The purpose of the Victorian Protective Data Security Standards (VPDSS) is to provide a set of criteria for the consistent application of risk-based practices to manage the security of Victorian government information. The Standards are issued under Parts 4 and 5 of the Privacy and Data Protection Act 2014 (PDP Act). Version 1.0 of the standards were issued in 2016.
OVIC has conducted a review following the first reporting period in 2018 and the review recommended the following changes:
- Simpler language
- Consolidation of common themes
- Remove protocols as the continuous improvement principle is covered by the overarching framework (VPDSF)
- Remove duplicate elements
- Add new elements where gaps identified
Draft Victorian Protective Data Security Standards (VPDSS) for consultation
Consultation on the Standards is open between 5 July – 9 August 2019. You can view the draft Standards by following the link below.
Draft Protective Data Security Plan (PDSP) template
In line with the draft updated Standards, the Information Commissioner is releasing a draft template of the Protective Data Security Plan (PDSP) which addresses the reporting obligations of agencies that are subject to Part 4 or Part 5 of PDP Act for the reporting period ending August 2020.
The PDSP is submitted to OVIC on a biennial basis in compliance with the PDP Act, the Victorian Protective Data Security Framework (Framework) and the Standards.
The draft updated PDSP does not replace the existing reporting obligations of agencies due at the end of August 2019.
More information about what is expected of your agency for the 2019 reporting period can be found here.
How you can be involved
OVIC invites you to provide feedback on the draft Standards. We welcome comments on any aspect, but we ask that you specifically consider important changes in the following areas:
- Changing the language used throughout to active voice and removing ‘must’
- Introducing incident notification under Standard 8
- Including the sources from which the standards have been derived
To provide agencies with the opportunity to ask questions and discuss the draft updated Standards, OVIC will be conducting roundtables in both metropolitan and regional areas. Spaces in these sessions are limited so be sure to reserve your seat.
More information about the consultation roundtables can be found on the VPDSS Consultation Roundtables page.