Organisations are required by law to protect the privacy of your personal information. Three laws help protect Victorians' privacy:
- The Privacy Act (Commonwealth) covers Federal government departments and agencies and the private sector
- The Information Privacy Act (Vic) covers Victorian public sector agencies and local councils
- The Health Records Act (Vic) deals specifically with health information
The Information Privacy Act
The Information Privacy Act covers the way State government organisations, statutory bodies and local councils collect and handle your personal information.
It contains 10 Information Privacy Principles (new window). With some exceptions, all Victorian government organisations, including local councils, must observe these principles. Non-government organisations that work for government under contract may also be covered.
The principles, in simple terms, state that when an organisation collects personal information that it should:
- Collect only what it needs, collect it lawfully and fairly without intruding unreasonably, and let people know that their information is being collected (Principle 1)
- Use and disclose people's personal information only for the purpose which they collected it, or a related purpose those people would reasonably expect (some important interests, such as protecting health and safety or a legal requirement, can justify use and disclosure without consent) (Principle 2)
- Keep the information it collects accurate, complete, up-to-date and secure (Principles 3 & 4)
- Be open about what it does with other people's information (Principle 5)
- Let people see their information and correct it if necessary (Principle 6)
- Minimise using records and information in a way that can be used to match information about people with information about the same people from other sources (Principle 7)
- Give people, when possible, the option of not identifying themselves when providing information (Principle 8)
- Make sure that the protection of people's private information is ensured if that information is transported or transmitted anywhere outside the organisaiton that collected the information (Principle 9)
- Not collect sensitive information about people – like their ethnic background, religion, political views, sexual preference or criminal record – without checking the relevant laws first (Principle 10)
Privacy Victoria, the Office of the Victorian Privacy Commissioner, regulates the way that the Victorian government and local councils collect and handle personal information. It is an independent statutory office created by the Information Privacy Act. Its goal is to get privacy better understood and respected, inside and outside the Victorian public sector.
You can find lots more info about privacy at the Privacy Victoria website (new window).
What is 'Personal Information'?
'Personal information' means recorded information or opinions, whether true or not, about an identifiable person. Personal information can be almost any information linked to someone, including:
- Name and address
- Financial details
- Marital status
- Criminal record
- Employment history
What Can I Do if My Privacy Has Been Breached?
If you believe an organisation that holds your personal information has breached your privacy, firstly you should try to resolve the matter with them.
Ask to speak to the privacy officer or someone who deals with complaints. Write to the organisation, explaining the situation and what you would like to see happen. Give the organisation time to respond.
If you are still not satisfied, you have the right to complain to the Privacy Commissioner (new window). The Commissioner will try to solve your problem.
If a solution to the problem is not reasonably possible or if an attempt at a solution fails, your complaints may go to the Victorian Civil and Administrative Appeals Tribunal (VCAT), the official body for complaint and dispute resolution in Victoria.
If you win your dispute because the organisation is found to have not followed one or more of the Information Privacy Principles, they might have to:
- Make an apology
- Change a procedure
- Correct or delete personal information
- Pay compensation
Who Else Protects Privacy?
There are other organisations in Australia that protect your privacy within other jurisdictions.
- The Victorian Health Services Commissioner (new window) protects the privacy of health information under the Health Records Act
- The Federal Privacy Commissioner (new window) protects personal information held by federal government agencies, like Centrelink or the Tax Office, and private companies in Australia
Privacy Victoria regulates the way that the Victorian government and local councils collect and handle personal information. If you have a complaint about the way your personal information has been handles, you can register a complaint with them.
Victorian Civil and Administrative Appeals Tribunal (VCAT)
VCAT is a low cost, accessible and independent dispute resolution tribunal available to all Victorians.