The Privacy and Data Protection Act 2014 (Vic) (‘PDPA’) will come into force on 9 December 2014. It will replace the Information Privacy Act 2000 and the Commissioner for Law Enforcement Security Act 2005. The Act provides for the responsible collection and handling of personal information in the Victorian public sector, and for the establishment of a protective data security regime for the Victorian public sector.
The PDPA repeals the Information Privacy Act 2000 and the Commissioner for Law Enforcement Data Security Act 2005. It merges the previous roles of Privacy Commissioner and the Commissioner for Law Enforcement Data Security to create a single Commissioner for Privacy and Data Protection (‘the Commissioner’).
Many of the PDPA’s privacy provisions mirror those of the former Information Privacy Act 2000, including preserving the Information Privacy Principles (IPPs). However, in common with other Australian privacy legislation, the PDPA introduces new mechanisms that will permit public sector agencies to depart from some IPPs where there is a substantial public interest in doing so.
The PDPA empowers the Commissioner to develop, implement and oversee a comprehensive protective data security framework in Victoria. This includes issuing Victorian protective data security standards for the confidentiality, integrity and availability of public sector data. In addition, the Commissioner may issue law enforcement data security standards for the security and integrity of law enforcement data systems and crime statistics data systems.
For more information, please see the ‘Commissioner for Privacy and Data Protection’ website.