Privacy Roundtable Meeting
Date: Thursday 6 August 2020
Time: 2 pm – 3 pm AEST
- Office of the Victorian Information Commissioner
- Annan Boag – Assistant Commissioner, Privacy and Assurance
- Dermot Dignam – Manager, Privacy Guidance
- Matthew Fiford – Manager, Investigations
- Caitlin Galpin – Senior Privacy Guidance Officer
- Sarah Crossman – Senior Policy Officer
- Department of Education
- Department of Health and Human Services
- Department of Jobs, Precincts and Regions
- Department of Justice and Community Safety
- Department of Premier and Cabinet
- Department of Transport
- Department of Treasury and Finance
- Victoria Police
- WorkSafe Victoria
Welcome and introduction
- The Assistant Commissioner, Privacy and Assurance, welcomed the members of the Privacy Roundtable.
- The Assistant Commissioner noted that, in response to expressions of interest in further guidance on privacy and technology, OVIC has published guidance on collaboration tools and privacy and a factsheet on how to respect privacy when working remotely.
The Assistant Commissioner, Privacy and Assurance noted:
- That OVIC is currently compiling its Annual Report for the 19/20 FY. This report will be tabled in Parliament and is expected to be published on OVIC’s website in September.
The Manager, Investigations:
- Introduced the Investigations and Assurance team, established to develop and execute OVIC’s monitoring and assurance program of work across all areas of the Office including privacy, public access and information security, in accordance with OVIC’s Regulatory Action Policy.
- Noted that OVIC has identified its regulatory priorities for 2020-21 that guide its regulatory action. These priorities reflect existing and emerging issues that OVIC considers significant or requiring its attention. The regulatory priorities for 2020-21 are:
- compliance with the FOI professional standards
- prompt FOI decision making and information release
- the identification and assessment of the security value of information (VPDSS Standard 2)
- privacy and security in Victorian law enforcement
- the protection of personal information in the Victorian higher education sector (IPP 4) privacy and outsourcing
- Noted the intent of publishing these priorities includes that:
- regulated organisations are not surprised when they become subject to regulatory action related to the priorities
- all regulated organisations are encouraged to review and improve their practices with respect to the priorities, knowing that regulatory action by OVIC is likely
- the broader community is informed of the topics that OVIC is likely to focus on, enhancing the transparency of the Office’s work
The Senior Policy Officer discussed:
- Information Sharing Guidelines
- The Senior Policy Officer noted that OVIC is currently updating its guidelines for sharing personal information for currency and to reflect developments in information sharing in the Victorian Public Sector (VPS). The guidelines are intended to provide practical guidance to VPS organisations on how to share personal information in accordance with their obligations under the PDP Act.
- OVIC will be publishing draft guidelines for public consultation on OVIC’s website.
- Aboriginal Privacy Project
- The Senior Policy Officer reported that OVIC had commissioned the Cultural and Indigenous Research Centre (CIRCA) to undertake qualitative research among Aboriginal and Torres Strait Islander peoples living in Victoria to explore their range of cultural attitudes and perspectives in relation to information privacy.
- Noted that this research is an early effort to help address a knowledge gap regarding how Aboriginal and Torres Strait Islander peoples value and conceptualise information privacy and advised that this will inform future work OVIC will do in this space.
- OVIC will be publishing a report informed by this research later in 2020. This paper will outline potential considerations for the VPS.
The Manager, Privacy Guidance discussed:
- Improvements to OVIC’s Privacy Complaints Handling Process
- The Manager, Privacy Guidance reported on OVIC’s increasing volume of complaints received. Noted that the timeliness of OVIC’s complaints handling process has also improved, and the proportion of complaints finalised by this Office, without requested referral to the Victorian Civil and Administrative Tribunal, has remained the same.
- The Manager advised that these improvements were achieved through changes to OVIC’s privacy complaints processes. This included the introduction of preliminary views to complainants and organisations on whether there appears to have been an interference with privacy under the Privacy and Data Protection Act 2014.
- Scheduled development of resources for Privacy Officers
- The Manager advised that OVIC proposes to focus on developing resources aimed at privacy officers of smaller agencies, or who may be new to the role. Specifically, to develop resources to describe the role of privacy officer and provide support for this role, and further privacy training targeted at these individuals.
Agency representative updates
- Group members discussed key challenges, trends and initiatives in their relevant areas.
Common themes arising from this discussion included:
- Trends reporting an increase in the number of Privacy Impact Assessments as attributed to new programs to facilitate remote working, and COVID-19 specific programs of work such as information sharing, data compilation and ongoing relief programs.
- Discussions of the intersection of privacy and freedom of information (FOI), noting differences and crossovers for agencies whose function in combined, and those whose functions operate in discrete areas of the organisation.
Meeting closed 3pm