PRIVACY AND DATA PROTECTION ACT 2014
Table of Provisions
PART 1--PRELIMINARY
- 1 Purposes
- 2 Commencement
- 3 Definitions
- 4 Interpretation
- 5 Objects
- 6 Relationship of this Act to other laws
- 7 Rights and liabilities
- 8 Act binds the Crown
PART 1A--FUNCTIONS, POWERS OF INFORMATION COMMISSIONER AND APPOINTMENT OF PRIVACY AND DATA PROTECTION DEPUTY COMMISSIONER
Division 1--Performance of functions
- 8A Functions of Information Commissioner
- 8B Functions of Privacy and Data Protection Deputy Commissioner
- 8C Information privacy functions
- 8D Protective data security and law enforcement data security functions
- 8E Performance of concurrent functions
- 8F Information Commissioner may confer functions on Privacy and Data Protection Deputy Commissioner
- 8G General powers of Information Commissioner and Privacy and Data Protection Deputy Commissioner
Division 2--Privacy and Data Protection Deputy Commissioner
- 8H Appointment of Privacy and Data Protection Deputy Commissioner
- 8I Terms and conditions of appointment of Privacy and Data Protection Deputy Commissioner
- 8J Remuneration
- 8K Vacancy and resignation of Privacy and Data Protection Deputy Commissioner
- 8L Suspension and removal from office
- 8M Acting Privacy and Data Protection Deputy Commissioner
- 8N Validity of acts and decisions
Division 3--General
PART 2--APPLICATION OF THIS ACT
- 9 Definition
- 10 Courts, tribunals etc.
- 10A Royal Commissions etc.
- 11 Parliamentary Committees
- 12 Publicly-available information
PART 3--INFORMATION PRIVACY
Division 1--Application of this Part
- 13 Public sector organisations to which this Part applies
- 14 Exemption—Freedom of Information Act 1982
- 15 Exemption—law enforcement
- 15A Exemption—information sharing under the Family Violence Protection Act 2008
- 15B Exemption—information sharing under the Child Wellbeing and Safety Act 2005
- 15C Exemption—information sharing for quality and safety purposes under the Health Services Act 1988
- 15D Information sharing under Division 6 of Part 4A of Terrorism (Community Protection) Act 2003
- 16 What is an interference with privacy of an individual?
- 17 Effect of outsourcing
Division 2--Information Privacy Principles
- 18 Information Privacy Principles
- 19 Application of Information Privacy Principles
- 20 Organisations to comply with Information Privacy Principles
Division 3--Codes of practice
- 21 Codes of practice
- 22 Process for approval of code of practice or code amendment
- 23 Organisations bound by code of practice
- 24 Effect of approved code
- 25 Codes of practice register
- 26 Revocation of approval
- 27 Effect of revocation of approval or amendment or expiry of approved code
Division 4--Capacity to consent or make a request or exercise right of access
- 28 Capacity to consent or make a request or exercise right of access
Division 5--Public interest determinations and temporary public interest determinations
- 29 Public interest determination
- 30 Application taken to be application for temporary public interest determination on request
- 31 Information Commissioner may make public interest determination
- 32 Effect of public interest determination
- 33 Duration of public interest determination
- 34 Amendment of public interest determination
- 35 Revocation of public interest determination
- 36 Reporting and review
- 37 Temporary public interest determination
- 38 Application for temporary public interest determination
- 39 Information Commissioner may make temporary public interest determination
- 40 Duration of temporary public interest determination
- 41 Revocation of temporary public interest determination
- 42 Disallowance of determinations
Division 6--Information usage arrangements
- 43 Definitions
- 44 Approval of arrangement not required if information use otherwise permitted
- 45 Meaning of information usage arrangement
- 46 Parties to an information usage arrangement
- 47 Information Commissioner to consider information usage arrangement
- 48 Information Commissioner's report
- 49 Information Commissioner's certificate
- 50 Ministerial approval of information usage arrangement
- 51 Effect of approved information usage arrangement
- 52 Amendment of approved information usage arrangement
- 53 Revocation of approval of information usage arrangement
- 54 Reporting requirements for approved information usage arrangements
Division 7--Certification
- 55 Information Commissioner may certify consistency of act or practice
- 56 Review of decision to issue certificate
Division 8--Information privacy complaints
- 57 Complaints
- 58 Complaint referred to Information Commissioner
- 59 Complaints by minors
- 60 Complaints by people with a disability
- 61 Information Commissioner must notify respondent
- 62 Circumstances in which Information Commissioner may decline to entertain complaint
- 63 Information Commissioner may refer complaint
- 64 Information Commissioner may dismiss stale complaint
- 65 Minister may refer a complaint direct to VCAT
- 66 What happens if conciliation is inappropriate?
- 67 Conciliation process
- 68 Information Commissioner may issue notice to produce or attend
- 69 Conciliation agreements
- 70 Evidence of conciliation is inadmissible
- 71 What happens if conciliation fails?
- 72 VCAT may make interim orders before hearing
- 73 When may VCAT hear a complaint?
- 74 Who are the parties to a proceeding?
- 75 Time limits for complaints referred by the Minister
- 76 Inspection of exempt documents by VCAT
- 77 What may VCAT decide?
Division 9--Enforcement of Information Privacy Principles and approved information usage arrangements
- 78 Compliance notice
- 79 Power to compel production of documents or attendance of witness
- 82 Offence not to comply with compliance notice
- 83 Application for review
Division 10--Notices to produce or attend
- 83A Notice to produce or attend
- 83B Variation or revocation of a notice to produce or attend
- 83C Service of notice to produce documents or to attend
- 83D Office of the Information Commissioner to report to the Victorian Inspectorate on issue of notice to produce or attend
- 83E Power to take evidence on oath or affirmation
- 83F Legal advice and representation
- 83G Protection of legal practitioners and persons—notice to produce or attend
- 83GA Audio or video recording of examination
- 83H Failure to comply with notice to produce or attend
- 83I Reasonable excuse—self-incrimination
- 83J Reasonable excuse—cabinet documents and legal professional privilege
- 83K Statutory secrecy not a reasonable excuse
- 83L Act applies equally to attendance in person or by audio or audio visual link
PART 4--PROTECTIVE DATA SECURITY
Division 1--Application of Part
- 84 Application of Part
Division 2--Protective data security framework
- 85 Information Commissioner to develop Victorian protective data security framework
Division 3--Protective data security standards
- 86 Information Commissioner may issue protective data security standards
- 87 Amendment, revocation or reissue of standards
- 88 Compliance with protective data security standards
Division 4--Protective data security plans
- 89 Protective data security plans
- 90 Exemption—Freedom of Information Act 1982
PART 5--LAW ENFORCEMENT DATA SECURITY
- 91 Application of Part
- 92 Information Commissioner may issue law enforcement data security standards
- 93 Inconsistency with protective data security standards
- 94 Compliance with law enforcement data security standards
PART 6--GENERAL POWERS OF INFORMATION COMMISSIONER
Division 1--General powers of Information Commissioner
- 106 Information Commissioner may require access to data and data systems from public sector body Heads
- 107 Information Commissioner may require access to data and data systems from Chief Commissioner of Police
- 108 Information Commissioner may request access to crime statistics data
- 109 Information Commissioner may copy or take extracts from data
- 110 Public sector body Heads to provide assistance
- 111 Reports to the Minister and other reports
- 112 Disclosure during course of compliance audit—data security
- 113 Disclosure to the IBAC
Division 2--Reporting
- 116 Annual reports
PART 7--GENERAL
- 117 Protection from liability
- 118 Employees and agents
- 119 Fees for access
- 120 Secrecy
- 121 Information Commissioner to give notice before certain disclosures
- 122 Offence to obstruct, mislead or provide false information
- 123 Offences by organisations or bodies
- 124 Prosecutions
- 125 Regulations