OVIC has a number of investigative functions
- Examine and audit — OVIC may examine the practices or audit the records of a regulated body to assess compliance with the IPPs. OVIC may conduct an examination or audit as a periodic assurance tool, to assess a potential privacy breach or to better understand an issue.
- Investigate and issue a Compliance Notice — Where OVIC identifies serious, flagrant or repeated breaches of the IPPs, OVIC may investigate and issue a Compliance Notice. A Compliance Notice is a notice requiring the regulated body to take specified action within a specified time to remedy breaches and comply with IPPs and the PDP Act.
- Investigate on own motion – OVIC can investigate how regulated bodies comply with the FOI Act.
This page contains reports of investigations, audits, and examinations.
Reports published by OVIC
- Unauthorised access to client information held in the CRISSP database, March 2021.
- Examination into the use of apps and web-based learning tools in Victorian government primary schools, August 2020.
- Disclosure of myki travel information: investigation report and compliance notice, August 2019. Published with myki incident: lessons for organisations.
- Examination of Local Government Privacy Policies, May 2019. Published with IPP 5 Self Assessment Tool.
Reports published by OVIC predecessor agencies
- Review of information governance in the Department of Health and Human Services, January 2017.
- Review of the Victoria Police Security Incident Management Framework and Practices, January 2017.
Global Privacy Enforcement Network Sweep Reports
Every year, privacy regulators from around the world conduct a ‘Sweep’ to coordinate a global analysis of organisations’ privacy practices.
You can view and download our Global Privacy Enforcement Network sweep reports by following the links below.