In Victoria, there are three main laws that protect your information privacy rights:
- The Privacy and Data Protection Act 2014 (Vic) (PDP Act)
- The Health Records Act 2001 (Vic)
- The Privacy Act 1988 (Cth)
The Privacy and Data Protection Act 2014 (Vic)
The PDP Act is a Victorian law that protects the privacy of your personal information when it is handled by Victorian public sector organisations, including Victorian government departments, local councils, statutory offices, government schools, universities and TAFEs. The PDP Act can also protect your personal information when it is handled by private or community sector organisations who are carrying out functions for or on behalf of a Victorian public sector organisation. The PDP Act is administered by this office.
The Health Records Act 2001 (Vic)
The Health Records Act 2001 (Vic) is a Victorian law that protects health information that is held by public and private health service providers in Victoria. This includes doctors, hospitals and pharmacists, as well as any other organisation that holds your health information, such as fitness centres and employers. The Health Records Act 2001 (Vic) is administered by the Health Complaints Commissioner.
The Privacy Act 1988 (Cth)
The Privacy Act 1988 (Cth) is a national law that protects personal information that is collected and handled by Federal Government organisations, such as Centrelink and the Australian Tax Office, and some private organisations, such as banks and telecommunications providers. The Privacy Act 1988 (Cth) is administered by the Office of the Australian Information Commissioner .
How the Privacy and Data Protection Act 2014 (Vic) protects your information privacy rights
The PDP Act requires Victorian public sector organisations to comply with ten Information Privacy Principles (IPPs), which outline how they must collect, manage, use and disclose personal information, and gives you a right to complain if you think that an organisation has breached one of the IPPs. You can read more about making a complaint here.
In order to comply with the IPPs, Victorian government organisations must:
- only collect your personal information if it is necessary to do their work, for example in order for you to get your drivers licence, to pay council rates or to enrol in a government school.
- Tell you:
- Why they are asking for your information and what they are going to do with it
- What law, if any, allows them to ask for your information
- Who else will see your information
- What will happen if you don’t provide your information, and
- How you can see information that is about you, and correct it if it is wrong or needs updating.
- Take reasonable steps to keep information about you accurate, complete and up-to-date.
- Only use or disclose information about you for the reason it was collected, or for a related purpose you would reasonably expect. In some situations the law also allows your information to be used for other reasons, such as to protect your safety or for law enforcement purposes.
- Take reasonable steps to keep your personal information safe and make sure it is not lost or misused.
You can read more about the IPPs here.
If you need help interpreting the IPPs, or understanding how they may apply in a specific situation, you can contact us.
What to do if you believe your personal information has been mishandled
If you think that your personal information has been mishandled by a Victorian government organisation, you should make a complaint to the organisation directly. If that doesn’t work, you can bring your complaint to us.
Need help or more information?
If you need further information or help, you can contact us. Our staff can:
- Answer your questions and give you more information
- Help you put your complaint in writing
- Help you and the organisation to talk about the problem, and
- Put you in contact with another office that can help if needed.
There is no cost for advice and help. Free interpreting and translating services are used if needed.