Organisations are required by law to protect the privacy of your personal information. There are three laws that help protect all Victorians' privacy:
- The Privacy Act (Commonwealth), which covers Federal government departments and agencies and the private sector
- The Privacy and Data Protection (Vic), which covers Victorian public sector agencies and local councils
- The Health Records Act (Vic), which deals specifically with health information
10 Information Privacy Principles
The Privacy and Data Retention Act covers the way that the Victorian Government and local councils collect and handle your personal information.
This law contains 10 Information Privacy Principles. All Victorian government organisations, including local councils, have to observe these principles (although there are some exceptions).
Non-government organisations that work for government under contract may also be required to observe these principles.
The principles, in simple terms, state that, when an organisation collects personal information, it should:
- Collect only what it needs, collect it lawfully and fairly without intruding unreasonably, and let people know that their information is being collected (Principle 1)
- Use and disclose people's personal information only for the purpose which they collected it, or a related purpose those people would reasonably expect (some important interests, such as protecting health and safety or a legal requirement, can justify use and disclosure without consent) (Principle 2)
- Keep the information it collects accurate, complete, up-to-date and secure (Principles 3 & 4)
- Be open about what it does with other people's information (Principle 5)
- Let people see their information and correct it if necessary (Principle 6)
- Minimise using records and information in a way that can be used to match information about people with information about the same people from other sources (Principle 7)
- Give people, when possible, the option of not identifying themselves when providing information (Principle 8)
- Make sure that the protection of people's private information is ensured if that information is transported or transmitted anywhere outside the organisation that collected the information (Principle 9)
- Not collect sensitive information about people – like their ethnic background, religion, political views, sexual preference or criminal record – without checking the relevant laws first (Principle 10)
What is "Personal Information"?
"Personal information" means recorded information or opinions, whether true or not, about a person who can be identified as being the person that information or those opinions are about.
Personal information can be almost any information linked to someone, including:
- Name and address
- Financial details
- Marital status
- Criminal record
- Employment history
What Can I Do if My Privacy Has Been Breached?
If you believe an organisation that holds your personal information has breached your privacy, here is what you can do.
1. Contact the Organisation
Contact the organisation and ask to speak to their privacy officer or someone who deals with complaints.
Once you know who you should be speaking to you can write to them, explaining the situation and what you would like to see happen (e.g., you might want them to remove or delete the information, or issue an apology).
Make sure you give the organisation a reasonable amount of time to respond.
2. If You're Not Happy with Their Response
If you're not satisfied with the way the organisation responds you have the right to complain to the Commissioner for Privacy and Data Protection (new window). The Commissioner will try to solve your problem.
3. If a Solution Fails or Isn't Possible
If a solution to the problem is not possible, or if an attempt at a solution fails, your complaints may go to the Victorian Civil and Administrative Appeals Tribunal (VCAT), the official body for complaint and dispute resolution in Victoria.
4. What Happens if You Win the Dispute
If you win your dispute because the organisation is found to have not followed one or more of the Information Privacy Principles, they might have to:
- Make an apology
- Change a procedure
- Correct or delete personal information
- Pay compensation
The Office of the Commissioner for Privacy and Data Protection
The Office of the Commissioner for Privacy and Data Protection (formerly Privacy Victoria) regulates the way the Victorian government and local councils collect and handle personal information.
It is an independent organisation whose goal is to get privacy better understood and respected, both inside and outside the Victorian Government.
As part of this goal, the Office of the Commissioner for Privacy and Data Protection's website (new window) has heaps of information about privacy, how to protect it, and what you can do if you think your privacy has been breached.
Who Else Protects Your Privacy?
There are other organisations in Australia that protect your privacy within other jurisdictions.
- The Victorian Health Services Commissioner (new window) protects the privacy of health information under the Health Records Act
- The Federal Privacy Commissioner (new window) protects personal information held by federal government agencies, like Centrelink or the Tax Office, and private companies in Australia
If you have a privacy complaint that relates to either the actions of the Federal Government, or that relates to information about your health, these two organisations may be able to help.
Office of the Commissioner for Privacy and Data Protection
Regulating the way that the Victorian government and local councils collect and handle personal information, and handling complaints about the way your personal information has been handled.
Victorian Civil and Administrative Appeals Tribunal (VCAT)
Low cost, accessible and independent dispute resolution service available to all Victorians.