PRIVACY AND DATA PROTECTION ACT 2014 (NO. 60 OF 2014) - SECT 103 Functions of the Commissioner
PRIVACY AND DATA PROTECTION ACT 2014 (NO. 60 OF 2014) - SECT 103
Functions of the Commissioner(1) The Commissioner has the following functions in relation to information privacy—
(a) to promote an understanding and acceptance of the Information Privacy Principles and of the objects of those Principles;
(b) in accordance with Division 3 of Part 3, to undertake activities relating to development and approval of codes of practice;
(c) to publish model terms capable of being adopted by an organisation in a contract or arrangement with a recipient of personal information being transferred by the organisation outside Victoria;
(d) to examine the practice of an organisation with respect to personal information maintained by that organisation for the purpose of ascertaining whether or not the information is maintained according to the Information Privacy Principles or any applicable code of practice;
(e) subject to this Act—
(i) to receive complaints about an act or practice of an organisation—
(A) that may contravene an Information Privacy Principle; or
(B) that may interfere with the privacy of an individual or may otherwise have an adverse effect on the privacy of an individual; and
(ii) if the Commissioner considers it appropriate to do so, to endeavour, by conciliation, to effect a settlement of the matters that gave rise to the complaint;
(f) to issue compliance notices under Division 9 of Part 3 and to carry out an investigation for that purpose;
(g) to conduct or commission audits of records of personal information maintained by an organisation for the purpose of ascertaining whether the records are maintained according to the Information Privacy Principles or any applicable code of practice;
(h) to examine and assess any proposed legislation that would require or authorise acts or practices of an organisation that may, in the absence of the legislation, be interferences with the privacy of an individual or that may otherwise have an adverse effect on the privacy of an individual, and to report to the Minister the results of the examination and assessment;
(i) to consult and cooperate with persons and bodies concerned with information privacy;
(j) to make public statements in relation to any matter affecting personal privacy or the privacy of any class of individual;
(k) to issue guidelines and other materials in relation to the Information Privacy Principles and information usage arrangements;
(l) to undertake research in relation to matters relating to information privacy;
(m) to undertake reviews of any matters relating to information privacy, as requested by the Minister;
(n) to make reports or recommendations in relation to information privacy as provided for by section 111.
(2) The Commissioner has the following functions in relation to protective data security and law enforcement data security—
(a) to issue protective data security standards and law enforcement data security standards;
(b) to develop the Victorian protective data security framework and promote the uptake of protective data security standards by the public sector;
(c) to conduct monitoring and assurance activities, including audits, to ascertain compliance with data security standards;
(d) to refer findings of monitoring and assurance activities, including audits, to an appropriate person or body for further action;
(e) to retain copies of protective data security plans;
(f) to issue guidelines and other materials in relation to protective data security standards;
(g) to undertake research in relation to matters relating to protective data security and law enforcement data security relevant to the public sector, particularly relating to information and communications technology;
(h) to undertake reviews of any matters relating to protective data security, as requested by the Minister;
(i) to undertake reviews of any matters relating to law enforcement data security and crime statistics data security, as requested by the Minister;
(j) to make reports or recommendations in relation to data security as provided for by section 111.
(3) In addition to the functions set out in subsections (1) and (2), the Commissioner has any other functions conferred on the Commissioner by or under this or any other Act.