Most common topics
This section contains links to guidance OVIC has produced on a range of common topics you are likely to encounter in your role as privacy officer.
One of the main privacy issues that arise for organisations is the question of whether they can share personal information they hold. Our guidance for sharing personal information aims to ensure that information sharing is conducted in ways that are consistent with privacy law.
Contracted service providers
It is important that your organisation ensures that third parties it engages will adequately protect personal information. Previous OVIC investigations have demonstrated the risks of failing to do this.
Our Guidelines for outsourcing comprise of a checklist and accompanying guide which aim to assist organisations and their contracted service providers to effectively manage the privacy and data security of information in outsourcing arrangements.
Transferring or storing data outside Victoria
OVIC’s Model Contract Terms for transborder data flows are designed to help organisations comply with IPP 9 by protecting personal information when it is transferred outside Victoria.
The Model Terms may be adopted (with or without adaptation) in your organisation’s contract with a recipient where personal information is transferred by your organisation outside Victoria.
CCTV and surveillance devices
OVIC’s guidelines to surveillance and privacy has been produced to offer organisations a set of best practice principles for using surveillance technologies in a privacy-enhancing way.
OVIC’s short guide on collaboration tools and privacy aims to assist VPS organisations to consider their privacy obligations when implementing and using collaboration tools, with a focus on instant messaging and videoconferencing tools.
Privacy in the workplace
Privacy plays an important role in the relationship between employer and employee. As such, OVIC has produced guidance to assist organisations to ensure they use personal information appropriately throughout the recruitment process and during employment.
Social media and privacy
OVIC’s short guide to social media and privacy contains commonly asked questions regarding information privacy and social media in the VPS. It is intended to assist organisations that are unsure about how to use social media tools effectively while upholding information privacy under the PDP Act.
Deidentification of data
See OVIC’s short guide to deidentification and privacy.
This guidance aims to provide a high-level overview de-identification is, with a focus on unit-level data that relates to specific individuals (rather than aggregated data). It looks at the meaning of de-identification, how it works, and the risks and challenges of de-identification in relation to privacy.