Privacy Roundtable Meeting
Date: Thursday 30 April 2020
Time: 3 pm – 4 pm AEST
- Office of the Victorian Information Commissioner
- Rachel Dixon – Privacy and Data Protection Deputy Commissioner
- Annan Boag – Assistant Commissioner, Privacy and Assurance
- Dermot Dignam – Manager, Privacy Guidance
- Caitlin Galpin – Senior Privacy Guidance Officer
- Emily Arians – Senior Policy Officer
- Department of Education
- Department of Health and Human Services
- Department of Jobs, Precincts and Regions
- Department of Justice and Community Safety
- Department of Transport
- Department of Treasury and Finance
- Victoria Police
Welcome and introduction
- The Assistant Commissioner, Privacy and Assurance, welcomed the members of the Privacy Roundtable.
- The Assistant Commissioner noted that the Privacy Roundtable had been convened to discuss the impacts and initiatives around COVID-19 given the novel challenges of the virus and especially as it sees agencies introducing new technologies, projects and working arrangements.
Privacy Implications of COVID-19
- The Privacy and Data Protection Deputy Commissioner presented on the privacy implications of COVID-19, noting areas of focus for OVIC and the National COVID-19 Privacy team.
- The Deputy Commissioner noted that many agencies have needed to rapidly deploy new tools to facilitate service delivery and accommodate adjusted working arrangements. The Deputy Commissioner noted that this included new technology, programs and information sharing arrangements.
- The Deputy Commissioner discussed relevant privacy considerations when implementing new technologies including design issues, privacy laws in the originating country, and compliance with relevant Information Privacy Principles.
- The Deputy Commissioner discussed relevant privacy and security considerations for remote working adjustments. The Deputy Commissioner noted adjustments may include access to or reliance on paper files; new security issues arising as staff work remotely from shared houses, or on decentralised networks.
- The Deputy Commissioner discussed security precautions for a dispersed workforce. The Deputy Commissioner cautioned against using social media on the same device used for work and stated the importance of reporting unusual or suspicious activity to Information Security or IT personnel.
- The Deputy Commissioner discussed the COVID-19 tracing application. The Deputy Commissioner discussed privacy and security measures implemented regarding the application, proposed data flows of collected personal information to state authorities, steps taken to de-identify information where appropriate, and the classification of collected information as either ‘personal information’ or ‘health information’ under relevant Victorian legislation.
- The Deputy Commissioner discussed authorised purposes for using and disclosing personal information in the course of the pandemic. The Deputy Commissioner noted the important of limiting personal information used or disclosed to that which is necessary.
The Manager, Privacy Guidance discussed:
- Impacts of COVID-19 on OVIC’s Privacy Guidance team
- The Manager, Privacy Guidance noted changes to OVIC’s working arrangements, advising staff are working remotely, accepting correspondence by phone and email. The Manager noted that OVIC can accept physical mail at this time, however this is being monitored on a limited basis.
- OVIC is not currently hosting in-person conciliation conferences and has moved to providing teleconference conciliations where appropriate. OVIC has postponed in-person privacy training at this time.
- The Manager, Privacy Guidance noted that complaints, data breaches and enquiries received in this period are similar to that received prior to COVID-19.
- The publication of new guidance material for agencies
- Guidance on how to respect privacy and protect public sector information when working remotely
- Guidance prepared jointly with the Health Complaints Commissioner, regarding Privacy and COVID-19
- Guidance on Victorian Protective Data Security obligations during COVID-19
- Privacy Awareness Week
- Scheduled OVIC activities include a live streamed address on Monday 4 May 2020 by Information Commissioner, followed by a special presentation by Ms Sheila Fitzpatrick on the greatest risks to privacy today, the privacy challenges of technologies such as big data and AI, and privacy in the world of COVID-19.
- Scheduled publication of resources including:
- Privacy Management Framework – guidance for agencies
- Your privacy rights in Victoria – guidance for members of the public
- Data breaches and you – guidance for members of the public
Agency representative updates
- Group members discussed key challenges, trends and initiatives in their relevant areas.
Common themes arising from this discussion included:
- Trends reporting a significant uptick in enquiries regarding the handling of personal information of individuals who have, or may have, the virus; digitizing the delivery of services; assessing and implementing new systems and technologies to adjust to remote working arrangements; and reviewing Privacy Impact Assessments (PIAs) relating to these.
- Some challenges reported included that: staff from some agencies have been repurposed and diverted to other functions during COVID-19; there is an observed need in some agencies for increased targeted training on the completion of PIAs; some agencies identified a need for flexibility in their response times to complaints with OVIC during COVID-19 which was noted.
- Some agencies expressed interest in any further guidance OVIC could provide on emerging issues around the virus, notably on privacy considerations associated with technology like videoconferencing.
Meeting closed 4pm