Skip to Content
From Monday 12 September 2020, OVIC's website will no longer be supported in Internet Explorer (IE).
We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.

New global report reveals Victorian government organisations’ commitment to privacy

The Global Privacy Enforcement Network (GPEN) has published the annual privacy sweep report providing a global analysis of organisations’ privacy practices.

The objective for the sweep was to analyse how organisations in various jurisdictions handle and respond to data breaches. The report also looked at how and if data breaches are reported to privacy regulators.

GPEN invited 1145 organisations to participate and received responses from 258 public and private-sector organisations across 16 jurisdictions.

This year’s privacy sweep found that 84 percent of organisations have systems in place for reporting data breaches, including an appointed team or group responsible for handling breaches.

The sweep also found organisations have high levels of awareness of relevant legal frameworks. In 12 of the 16 jurisdictions surveyed, data breach notification is mandatory. Almost all organisations were aware of the relevant legal framework, including reporting thresholds and timeframes.

As part of the sweep, the Office of the Victorian Information Commissioner (OVIC) surveyed 35 Victorian government organisations on their practices for recording and reporting data breaches and published a report on the findings.

Of the organisations who responded to OVIC’s survey, 83% reported that they undertake monitoring of their performance as part of their privacy obligations under the Privacy and Data Protection Act 2014 (Vic) (PDP Act). These results are considerably higher than the global average.

However, 33% of Victorian government organisations did not have a policy or procedure in place about reporting data breaches to the individuals affected and to OVIC. This compares to 16% globally.

“I’m pleased to see that most Victorian agencies have demonstrated their commitment to privacy by committing to voluntarily notify OVIC and affected individuals of personal information data breaches” said Information Commissioner Sven Bluemmel.

“I encourage agencies to review their data breach response plans based on the recommendations from this report, and to ensure they comply with their new obligations under the new Victorian Protective Data Security Standards”.

Under the new Victorian Protective Data Security Standards, Victorian government organisations are now required to notify OVIC of information security incidents that effect the confidentiality, integrity or availability of public sector information.

OVIC’s report details recommendations for Victorian government organisations to improve their data breach notification practices.

For media enquiries contact:

Simone Martin

t:         (03) 8684 7585
e:         simone.martin@ovic.vic.gov.au

For enquiries about privacy in Victoria contact:

Office of the Victorian Information Commissioner (OVIC)

t:          1300 006 842
e:         enquiries@ovic.vic.gov.au

For further background, please refer to:

For guidance on privacy and data breaches, see:

Related News

OVIC publishes audit report on managing personnel security risks during pre-engagement screening for VPS employees

The Victorian Public Sector (VPS) employs thousands of personnel who work across multiple organisations, carrying out a large number of… Continue Reading

60th Asia Pacific Privacy Authorities forum discusses privacy, regulation, enforcement and more.

The Office of the Australian Information Commissioner (OAIC) hosted the 60th Asia Pacific Privacy Authorities (APPA) forum from 30 November… Continue Reading

OVIC’s 2022-23 Annual Report tabled in Victorian Parliament

Then. Now. Next. OVIC’s 2022-23 annual report was tabled in the Victorian Parliament on Wednesday 4 October 2023. In 2022-23, Victorians made 48,117… Continue Reading
Back to top
Back to Top