Privacy and Data Protection Act 2014

On  the 12th of June 2014 new legislation was introduced into Parliament to strengthen the protection of individuals’ private information held by the Victorian public sector. The legislation was passed on the 19th of August 2014 and received Royal Assent on the 2nd of September 2014.

The Act merges the existing roles of Privacy Commissioner and the Commissioner for Law Enforcement Data Security (CLEDS) to create a single Commissioner for Privacy and Data Protection with responsibility for the oversight of the privacy and data protection regime in Victoria.

The key protective data security provisions in the Act concern development, by the new Commissioner for Privacy and Data Protection, of a Victorian Protective Data Security Framework (VPDSF) and Victorian Protective Data Security Standards (VPDSS). The Commissioner will also develop guidelines to assist Government agencies to develop security plans and help ensure changes to current processes are implemented smoothly.

A presentation recently released by the Office of the Victorian Privacy Commissioner indicates that the standards will reflect contemporary Australian and international security standards, such as the Commonwealth Government PSPF and the ISO 27000 range, but be tailored to meet the needs of Victorian Government public sector organisations. The standards will promote a risk based approach to support the practical implementation of security controls in a proportionate manner that supports (and does not inhibit) government business.

The Act states that, following the issue of the standards by the Commissioner, applicable Victorian public sector agencies and bodies must ensure that:

  • a security risk profile assessment is undertaken; and
  • a protective data security plan is developed that addresses the standards applicable to that agency or body; and
  • the plan is reviewed if an agency’s circumstances change, or otherwise every two years.

How we can help

Contact us to find out how this new legislation could affect your agency.

We can help you conduct a security risk profile assessment and develop data security plans tailored to your agency’s unique requirements.

Blueprint Information Security is registered on the Victorian Government Ariba eServices Register.