Privacy and security measures protect against misuse, loss and unauthorised disclosure of personal information
This policy refers to the use and management of personal and health information collected by the Department of Justice and Regulation.
Personal and health information held by the department is managed in accordance with the privacy principles contained in the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and as required by other laws. The department is required by law to have a policy on its information handling practices.
Personal information is recorded information about a living identifiable or easily identifiable individual (including work related information or images).
Sensitive information is information about a living individual’s race or ethnicity, political opinions, religious or philosophical beliefs, sexual preferences or practices, criminal record, or membership details, such as trade union or professional, political or trade associations.
Health information is information about a living or deceased individual’s physical, mental or psychological health.
What does the department do?
The Justice portfolio encompasses specific ministerial portfolios:- the Attorney-General, Racing, Police, Corrections, Emergency Services, and Consumer Affairs, Gaming and Liquor Regulation.
Justice-related programs and services include police, courts, prisons, emergency services, regulation of gaming, racing, liquor licensing and victims' services. Some Justice-related functions are carried out by independently governed statutory agencies, or contracted service providers which have their own privacy policies.
What areas of the department collect personal and health information?
Areas of the department that are most likely to collect personal and health information include:
- Consumer Affairs Victoria
- Corrections Victoria
- Infringement Management and Enforcement Services (including Sheriff functions)
- Koori Justice Unit
- People and Culture (Human Resources)
- Regional Justice Service Centres
- Registry of Births, Deaths and Marriages
- Working with Children Check Unit
- Victims Support Agency.
Because individuals, members of the public, or department staff deal with specific areas of the department, these areas may have additional privacy policies that explain in more detail their particular information management practices.
For example, People and Culture has additional policies, which explain in more detail how human resources records are managed in accordance with privacy legislation.
Do any areas of the department not have to comply with privacy legislation?
Certain areas of the department or department staff may not have to comply with some or all of the privacy principles. These situations include where:
- the provisions of another Act are more specific about how information should be managed
- the area makes use of generally available publications, for example, websites, or publicly accessible directories
- staff are carrying out law enforcement functions which would be hindered if they were to comply with all of the privacy principles.
What sort of information does the department collect?
Where lawful and practicable an individual may be anonymous when interacting with the department. No identifying details will be collected.
The department collects personal and health information for statutory and administrative reasons. Typical collections include:
- solicited and unsolicited correspondence from the public
- applications, enquiries, submissions, surveys and complaints
- information concerning adult prisoners and offenders subject to supervision by Corrections Victoria
- details of staff, volunteers, visitors, committee members and statutory office holders
- research data
- native title claim information.
The type of personal or health information the department collects depends on the nature of the contact with the department.
In certain limited circumstances, as permitted by privacy or other legislation, the department may collect sensitive information.
Why does the department collect information?
The department collects personal and health information as necessary for its functions of reform, administration and enforcement of the law.
The department takes reasonable steps to explain why personal or health information is collected, what is done with it, whether any law requires it and the main consequences for an individual if it is not provided to the department.
What does the department do with information?
The department uses and provides to other people or organisations, personal or health information for the purposes the department collected it.
Occasionally, the department may be authorised by law (sometimes privacy legislation but often other laws) to use or provide personal or health information to others for other purposes. In other cases an individual’s consent may be sought to use or provide personal information to others.
The department only assigns or adopts a unique identifier (e.g. employee number) for an individual if it is necessary, authorised by law or with consent. The department ensures any transfer of personal or health information outside Victoria is in accordance with privacy legislation.
How does the department ensure that information is accurate and up-to-date?
The department takes reasonable steps to ensure that personal and heath information held is accurate, complete and up-to-date.
Usually, the department relies on individuals to provide accurate and current information to the department in the first instance, and to notify when circumstances or details change.
How does the department store and protect information?
All areas of the department have security measures aimed at protecting personal and health information from misuse, loss, unauthorised access or disclosure.
Stored information is also archived in accordance with the Public Records Act 1973, which determines when it is appropriate to retain or dispose of it.
How can individuals access information held by the department?
It is the department’s policy that where appropriate an individual may ask for access to their personal or health information, without having to make a formal request under the Freedom of Information Act 1982 (FOI Act).
In some situations, such access outside the FOI Act will not be appropriate, and an individual will have to make a formal FOI request. (For example, if a third party’s privacy is involved).
Individuals can access information held about them by the department by:
- directly contacting the area of the department that has the information
- contacting the department's Manager, Information and Privacy
- under the Freedom of Information Act 1982 where appropriate
- other access regimes under other laws. Contact the relevant business unit for further information.
How does the department handle complaints about privacy?
The department undertakes to resolve privacy complaints in a timely, fair and reasoned way.
If you have been dealing with a specific area of the department, contact that area and ask to speak with their privacy coordinator, or contact the Manager, Information and Privacy, by phoning (03) 8684 0178 or by sending a letter to the following address:
Manager, Information and Privacy
Department of Justice and Regulation
GPO Box 4356
MELBOURNE VIC 3001
Phone 03 8684 0178
Fax 03 8684 0099