The Privacy and Data Protection Act 2014 aims to ensure that public sector agencies, including DEECA agencies, handle personal information securely and consistently.

Key features of the Act

The Act:

  • sets out ten Information Privacy Principles that must be complied with
  • confirms that any secrecy or confidentiality provisions in already operating Acts remain unchanged e.g. the Health Records Act 2001 continues to regulate personal health information in Victoria.

Under the Act, the role of the Deputy Commissioner for Privacy and Data Protection in the Office of the Victorian Information Commissioner (OVIC) includes:

  • issuing a privacy and data protection framework
  • setting data security standards, which your agency must comply with.

Public interest determinations

If the Deputy Commissioner is satisfied that it is in the public interest to do so, a Public Interest Determination (PID) can be issued giving your agency approval to depart from specified information privacy principles for a specific purpose during limited time (e.g. in an emergency).

Your agency can formally seek a PID on whether the agency can handle or share personal information in a way that varies from the Information Privacy Principles in the Act.

Relationship with Australian privacy laws

The Australian Privacy Principles, which are contained in federal privacy law, do not usually apply to DEECA agencies, unless there is dual funding from the Commonwealth and Victorian governments.

Guidance notes

Guide to information privacy

A guide which DEECA agencies can provide to their staff about:

  • the duty to protect the information privacy of other people (internal and external)
  • their own privacy rights.

Guide to information privacy (PDF, 164.3 KB)
Guide to information privacy (Accessible version) (DOCX, 80.6 KB)

Guide to de-identifying information

A guide which DEECA agencies can provide to their staff about the requirement in Information Privacy Principle 4 that personal information be securely destroyed or de-identified if no longer required.

Guide to de-identifying information (PDF, 282.2 KB)
Guide to de-identifying information (Accessible version) (DOCX, 74.0 KB)

Guide to privacy terms

An alphabetical list of the most common terms and their definition in the context of information privacy.

Guide to privacy terms (PDF, 409.7 KB)
Guide to privacy terms (Accessible version) (DOCX, 85.5 KB)


Privacy Collection Statement builder

If your agency collects personally identifying information a compliant Privacy Collection Statement will need to be used for each collection and each purpose. DEECA offers a Privacy Collection Statement Builder.

Privacy Collection Statement Builder (PDF, 294.6 KB)
Privacy Collection Statement Builder (accessible version) (DOCX, 105.2 KB)

Governance links

Related support modules

On Board has related support modules for DEECA agencies, including:

Office of the Victorian Information Commissioner (OVIC)

The Privacy and Data Protection Act 2014 (Vic) is designed to protect all information held by the Victorian public sector, including the personal information of individuals.  Your agency is required to comply with the privacy and data protection requirements in the Act.

The Victorian Government created OVIC as a primary regulator and source of independent advice to the community and the Victorian Government about how the public sector collects, uses and shares information.

For further information contact OVIC:

Phone: 1300 666 444
Office of the Victorian Information Commissioner

Watchdog agencies

As part of their watchdog role, the Victorian Ombudsman, the Victorian Auditor-General’s Office (VAGO), and the Independent Broad-based Anti-corruption Commission (IBAC) also promote a high standard of public sector governance. For further information see the Integrity complaints support module.

Page last updated: 05/04/24