OVIC uses regulatory powers to promote fair public access to information while ensuring its proper use and protection.
Every year, we identify regulatory priorities that guide our regulatory action. These priorities reflect existing and emerging issues that we consider significant or require our attention.
Our regulatory priorities for 2021-22 are:
Compliance with the FOI Professional Standards
The FOI Professional Standards commenced in December 2019 and were developed to ensure the consistent administration of the FOI Act by responsible agencies. This regulatory priority recognises OVIC’s shift from the release of the standards to ongoing monitoring and assuring the standards.
Privacy and security in Victorian law enforcement
OVIC maintains a close and ongoing engagement with Victoria law enforcement due to the level of sensitive and personal information collected and maintained. This priority reinforces OVIC’s commitment to ensure law enforcement agencies promote, support, and enforce privacy and information security in their important work.
Privacy and security when outsourcing
This priority recognises the inherent privacy and information security risks involved in engaging contracted service providers. Since OVIC was formed in 2017, there have been several actual or potential breaches involving third parties working with Victorian government agencies. This priority remains an important focus for OVIC, as agencies cannot ‘contract out’ accountability for privacy and information security.
Monitoring information security risk in the Victorian public sector
This new regulatory priority for 2021-22 reflects the importance of agencies’ adherence to the risk-based Victorian Protective Data Security Standards. Under the Standards, Victorian government agencies are required to build information security capability utilising existing risk frameworks and OVIC monitors and supports them in doing so.
We will prioritise matters that relate to these regulatory priorities. We will also pursue other matters in accordance with our Regulatory Action Policy.