We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.
Privacy resources
This section contains resources and guidance to assist Victorian public sector organisations meet their privacy obligations under the Privacy and Data Protection Act 2014.
Latest updates
Privacy Case Notes has been updated Updated 23/04/2021
Top tasks
Guidelines to the Information Privacy Principles
These Guidelines provide comprehensive guidance on interpreting and applying the Information Privacy Principles.
Privacy Impact Assessment Template
This template was designed to help assess the privacy impacts of a program or project, and identify potential privacy risks and risk mitigation strategies.
Information Privacy Principles
Guidelines to the Information Privacy Principles These Guidelines provide comprehensive guidance on interpreting and applying the Information Privacy Principles.
Information Privacy Principles - Full Text This page contains the full text of the Information Privacy Principles contained in Schedule 1 of the Privacy and Data Protection Act 2014.
Information Privacy Principles - Short Guide This resource provides a short summary and overview of each of the Information Privacy Principles, along with an image of the information lifecycle.
Information Privacy Principle 2 Pocket Guide This resource assists organisations to navigate the use and disclosure of personal information under Information Privacy Principle 2.
Privacy Management Framework This Framework provides guidance on the policies and procedures that promote good privacy practices within an organisation.
Privacy by Design This resource provides an overview of Privacy by Design and explains how and why it is helpful for the community and for Victorian public sector organisations.
Understanding Culturally Diverse Privacy This resource details important considerations when collecting, using and disclosing personal information of Aboriginal and Torres Strait Islander individuals.
COVID-19 and Privacy Considerations This resource provides guidance to organisations and health providers on their privacy obligations when handling health information resulting from COVID-19.
Information Sharing and Privacy This resource provides practical guidance to Victorian public sector organisations on how to share personal information under the Privacy and Data Protection Act 2014.
Child Information Sharing Scheme and Privacy This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Child Information Sharing Scheme.
Family Violence Information Sharing Scheme and Privacy This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Family Violence Information Sharing Scheme.
Information Sharing for Quality and Safety Purposes This resource outlines the obligations of health service entities when sharing confidential information within the health system under Part 6B of the Health Services Act 1988.
Managing the Privacy Impacts of a Data Breach This guide assists organisations subject to the PDP Act to prepare for and respond to the privacy implications of data breaches that involve personal information.
Template for Reporting a Breach to OVIC This template is designed to help organisations report a privacy breach to OVIC so that we can respond to any enquiries relating to the breach.
Tips to Reduce Data Breaches when Sending Emails This resource sets out what organisations and employees can do to reduce the chances of information being inadvertently disclosed when sending emails.
Phishing Attacks and How to Protect Against Them This resource explains what phishing attacks are, how to identify them, and steps organisations and employees can take to protect themselves.
Complaints at OVIC - Guide for Respondents This resource provides an overview for respondents of the complaints process this office takes when handling privacy complaints.
Complaints at VCAT This resource provides an overview of the complaints process the Victorian Civil and Administrative Tribunal takes when handling privacy complaints.
An Introduction to De-Identification This resource introduces de-identification, what it is, when it can be used, how it works, and the risks and challenges of de-identification in relation to privacy.
The Limitations of De-Identification This resource comprehensively details the limitations of de-identification in circumstances where so-called ‘de-identified’ data is made freely and publicly available.
Privacy Impact Assessment Guide This resource contains information and guidance on undertaking a privacy impact assessment and completing the privacy impact assessment template.
Privacy Impact Assessment Template This template was designed to help assess the privacy impacts of a program or project, and identify potential privacy risks and risk mitigation strategies.
Executive buy-in for privacy impact assessments This resource provides tips for advocating the benefits of privacy impact assessments and gaining executive buy-in to incorporate them into normal business practice.
Artificial Intelligence - Understanding Privacy Obligations This resource details how to collect, use, and handle personal information when using artificial intelligence systems or solutions in the public sector.
Artificial Intelligence and Privacy - Issues and Challenges This resource details the privacy challenges and issues associated with public sector organisations utilising artificial intelligence technology or solutions.
Closer to the Machine - Artificial Intelligence eBook This eBook authored by eight experts provides a comprehensive insight into the technical, social, and legal aspects of using artificial intelligence in the public sector.
Biometrics and Privacy - Issues and Challenges This resource details the privacy challenges and issues associated with public sector organisations utilising biometric technology or solutions.
Internet of Things and Privacy - Issues and Challenges This resource details the privacy challenges and issues associated with public sector organisations utilising Internet of Things technology or solutions.
Surveillance and Privacy - Best Practice Principles This resource provides public sector organisations a set of best practice principles for using surveillance technologies in a privacy-enhancing way.
Engaging Contracted Service Providers This resource assists organisations and their contracted service providers to effectively manage the privacy and information security in outsourcing arrangements.
Engaging Contracted Service Providers - Checklist This checklist outlines considerations for organisations at each stage of an outsourcing arrangement to determine whether it meets privacy and security obligations.
Transborder Data Flows of Personal Information This resource contains model contractual terms designed to protect personal information when it is transferred outside Victoria.
Privacy Policies and Collection Notices
Privacy Policies This resource provides guidance on developing a privacy policy, including what a collection notice is, its purpose, and what it should contain.
Collection Notices This resource provides guidance on developing a collection notice, including what a collection notice is, its purpose, and what it should contain.
IPP 5 Self Assessment Tool This self-assessment tool is designed to assist organisations to develop and review their privacy policies and meet their obligations under Information Privacy Principle 5.
Privacy During Recruitment This resource provides general guidance to Victorian public sector employers on their privacy obligations when undertaking a recruitment process.
Privacy During Employment This resource provides general guidance to Victorian public sector employers on the privacy obligations the owe to their employees throughout their employment.
Social Media and Privacy This resource contains commonly asked questions about the interaction between privacy and using social media tools in the Victorian public sector.
Remote Working and Collaboration
Tips for Working Remotely and Protecting Privacy This resource outlines tips to help public sector employees to secure their organisation’s information and ensure that the privacy rights of all are upheld when working remotely.
Collaboration Tools and Privacy This resource outlines privacy, security and record-keeping considerations when implementing and using collaboration tools including instant messaging and videoconferencing.
Privacy Case Notes These case notes provide a summary of key facts, findings and learnings from court and tribunal cases that may be relevant to organisations.
EU General Data Protection Regulation This resource provides guidance to organisations on when the GDPR may apply, key themes in the GDPR, and how the GDPR compares with the Information Privacy Principles.
Local Government and Privacy This resource addresses some common enquiries Victorian local councils have in relation to their privacy obligations under the PDP Act.