• Home
• What's New
• About Us
• Vision Impaired
• Relevant Laws
• Making a Complaint
• Case Notes
• Services
• Publications
• Privacy Victoria Network
• Training
• Positions Vacant
• Archive
• Links
• Contact Us

About Privacy Victoria

The Information Privacy Act gives Victorians privacy rights.

The law requires State government and local councils to protect the privacy of your personal information.

INTRODUCING PRIVACY VICTORIA

Privacy Victoria is the Office of the Victorian Privacy Commissioner, an independent statutory office created by the Information Privacy Act 2000. The Privacy Commissioner reports to the Victorian Parliament through the Attorney General.

THE INFORMATION PRIVACY ACT 2000

The Victorian Information Privacy Act sets standards for the way Victorian government organisations, statutory bodies and local councils collect and handle your personal information. Ten Information Privacy Principles are the practical core of the Information Privacy Act. With limited exceptions, all Victorian government organisations, including local councils, must comply with these principles or have an approved code of practice. Non-government organisations that work for government under contract may also be covered, depending on the contract. The Information Privacy Act came into full effect on 1 September 2002.

WHAT IS ‘PERSONAL INFORMATION’?

‘Personal information’ means recorded information or opinion, whether true or not, about an identifiable individual. Personal information can be almost any information linked to an individual, including name, address, sex, age, financial details, marital status, education, criminal record or employment history.

YOUR PRIVACY RIGHTS

The Information Privacy Principles give Victorians privacy rights. This is a short summary of the Information Privacy Principles:

1 Collection A government organisation can only collect your personal information if it is necessary to fulfil the organisation’s functions.

2 Use and disclosure Your personal information should be used and disclosed for the primary purpose for which it was collected unless it is for a secondary purpose that you would reasonably expect. Or your consent may be requested. The law also allows some uses and disclosures without consent, such as to protect safety.

3 Data quality Organisations must keep your personal information accurate, complete and up to date.

4 Data security Personal information must be protected from misuse, loss and unauthorised access, modification or disclosure.

5 Openness Organisations must have clearly expressed policies on the way they manage personal information. You can ask to have a look at an organisation’s privacy policy.

6 Access and correction You have a right to seek access to your own personal information and to seek corrections if necessary. Access and correction will be handled mostly under the Victorian Freedom of Information Act.

7 Unique identifiers Unique identifiers, usually a number, can facilitate data matching. Use of unique identifiers by organisations is only allowed under certain conditions.

8 Anonymity Where lawful and feasible, you should have the option of transacting with an organisation without identifying yourself.

9 Transborder data flows If your personal information travels outside Victoria, your privacy protection should travel with it.

10 Sensitive information This includes your racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record. The law puts special restrictions on the collection of this information.

WHAT CAN I DO IF I BELIEVE MY PRIVACY HAS BEEN BREACHED?

If you believe an organisation has breached one or more of the Information Privacy Principles you should first attempt to resolve the matter with the organisation.

Ask to speak to the Privacy Officer or someone who deals with complaints. Write to the organisation, explaining the situation and what you would like to see happen. Give the organisation an adequate opportunity to respond.

If you are still not satisfied, you have the right to complain to the Privacy Commissioner if you believe that your privacy has been breached after 1 September 2002.

The complaint can relate to personal information collected before that date, but the alleged breach has to have been after 1 September 2002.

The Commissioner will make all reasonable efforts to conciliate complaints. Where conciliation is not reasonably possible, or is tried but fails, complaints may go to the Victorian Civil and Administrative Appeals Tribunal (VCAT).

REMEDIES FOR A PRIVACY BREACH

If VCAT upholds a breach of one or more of the Information Privacy Principles, potential remedies include orders requiring the organisation to make an apology, change a procedure, correct or delete personal information, or pay compensation of up to $100,000.

WHO ELSE PROTECTS PRIVACY?

Personal information held by federal government agencies and parts of the private sector, is protected by the Federal Privacy Commissioner (external link), telephone 1300 363 992. The Victorian Health Services Commissioner (external link) protects your health information, telephone (03) 8601 5200.

A brochure is also available. (PDF, 45Kb)

Top

Last reviewed on 25 September 2008. © 2009 Privacy Victoria - an independent statutory office