New era for privacy and data protection

• New Privacy and Data Protection Act replaces Information Privacy Act
• Coalition mending the data protection holes left by Labor
• Napthine Government building a safer Victoria

Victoria’s new Privacy and Data Protection Act 2014 has come into operation this week.

The Act replaces the Information Privacy Act with a new framework that will apply across government to enhance the protection of personal information held by public sector agencies.

Attorney-General Robert Clark said the new law is an important step in fixing some of the problems identified by the Victorian Auditor-General in his 2009 report, Maintaining the Integrity and Confidentiality of Personal Information.

“These changes will address the Auditor-General’s finding that personal information collected and used by public agencies had been ‘easily compromised’ under the previous government,” Mr Clark said.

“Under the new Act, there will be a single privacy and data protection framework with clear privacy standards applying to all government departments and most public agencies.”

“There will also be a single Privacy and Data Protection Commissioner who will develop guidelines to ensure the new standards are applied effectively and achieve a smooth transition to the new regime.”

Attorney-General Robert Clark announced the appointment of David Watts as the inaugural Privacy and Data Protection Commissioner.

Prior to this appointment Mr Watts has been the Acting Privacy Commissioner as well as the Commissioner for Law Enforcement Data Security.

“Mr Watts brings a wealth of experience to the role, having led the merging of the offices of the Privacy Commissioner and Commissioner for Law Enforcement Data Security as part of these reforms,” Mr Clark said.

“With a background as a lawyer specialising in information technology, information privacy, intellectual property, and regulatory systems, Mr Watts is well-placed to implement the new personal and data security framework.”

The Act also creates avenues for public sector departments and agencies to:

• ask the Commissioner for a determination about whether a particular use of personal information is consistent with their privacy obligations; and
• seek approval to depart from certain information privacy principles if the Commissioner is satisfied it is in the public interest to do so.

“Giving agencies certainty about the privacy aspects of their activities means that information will be used more effectively while personal privacy will also be more effectively protected.

“Effective sharing of information across government agencies can often be vital to the public interest, whether to save lives in bushfires or other emergencies or to better protect potential victims in the context of family violence, child abuse or other criminal activities,” Mr Clark said.

Universities, councils, certain health organisations and certain interjurisdictional organisations will not be covered by the new framework but will continue to be governed by separate privacy regimes, such as the regime under the Health Records Act.

The new Act also re-enacts many key provisions of the Information Privacy Act, including the Information Privacy Principles. The organisations to which the Information Privacy Act applied will remain subject to the provisions of the new Act.