The department continues a tradition of responsible personal information handling in accordance with the 10 Information Privacy Principles (IPPs) which form the backbone of the legislation.

The Victorian Government values and protects all personal information it collects in the course of undertaking its responsibilities. It has always demonstrated a strong culture of protecting the confidentiality and privacy of individuals and clients.

The Privacy and Data Protection Act 2014 and the Health Records Act 2001 were introduced to provide a legal framework to support the appropriate balance between the free-flow of information for the public good and the protection of privacy of personal information.

Our privacy policy

DEECA Privacy Policy (PDF, 142.2 KB)
DEECA Privacy Policy (DOCX, 952.4 KB)

If you have any queries, you can contact:

foi.unit@deeca.vic.gov.au

or

Manager FOI and Privacy
Department of Energy, Environment and Climate Action
PO Box 500
East Melbourne VIC 3002

What is Privacy?

There are many kinds of privacy. Privacy is an internationally recognised human right that protects individuals from a range of interferences. In modern society the term privacy may be used to describe a number of related human rights:

  • Personal privacy, which considers the integrity of an individual's body
  • Privacy of personal behaviour, which incorporates sensitive social issues such as sexual preference, political activities and religious practices
  • Privacy of personal communications, which revolves around the concept of confidential voice, speech and telecommunications
  • Privacy of territory which may be defined as the right to personal space and to the protection of one's property from trespass, and
  • Information Privacy or Data Privacy, which relates to the protection of personally identifying information. Information Privacy seeks to place greater control relating to information use with the individual who is the data subject. It is usually expressed as Information Privacy Principles (IPPs) that regulate the collection, use, disclosure, transfer, access, correction, disposal of personally identifying information.

Information Privacy seeks to place greater control relating to information use with the individual who is the data subject. It is usually expressed as Information Privacy Principles (IPPs) that regulate the collection, use, disclosure, transfer, access, correction, disposal of personally identifying information.

What information is regulated in the public sector by Victorian Privacy Legislation?
  • Personal information, that is information, whether fact or opinion, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion (Privacy and Data Protection Act 2014).
  • Personal information, which relates to an individual's physical, mental and emotional health or disability, palliative or aged care, or health service (Health Records Act 2001).

Personal information may consist of separate or linked factual data fields such as name, date of birth, driver's license number, as well as evaluative commentary regarding an individual or transaction. It may be held on a paper file, database on in another medium such as film, video or audio tape.

A person's identity may be apparent even when their name is not included in the information depending upon the other data items included in the information and the context the information is collected, used or disclosed within. The context of the provision of information and the connection or linking of data fields can change non identifying data into personally identifying information. For example a person's physical description linked with their profession and work location may be highly identifying when discussing a celebrity or well-known figure.

Examples of Information that may be personally identifying either alone or in combination are:
  • Name
  • Photograph
  • Title
  • Email address
  • Telephone or fax numbers
  • Date of birth
  • Employee security pass number
  • Employee logon ID
  • Driver's licence number
  • Health diagnosis
  • Gender
  • Ethnicity
  • Banking details, such as branch location, account number and funds available
  • Customer service operators notes about a client and their enquiry
  • A performance appraisal report about a staff member
How do I make a complaint if I think my privacy has been interfered with?

If you think your privacy has been interfered with and would like to make a complaint please complete the attached form and post to:

The Manager Privacy
Department, Water, Land and Planning
PO Box 500
East Melbourne 3002

The Manager, Privacy and Legislation Projects will acknowledge your complaint within 24 hours of receiving it. The Manager of Privacy will assess all written complaints and seeks to provide a decision regarding the most effective way to proceed with the complaint no later than 20 working days after the day the complaint is received.Where the complexity of the complaint and its appropriate resolution indicates that it is unlikely to be resolved within the 20 days an extended time frame for resolution will be discussed with the complainant will be.

DELWP Privacy Complaint Form (PDF, 123.1 KB)
DELWP Privacy Complaint Form (DOCX, 66.3 KB)

How do I get access to personal information about me held by the Department?

The access provisions of the Freedom of Information Act 1982 (FOI Act) and Privacy and Data Protection Act 2014 (Privacy Act), provide a statutory right of access by individuals to personal information held by government agencies about them.

While it is intended by the legislators that the FOI Act provides the channel for access and correction to personal information in the vast majority of applications for access, it is recognised that in some limited circumstances an informal process may be more appropriate.

All requests for access to personal information under the Privacy Act should be referred in the first instance to the Manager, Privacy for assessment. The Manager Privacy will consider the circumstances surrounding the request and the content of the data.

The request for informal access may either be endorsed and facilitated by the Manager FOI and Privacy, or the individual making the request may be advised to apply to the Department formally under the FOI Act for access.

If you would like to request access to information about personal information held about you, please contact:

foi.unit@deeca.vic.gov.au

or

Manager FOI and Privacy
Department of Energy, Environment and Climate Action
PO Box 500
East Melbourne VIC 3002

Privacy Legislation

Three specific privacy statutes deal with Information Privacy in Australia; they are:

Privacy Act 1988 which enshrines the Australian Privacy Principals (APPs) and extends privacy regulation to the private sector nationally. This statute is regulated by the Australian Information Commissioner.

The Privacy and Data Protection Act 2014 regulates the personal information handling activities of the Victorian Public Sector and its funded services (except personal health information). This statute is regulated by the Victorian Information Commissioner. (See attached Information Privacy Principles.)

The Health Records Act (Vic) 2001 which regulates both public and private sector organisations that handle personal health information. The Health Privacy Principles (HPPs) are largely similar in spirit and principle to the NPPs and IPPs of the Victorian Information Privacy Act but are tailored to the specific requirements of health services and health information. This statute is regulated by the Victorian Health Complaints Commissioner.

Exemptions to the Legislation

The Privacy and Data Protection Act 2014 does not apply to:

  • A court or tribunal
  • The holder of a judicial or quasi-judicial office
  • A registry or other office of a court or tribunal
  • The staff of these offices in their capacity as members of that staff
  • Publicly available information, that is personal information that is:
    • A generally available publication
    • Kept in a library, art gallery or museum
    • A public record under the Public Records Act 1973
    • Archives within the Copyright Act 1968
  • Public registers, while mostly exempt under the protection of their own acts, are required 'so far as is reasonably practicable, not do an act or engage in a practice that would contravene an Information Privacy Principle'.
  • Law Enforcement agencies do not need to comply with IPPs 1.3 to 1.5, 2.1,6.1 to 6.8, 7.1 to 7.4, 9.1 or 10.1 if they believe on reasonable grounds that the non compliance is necessary for the purposes of one or more of its or another law enforcement agency's law enforcement functions or activities.

The Health Record Act does not apply to:

  • Health information that has any connection with an individual's personal, family or household affairs
  • A court or tribunal
  • The holder of a judicial or quasi-judicial office
  • A registry or other office of a court or tribunal
  • The staff of these offices in their capacity as members of that staff
  • Publicly available information that would mean personal information that is:
    • A generally available publication
    • Kept in a library, art gallery or museum
    • A public record under the Public Records Act 1973
    • Archives within the Copyright Act 1968
  • Health information held by a news medium in connection with its news activities

Page last updated: 09/08/23