Office of the Commissioner for Privacy and Data Protection, Victoria

Home / Membership / Members / Victoria, Australia




Country or territory: Victoria, Australia
Organisation: Office of the Commissioner for Privacy and Data Protection (CPDP)
Chair: David Watts, Commissioner for Privacy and Data Protection
Location/address: Level 6
121 Exhibition Street
Victoria, 3000
Primary contact: Jeannette Van Den Bulk, Assistant Commissioner Strategic Privacy
Number of staff: 22
Year established: 2014
Founding Act or Law: Privacy and Data Protection Act 2014
Online profile (website, social media, etc.): Website:
General description of activities: CPDP is responsible for promoting the protection of personal information, public sector data and law enforcement data held by the Victorian public sector. CPDP provides guidance to government organisations and agencies on how to uphold their legislative responsibilities, through producing resources and consulting with organisations on their projects. The Privacy and Data Protection Act 2014 does not impose obligations on the private sector or individuals.
General description of enforcement actions (powers of investigation, inspection and/or sanction): The Commissioner has the legislative authority to:

  • issue a compliance notice to an organisation that fails to comply with an Information Privacy Principle and carry out an investigation for that purpose;
  • examine the practices of an organisation and conduct audits of personal information records;
  • receive complaints from individuals in relation to a public sector organisation’s handling of their personal information, and conciliate that complaint where appropriate;
  • conduct monitoring, assurance and audits regarding compliance with relevant data security standards; and
  • undertake reviews relating to data security and law enforcement data security as requested by the relevant government Minister.
Number of decisions, opinions, recommendations in previous year: The Commissioner addressed 31 complaints in the past year. Of these complaints nine were declined, nine went to conciliation, two were successfully conciliated, and 13 were referred to the Victorian Civil and Administrative Tribunal.

The Commissioner approved one information usage arrangement and one application for certification in the past year.

Significant decisions, opinions or recommendations: In March 2016 the Commissioner certified the first information usage arrangement under the Privacy and Data Protection Act 2014, permitting a departure from a number of the Information Privacy Principles and information handling provisions in other legislation to enable better information sharing between specified organisations for family violence purposes.

In July 2016 the Commissioner also received the first application for certification under the Privacy and Data Protection Act 2014, where the organisation in question sought confirmation that their decision to provide online notification to individuals that their information may be indirectly collected in particular circumstances was in fact consistent with the collection principle.