Victoria
| OVERVIEW | Well-developed privacy laws and enforcement. Modeled after the privacy laws of the federal government. |
| ENACTED | 2000 |
| GENERAL PRIVACY LAWS | The Information Privacy Act 2 No 98 (Vic) came into effect on 1 September 22. The Act covers the handling of all personal information except health information in the public sector in Victoria. This Act adopts the Information Privacy Principles, which are similar to the NPP’s set out in the Federal Privacy Act. |
| PERSONAL DATA PROTECTION LAWS AND REGULATIONS | Victoria’s Information Privacy Act 2000 applies where personal information is recorded. This will include personal information in almost any format, including computer records, email and other electronic communications. |
| TYPE OF DATA PROTECTED | Victoria’s Information Privacy Act 2000 applies where personal information is recorded. |
| WORKPLACE PRIVACY LAWS |
The Office of the Victorian Privacy Commissioner has provided guidance on workplace monitoring. Entitled “Workplace Privacy: April 2003”, the Victorian Privacy Commissioner lists the laws and principles that employers must consider before engaging in monitoring. Among the laws that must be considered are the Surveillance Devices Act 1999 that controls the use of surveillance technology and restricts the communication and publication of private conversations and activities. In addition, Victoria’s Information Privacy Act 2000 applies where personal information is recorded. This will include personal information in almost any format, including computer records, email and other electronic communications. In the Privacy Commissioner’s Annual Report for 2006-2007, it is noted that a large number of complaints received by the Privacy Commissioner’s Office related to monitoring in the workplace. The Privacy Commissioner’s response is as follows: “For such enquiries, Privacy Victoria staff inform enquirers that even if the private sector employer does not fall within the small business exemption of the Privacy Act and is bound by it, the Act nevertheless contains an exemption in relation to personal information of employees. This is to ensure that the enquirer understands the limits of jurisdiction before being referred.” On July 25, 2006, Victoria became the first Australian State to enact a Bill of Rights when the Victorian Parliament Passed the Victorian Charter of Human Rights and Responsibilities 2006. The Charter took legal effect on January 1, 2007. Section 13 of the Victorian Charter provides that a person has the right “not to have his or her privacy, family, home or correspondence unlawfully or arbitrarily interfered with.” It is likely that this Bill of Rights will have an impact on all areas of privacy, including workplace monitoring. In light of the exemption employee information from privacy legislation, it is not yet clear how the new Victorian law may impact the overall privacy rights of individuals if monitoring is lawful and not conducted arbitrarily. |
| TRANSBORDER TRANSFERS | Governed by Principle 9 of the Information Privacy Act which allows an organization to transfer personal data to someone outside of Victoria only if: (1) the organization reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of information that are substantially similar to the Information Privacy Principles; or (2) the individual consents to the transfer; or (3) the transfer is necessary for the performance of a contract between the individual and the organization or for the implementation of pre-contractual measures taken in response to the individual’s request; or (4) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organization and a third party; or (5) all of the following apply: (i) the transfer is for the benefit of the individual; (ii) it is impracticable to obtain the consent of the individual to that transfer; (iii) if it were practicable to obtain that consent, the individual would be likely to give it; or 96) the organization has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Information Privacy Principles. |
| FINES AND SANCTIONS | Compliance Notice can be issued to defendant. Privacy Commissioner can issue notice requiring the production of documents and information. |
| OTHER PRIVACY LAWS AND REGULATIONS | |
