Privacy resources for organisations

Artificial intelligence - Understanding privacy obligations

Understand key considerations when using artificial intelligence and personal information together.

Public consultation on Artificial Intelligence privacy guidance

OVIC is updating its guidance on Artificial Intelligence – Understanding privacy obligations. Tell us what should be included, to ensure our guidance is relevant, practical, clear, accessible, and useful.

Generative Artificial Intelligence (GenAI) – key terms and concepts

Visit our portal developed in collaboration with the ARC Centre of Excellence for Automated Decision-Making and Society (ADM+S). This portal offers basic GenAI terms and examples.

Use of personal information with publicly available Generative AI tools in the Victorian public sector

This guidance outlines OVIC's position on the use of publicly available Generative AI tools within VPS organisations

Use of enterprise Generative AI tools in the Victorian public sector

This guidance outlines OVIC's minimum expectations for VPS organisations using enterprise Generative AI tools. It also sets out the key information privacy and information security obligations for VPS organisations to consider.

Closer to the machine - Artificial intelligence eBook

This eBook provides insights into the technical, social, and legal aspects of using artificial intelligence.

Guidelines to the IPPs

These Guidelines provide comprehensive guidance on understanding, interpreting, and applying the IPPs.

Full text of the IPPs

Read the full text of the IPPs contained in Schedule 1 of the Privacy and Data Protection Act 2014.

Short guide to the IPPs

View a short summary of each Information Privacy Principles, along with the information lifecycle.

Privacy policies under IPP 5

Learn how to develop a privacy policy, what a privacy policy is, its purpose, and what it should contain.

IPP 5 self-assessment tool

This self-assessment tool can assist to review privacy policies and assess obligations under IPP 5.

Consultation on updating the IPP Guidelines

We're updating the IPP Guidelines to ensure they are up-to-date and fit for purpose. Stakeholders are invited to have their say.

Apply to modify the application of the IPPs

Learn how and when organisations can be permitted to engage in acts or practices that breach the IPPs.

Certify an act or practice complies with the IPPs

Learn how and when an organisation can request certification that an act or practice is consistent with the IPPs.

Pocket guide to IPP 2

The pocket guide helps navigate the use and disclosure of personal information under IPP 2.

Notice of collection under IPP 1

Read how to develop a collection notice, what a collection notice is, its purpose, and what it should contain.

Privacy case notes

These case notes provide a summary of facts, findings, and learnings from court and tribunal cases on the IPPs.

Privacy impact assessment guide and template

Learn about privacy impact assessments and find our privacy impact assessment guide and template.

Executive buy-in for privacy impact assessments

Find out how to advocate for privacy impact assessments and gain executive buy-in to complete them.

Privacy officer toolkit

This toolkit includes 16 sections containing resources that privacy officers need day-to-day.

Privacy management framework

This framework details the policies and procedures that promote good privacy practices within organisations.

Privacy for local government

Read guidance for Victorian councils on improving information management, privacy, and security practices.

Social media and privacy – engaging with the community

Frequently asked questions about privacy when using social media to engage with the community.

Privacy by design

Learn about Privacy by Design and why it is helpful for the community and organisations.

Understanding culturally diverse privacy

Learn what’s important when handling personal information of Aboriginal and Torres Strait Islander individuals.

EU General Data Protection Regulation

Read about when the GDPR applies, key themes, and how the GDPR compares with the IPPs.

Managing the privacy impacts of a data breach

Learn how to prepare for and respond to a data breach involving personal information.

Report a privacy breach

Use this form to report the details of an incident or data breach involving personal information.

Joint public statement with PROV: Minimising the privacy impacts of an incident

This statement outlines the minimum expectations for organisations to protect the personal information they hold

Tips to reduce data breaches when sending emails

Get tips on how to reduce the chances of information being inadvertently disclosed when sending emails.

Phishing attacks and how to protect against them

Learn what phishing attacks are, how to identify them, and steps organisations can take to protect themselves.

Information sharing and privacy

Read practical guidance on when and how personal information can be shared and disclosed in Victoria.

Child Information Sharing Scheme and privacy

Understand how privacy legislation operates in the context of the Child Information Sharing Scheme.

Family Violence Information Sharing Scheme and privacy

Understand how privacy legislation operates in the context of the Family Violence Information Sharing Scheme.

Information sharing for quality and safety purposes

Obligations when sharing confidential information in the health system under the Health Services Act 1988

Privacy complaints at OVIC

Read an overview of the complaints process this office takes when handling privacy complaints.

Privacy complaints at VCAT

Read about the privacy complaints process at the Victorian Civil and Administrative Tribunal.

Assessing compensation claims for loss in privacy complaints

Learn when financial compensation may be appropriate to resolve a privacy complaint.

An introduction to de-identification

Learn what de-identification it is, when it can be used, how it works, and the risks and challenges.

The limitations of de-identification

Understand the limitations of de-identification when de-identified data is made freely and publicly available.

Watch a video presentation on de-identification

This 30 minute presentation contains practical guidance on what to consider when de-identifying information.

Engaging contracted service providers

Learn how to effectively manage privacy and information security in outsourcing arrangements.

Biometrics and privacy - Issues and challenges

Read about the privacy challenges and issues associated with utilising biometric technology or solutions.

Internet of things and privacy - Issues and challenges

Learn about the privacy challenges and issues when organisations utilising IoT technology or solutions.

Guiding principles for surveillance

These principles and checklist support organisations to identify and evaluate surveillance practices.

Tips for working remotely and protecting privacy

Understand how employees can ensure privacy is protected when working remotely.

Social media, privacy and the workplace

Frequently asked questions about privacy from employers and employees.

Gender Equality Act 2020 and privacy

Read about privacy considerations when complying with obligations under the Gender Equality Act 2020.

Privacy during recruitment

Understand employer privacy obligations when undertaking recruitment processes.

Privacy during employment

Learn about the privacy obligations that organisations owe to employees throughout their employment.

Collaboration tools and privacy

Learn about privacy, security, and record-keeping when using collaboration and videoconferencing tools.

Investigations and regulatory action

See our investigation and examination reports, and read our Regulatory Action Plan and priorities.

Privacy Awareness Week

Privacy Awareness Week is an annual event that highlights the importance of protecting personal information.

Victorian Privacy Network

The Victorian Privacy Network meets twice a year to hear from guest speakers on topical privacy issues and matters.

Submissions to consultations

See our submissions on matters impacting on freedom of information, information privacy or information security.

Privacy Roundtable

The Privacy Roundtable comprises representatives from organisations representing various government sectors.