We recommend installing Microsoft Edge, Google Chrome, Safari, Firefox, or Opera to visit the site.
Privacy resources
This section contains resources and guidance to assist Victorian public sector organisations meet their privacy obligations under the Privacy and Data Protection Act 2014.
Latest updates
Information security and privacy incident notification form has been published Updated 10/09/2021
Privacy Officer Toolkit has been published Updated 24/06/2021
Top tasks
Guidelines to the Information Privacy Principles
These Guidelines provide comprehensive guidance on interpreting and applying the Information Privacy Principles.
Privacy Impact Assessment Template
This template helps assess the privacy impacts of a program or project, and identify privacy risks and mitigation strategies.
Information Privacy Principles
Privacy Best Practice
Guidelines to the Information Privacy Principles
These Guidelines provide comprehensive guidance on understanding, interpreting and applying the Information Privacy Principles.
Information Privacy Principles - Full Text
This page contains the full text of the Information Privacy Principles contained in Schedule 1 of the Privacy and Data Protection Act 2014.
Information Privacy Principles - Short Guide
This resource provides a short summary and overview of each of the Information Privacy Principles, along with an image of the information lifecycle.
Information Privacy Principle 2 Pocket Guide
This resource assists organisations to navigate the use and disclosure of personal information under Information Privacy Principle 2.
The Privacy Officer Toolkit includes 16 sections containing resources that privacy officers need day-to-day, in one easily accessible place.
This Framework provides guidance on the policies and procedures that promote good privacy practices within an organisation.
This resource provides an overview of Privacy by Design and explains how and why it is helpful for the community and for Victorian public sector organisations.
Understanding Culturally Diverse Privacy
This resource details important considerations when collecting, using and disclosing personal information of Aboriginal and Torres Strait Islander individuals.
Information Sharing
Data breaches
Information Sharing and Privacy
This resource provides practical guidance to Victorian public sector organisations on how to share personal information under the Privacy and Data Protection Act 2014.
Child Information Sharing Scheme and Privacy
This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Child Information Sharing Scheme.
Family Violence Information Sharing Scheme and Privacy
This resource details how the Privacy and Data Protection Act 2014 and Health Records Act 2001 operate in the context of the Family Violence Information Sharing Scheme.
Information Sharing for Quality and Safety Purposes
This resource outlines the obligations of health service entities when sharing confidential information within the health system under Part 6B of the Health Services Act 1988.
Managing the Privacy Impacts of a Data Breach
This guide assists organisations subject to the PDP Act to prepare for and respond to the privacy implications of data breaches that involve personal information.
Form for Reporting a Breach to OVIC
This form is designed to help organisations report a privacy breach to OVIC so that we can respond to any enquiries relating to the breach.
Tips to Reduce Data Breaches when Sending Emails
This resource sets out what organisations and employees can do to reduce the chances of information being inadvertently disclosed when sending emails.
Phishing Attacks and How to Protect Against Them
This resource explains what phishing attacks are, how to identify them, and steps organisations and employees can take to protect themselves.
Privacy Complaints
De-Identification
Complaints at OVIC - Guide for Respondents
This resource provides an overview for respondents of the complaints process this office takes when handling privacy complaints.
This resource provides an overview of the complaints process the Victorian Civil and Administrative Tribunal takes when handling privacy complaints.
An Introduction to De-Identification
This resource introduces de-identification, what it is, when it can be used, how it works, and the risks and challenges of de-identification in relation to privacy.
The Limitations of De-Identification
This resource comprehensively details the limitations of de-identification in circumstances where so-called ‘de-identified’ data is made freely and publicly available.
Privacy Impact Assessments
Artificial Intelligence
Privacy Impact Assessment Guide
This resource contains information and guidance on undertaking a privacy impact assessment and completing the privacy impact assessment template.
Privacy Impact Assessment Template
This template was designed to help assess the privacy impacts of a program or project, and identify potential privacy risks and risk mitigation strategies.
Executive buy-in for privacy impact assessments
This resource provides tips for advocating the benefits of privacy impact assessments and gaining executive buy-in to incorporate them into normal business practice.
Artificial Intelligence - Understanding Privacy Obligations
This resource details how to collect, use, and handle personal information when using artificial intelligence systems or solutions in the public sector.
Artificial Intelligence and Privacy - Issues and Challenges
This resource details the privacy challenges and issues associated with public sector organisations utilising artificial intelligence technology or solutions.
Closer to the Machine - Artificial Intelligence eBook
This eBook authored by eight experts provides a comprehensive insight into the technical, social, and legal aspects of using artificial intelligence in the public sector.
Technology Systems and Solutions
Contracting and Outsourcing
Biometrics and Privacy - Issues and Challenges
This resource details the privacy challenges and issues associated with public sector organisations utilising biometric technology or solutions.
Internet of Things and Privacy - Issues and Challenges
This resource details the privacy challenges and issues associated with public sector organisations utilising Internet of Things technology or solutions.
Surveillance and Privacy - Best Practice Principles
This resource provides public sector organisations a set of best practice principles for using surveillance technologies in a privacy-enhancing way.
Engaging Contracted Service Providers
This resource assists organisations and their contracted service providers to effectively manage the privacy and information security in outsourcing arrangements.
Engaging Contracted Service Providers - Checklist
This checklist outlines considerations for organisations at each stage of an outsourcing arrangement to determine whether it meets privacy and security obligations.
Transborder Data Flows of Personal Information
This resource contains model contractual terms designed to protect personal information when it is transferred outside Victoria.
Privacy Policies and Collection Notices
Workplace Privacy
This resource provides guidance on developing a privacy policy, including what a collection notice is, its purpose, and what it should contain.
This resource provides guidance on developing a collection notice, including what a collection notice is, its purpose, and what it should contain.
This self-assessment tool is designed to assist organisations to develop and review their privacy policies and meet their obligations under Information Privacy Principle 5.
This resource provides general guidance to Victorian public sector employers on their privacy obligations when undertaking a recruitment process.
This resource provides general guidance to Victorian public sector employers on the privacy obligations the owe to their employees throughout their employment.
This resource contains commonly asked questions about the interaction between privacy and using social media tools in the Victorian public sector.
Remote Working and Collaboration
Privacy and the law
Tips for Working Remotely and Protecting Privacy
This resource outlines tips to help public sector employees to secure their organisation’s information and ensure that the privacy rights of all are upheld when working remotely.
Collaboration Tools and Privacy
This resource outlines privacy, security and record-keeping considerations when implementing and using collaboration tools including instant messaging and videoconferencing.
These case notes provide a summary of key facts, findings and learnings from court and tribunal cases that may be relevant to organisations.
EU General Data Protection Regulation
This resource provides guidance to organisations on when the GDPR may apply, key themes in the GDPR, and how the GDPR compares with the Information Privacy Principles.
Local Government
Apply to depart from the IPPs
This resource addresses some common enquiries Victorian local councils have in relation to their privacy obligations under the PDP Act.
This page contains guidance on making an application and lists applications made by organisation to permit non-compliance with the Information Privacy Principles.
Submissions
Submissions made to consultations
This page lists submissions made on initiatives or projects that impact on information privacy, freedom of information, or information security.