'

Vic government protects personal data with new privacy law

The Victorian government has replaced the Information Privacy Act with the Privacy and Data Protection Act 2014 to address the protection levels of personal information collected and used by public agencies.

Victoria's new Privacy and Data Protection Act 2014 has come into operation this week as part of a new framework to enhance the protection of personal information held by public sector agencies.

The Act replaces the Information Privacy Act, and, according to Victoria Attorney-General Robert Clark, the new law is an important step in fixing some of the problems identified by the Victorian auditor-general in his 2009 report, Maintaining the Integrity and Confidentiality of Personal Information (PDF).

"These changes will address the auditor-general's finding that personal information collected and used by public agencies had been 'easily compromised' under the previous government," he said.

As part of the introduction, the offices of the Victorian Privacy Commissioner and the Commissioner for Law Enforcement Data Security will be amalgamated to form a new entity, the Commissioner for Privacy and Data Protection. It will be responsible for overseeing privacy and data protection in Victoria.

David Watts, who has been the acting privacy commissioner and the commissioner for law enforcement data security, has been appointed as the inaugural privacy and data protection commissioner.

"Watts brings a wealth of experience to the role, having led the merging of the offices of the privacy commissioner and commissioner for law enforcement data security as part of these reforms," Clark said.

"With a background as a lawyer specialising in information technology, information privacy, intellectual property, and regulatory systems, Mr Watts is well placed to implement the new personal and data security framework."

Under the Act, the public sector will be able to ask the commissioner for a determination about whether a particular use of personal information is consistent with their privacy obligations, as well as seek approval to depart from certain information privacy principles if it's in the public interest to do so.

"Giving agencies certainty about the privacy aspects of their activities means that information will be used more effectively while personal privacy will also be more effectively protected," Clark said.

"Effective sharing of information across government agencies can often be vital to the public interest, whether to save lives in bush fires or other emergencies, or to better protect potential victims in the context of family violence, child abuse, or other criminal activities."

The Victorian government also released the 2013-14 annual report (PDF), which was tabled in parliament on Friday. It showed that consistent with previous years, a total of 2,468 enquiries were made, and a large number of those were around the use and disclosure of information and data security.

At the same time, according to the report, the number of potential complaints to the enquiries received during 2013-14 remained consistent with previous years, and the number of actual complaints made from potential complaints decreased "significantly".

"Only 12.5 percent of the potential complaints were eventually made into complaints, the lowest number for the past five reporting periods," the report said.

The commissioner attributed the drop to an increased level of participation in Privacy Victoria's training and awareness activities, which saw the organisations consulted on issues such as surveillance, biometric technologies, cloud computing and outsourcing, and data and identity security