pm, Monday to Friday or email us security@ovic.vic.gov.au