Privacy resources

Guidelines to the Information Privacy Principles

These Guidelines provide comprehensive guidance on interpreting and applying the Information Privacy Principles.

Privacy Impact Assessment Template

This template helps assess the privacy impacts of a program or project, and identify privacy risks and mitigation strategies.

Guidelines to the Information Privacy Principles

These Guidelines provide comprehensive guidance on understanding, interpreting and applying the Information Privacy Principles.

Information Privacy Principles - Full Text

This page contains the full text of the Information Privacy Principles contained in Schedule 1 of the Privacy and Data Protection Act 2014.

Information Privacy Principles - Short Guide

This resource provides a short summary and overview of each of the Information Privacy Principles, along with an image of the information lifecycle.

Information Privacy Principle 2 Pocket Guide

This resource assists organisations to navigate the use and disclosure of personal information under Information Privacy Principle 2.

Privacy Officer Toolkit

The Privacy Officer Toolkit includes 16 sections containing resources that privacy officers need day-to-day, in one easily accessible place.

Privacy Management Framework

This Framework provides guidance on the policies and procedures that promote good privacy practices within an organisation.

Privacy by Design

This resource provides an overview of Privacy by Design and explains how and why it is helpful for the community and for Victorian public sector organisations.

Understanding Culturally Diverse Privacy

This resource details important considerations when collecting, using and disclosing personal information of Aboriginal and Torres Strait Islander individuals.

Information Sharing and Privacy

This resource provides practical guidance to Victorian public sector organisations on how to share personal information under the Privacy and Data Protection Act 2014.

Child Information Sharing Scheme and Privacy

This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Child Information Sharing Scheme.

Family Violence Information Sharing Scheme and Privacy

This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Family Violence Information Sharing Scheme.

Information Sharing for Quality and Safety Purposes

This resource outlines the obligations of health service entities when sharing confidential information within the health system under Part 6B of the Health Services Act 1988.

Managing the Privacy Impacts of a Data Breach

This guide assists organisations subject to the PDP Act to prepare for and respond to the privacy implications of data breaches that involve personal information.

Form for Reporting a Breach to OVIC

This form is designed to help organisations report a privacy breach to OVIC so that we can respond to any enquiries relating to the breach.

Tips to Reduce Data Breaches when Sending Emails

This resource sets out what organisations and employees can do to reduce the chances of information being inadvertently disclosed when sending emails.

Phishing Attacks and How to Protect Against Them

This resource explains what phishing attacks are, how to identify them, and steps organisations and employees can take to protect themselves.

Complaints at OVIC - Guide for Respondents

This resource provides an overview for respondents of the complaints process this office takes when handling privacy complaints.

Assessing compensation claims for loss in privacy complaints

This guidance assists parties in privacy complaints where an interference with privacy has been established and the individual seeks compensation to resolve the complaint.

Complaints at VCAT

This resource provides an overview of the complaints process the Victorian Civil and Administrative Tribunal takes when handling privacy complaints.

An Introduction to De-Identification

This resource introduces de-identification, what it is, when it can be used, how it works, and the risks and challenges of de-identification in relation to privacy.

The Limitations of De-Identification

This resource comprehensively details the limitations of de-identification in circumstances where so-called ‘de-identified’ data is made freely and publicly available.

Watch a video presentation on de-identification

Watch this 30 minute presentation on Vimeo for practical guidance on what to consider when de-identifying public sector information.

Privacy Impact Assessment Guide

This resource contains information and guidance on undertaking a privacy impact assessment and completing the privacy impact assessment template.

Privacy Impact Assessment Template

This template was designed to help assess the privacy impacts of a program or project, and identify potential privacy risks and risk mitigation strategies.

Executive buy-in for privacy impact assessments

This resource provides tips for advocating the benefits of privacy impact assessments and gaining executive buy-in to incorporate them into normal business practice.

Artificial Intelligence - Understanding Privacy Obligations

This resource details how to collect, use, and handle personal information when using artificial intelligence systems or solutions in the public sector.

Artificial Intelligence and Privacy - Issues and Challenges

This resource details the privacy challenges and issues associated with public sector organisations utilising artificial intelligence technology or solutions.

Closer to the Machine - Artificial Intelligence eBook

This eBook authored by eight experts provides a comprehensive insight into the technical, social, and legal aspects of using artificial intelligence in the public sector.

Biometrics and Privacy - Issues and Challenges

This resource details the privacy challenges and issues associated with public sector organisations utilising biometric technology or solutions.

Internet of Things and Privacy - Issues and Challenges

This resource details the privacy challenges and issues associated with public sector organisations utilising Internet of Things technology or solutions.

Guiding Principles for Surveillance

These Principles and accompanying Checklist support organisations to identify and evaluate surveillance practices and take a privacy and human rights enhancing approach.

Engaging Contracted Service Providers

This resource assists organisations and their contracted service providers to effectively manage the privacy and information security in outsourcing arrangements.

Engaging Contracted Service Providers - Checklist

This checklist outlines considerations for organisations at each stage of an outsourcing arrangement to determine whether it meets privacy and security obligations.

Transborder Data Flows of Personal Information

This resource contains model contractual terms designed to protect personal information when it is transferred outside Victoria.

Privacy Policies

This resource provides guidance on developing a privacy policy, including what a collection notice is, its purpose, and what it should contain.

Collection Notices

This resource provides guidance on developing a collection notice, including what a collection notice is, its purpose, and what it should contain.

IPP 5 Self Assessment Tool

This self-assessment tool is designed to assist organisations to develop and review their privacy policies and meet their obligations under Information Privacy Principle 5.

Privacy During Recruitment

This resource provides general guidance to Victorian public sector employers on their privacy obligations when undertaking a recruitment process.

Privacy During Employment

This resource provides general guidance to Victorian public sector employers on the privacy obligations the owe to their employees throughout their employment.

Social Media and Privacy

This resource contains commonly asked questions about the interaction between privacy and using social media tools in the Victorian public sector.

Tips for Working Remotely and Protecting Privacy

This resource outlines tips to help public sector employees to secure their organisation’s information and ensure that the privacy rights of all are upheld when working remotely.

Collaboration Tools and Privacy

This resource outlines privacy, security and record-keeping considerations when implementing and using collaboration tools including instant messaging and videoconferencing.

Privacy Case Notes

These case notes provide a summary of key facts, findings and learnings from court and tribunal cases that may be relevant to organisations.

EU General Data Protection Regulation

This resource provides guidance to organisations on when the GDPR may apply, key themes in the GDPR, and how the GDPR compares with the Information Privacy Principles.

Privacy Considerations for Local Government

This resource addresses some common enquiries Victorian local councils have in relation to their privacy obligations under the PDP Act.

Gender Equality Act 2020 and Privacy

This resource discusses privacy considerations for defined entities when complying with their obligations under the Gender Equality Act 2020.

Apply to depart from the IPPs

This page contains guidance on making an application and lists applications made by organisation to permit non-compliance with the Information Privacy Principles.

Submissions made to consultations

This page lists submissions made on initiatives or projects that impact on information privacy, freedom of information, or information security.