Law: Privacy and Data Protection Act 2014 (No. 60 of 2014) ('the Act'). Please note that the Act applies to public bodies. Private organisations are subject to the federal Privacy Act 1988.
Regulator: The Office of the Victorian Information Commissioner ('OVIC')
Summary: There is no separate, territorial level private sector data protection law in Victoria. However, while the Act principally applies to public bodies, it also contains provisions that may bring contracted service providers under its scope. The OVIC ensures compliance with the Act. The OVIC is relatively active in producing guidance, although such guidance is primarily focused on the public sector. In addition, the Health Records Act 2001 establishes several requirements for the handling of health information. The Office of the Health Services Commissioner ('OHSC') administers the Health Records Act, including receiving and acting on complaints related to the handling of health information. The OHSC has released extensive guidance on its processes and the scope of its powers.