Privacy Act and Data Protection
Origins of the Act
The Information Privacy Act began its life as a data protection bill for the public and private sectors. It was developed in Multimedia Victoria and promoted initially by the then Treasurer in his capacity as Minister for Information Technology and Multimedia. The impetus was the wish to encourage economic and government activity online by protecting individuals’ information privacy under state law. The data protection bill lapsed with the change of government following the state election in October 1999. When the Commonwealth Privacy Act was amended to cover part of the private sector (effective 21 December 2001), Victoria’s scheme was cut back to cover state government agencies and local councils. The Information Privacy Bill passed the Victorian Parliament in October 2000 and responsibility passed to the Attorney-General. The Act took effect in stages from 1 September 2001. The Information Privacy Act sets a standard for the protection of the privacy of personal information by the Victorian public sector, with the ten Information Privacy Principles (IPPs) as the practical core.
About the Information Privacy Act
To view the Information Privacy Act 2000 (Victoria) (IPA), you will be taken to the central repository website: Victorian Legislation and Parliamentary Documents. The objects of the IPA, expressed in section 5, are to:
- balance the public interest in the free flow of information with the public interest in respecting privacy and protecting personal information in the public sector; and
- promote the responsible and transparent handling of personal information in the public sector and promote awareness of these practices.
Under the IPA, State government organisations, local councils and private sector organisations acting as contracted service providers to the Victorian government are all bound to protect the privacy of people’s personal information. “Personal information” means recorded information which can identify someone. The Privacy Commissioner administers the IPA. Note that under the IPA, information must be recorded. If information is not recorded in some form it is not covered by the IPA. However, breaches of the Act can occur when recorded information is disclosed verbally. Some examples of personal information might be someone’s name, address, sex, age, financial details, marital status, education or employment history. Some personal information is called “sensitive information” and is given special treatment under the Act.
This includes information about an individual’s ethnic origin, religious beliefs, sexual preferences and criminal record. You can find out more about the Information Privacy Act by looking at the functions of the Privacy Commissioner and by reading the Explanatory Memorandum.
Commissioner for Privacy and Data Protection
The Commissioner for Privacy and Data Protection was established on 17 September 2014 under the Privacy and Data Protection Act 2014. The PDPA repeals the Information Privacy Act 2000 and the Commissioner for Law Enforcement Data Security Act 2005, replaces them with the Commissioner for Privacy and Data Protection and confers on the Commissioner a protective data security jurisdiction over the Victorian Public Sector.
The aim of the establishment of the Commissioner for Privacy and Data Protection is to strengthen the protection of information held by the Victorian public sector, including that of personal information.
The website of the Commissioner for Privacy and Data Protection is currently under construction and visitors are being directed to the existing sites of the Office of the Victorian Privacy Commissioner and the Commissioner for Law Enforcement Data Security as an interim measure.
Enquiries 1300 666 444