New global report reveals Victorian government organisations’ commitment to privacy
The Global Privacy Enforcement Network (GPEN) has published the annual privacy sweep report providing a global analysis of organisations’ privacy practices.
The objective for the sweep was to analyse how organisations in various jurisdictions handle and respond to data breaches. The report also looked at how and if data breaches are reported to privacy regulators.
GPEN invited 1145 organisations to participate and received responses from 258 public and private-sector organisations across 16 jurisdictions.
This year’s privacy sweep found that 84 percent of organisations have systems in place for reporting data breaches, including an appointed team or group responsible for handling breaches.
The sweep also found organisations have high levels of awareness of relevant legal frameworks. In 12 of the 16 jurisdictions surveyed, data breach notification is mandatory. Almost all organisations were aware of the relevant legal framework, including reporting thresholds and timeframes.
As part of the sweep, the Office of the Victorian Information Commissioner (OVIC) surveyed 35 Victorian government organisations on their practices for recording and reporting data breaches and published a report on the findings.
Of the organisations who responded to OVIC’s survey, 83% reported that they undertake monitoring of their performance as part of their privacy obligations under the Privacy and Data Protection Act 2014 (Vic) (PDP Act). These results are considerably higher than the global average.
However, 33% of Victorian government organisations did not have a policy or procedure in place about reporting data breaches to the individuals affected and to OVIC. This compares to 16% globally.
“I’m pleased to see that most Victorian agencies have demonstrated their commitment to privacy by committing to voluntarily notify OVIC and affected individuals of personal information data breaches” said Information Commissioner Sven Bluemmel.
“I encourage agencies to review their data breach response plans based on the recommendations from this report, and to ensure they comply with their new obligations under the new Victorian Protective Data Security Standards”.
Under the new Victorian Protective Data Security Standards, Victorian government organisations are now required to notify OVIC of information security incidents that effect the confidentiality, integrity or availability of public sector information.
OVIC’s report details recommendations for Victorian government organisations to improve their data breach notification practices.
For media enquiries contact:
Simone Martin
t: (03) 8684 7585
e: simone.martin@ovic.vic.gov.au
For enquiries about privacy in Victoria contact:
Office of the Victorian Information Commissioner (OVIC)
t: 1300 006 842
e: enquiries@ovic.vic.gov.au
For further background, please refer to:
- GPEN Sweep International Report
- OVIC GPEN Sweep Report
- Blog post: GPEN Sweep reveals Victoria’s commitment to privacy
For guidance on privacy and data breaches, see:
- OVIC eLearning module – Managing the privacy impacts of data breaches
- OVIC guidance on data breach reporting
- OVIC Victorian Protective Data Security Standards
- Incident notification