New framework for privacy and data protection and information sharing

The Coalition Government today introduced legislation into Parliament to strengthen the protection of individuals’ private information held by the Victorian public sector.

The Bill merges the existing roles of Privacy Commissioner and the Commissioner for Law Enforcement Data Security to create a single Commissioner for Privacy and Data Protection with responsibility for the oversight of the privacy and data protection regime in Victoria.

The Privacy and Data Protection Bill 2014 also addresses a number of the data security issues identified by the Victorian Auditor-General in his 2009 Report on Maintaining the Integrity and Confidentiality of Personal Information, including measures to ensure that government handles personal information securely and consistently.

The Bill provides for the development of a new protective data security framework for the Victorian Government. The Commissioner for Privacy and Data Protection will be responsible for issuing protective security standards as part of the framework.

The Commissioner will also develop guidelines to assist Government agencies to develop plans and help ensure changes to current processes are implemented smoothly.

The framework will include protective data security standards, protective data security plans prepared by public sector bodies to implement the standards, and specific law enforcement data security standards.

The Bill provides for departments and agencies to seek a determination about whether a particular use of personal information that it holds is authorised or required by law.

The Bill will also allow public sector organisations to seek approval for arrangements allowing them to handle or share personal information in ways that vary the application of certain information privacy principles, if that use of the information is clearly in the public interest.

“These reforms enhance privacy protections for individuals while giving public sector agencies greater clarity about the appropriate use of personal information,” Mr Clark said.

The Bill also re-enacts many key provisions of the Information Privacy Act, including the Information Privacy Principles. The organisations to which that Act applies will remain subject to the privacy provisions of the Bill.