|Country or territory:||Victoria, Australia|
|Organisation:||Office of the Commissioner for Privacy and Data Protection (CPDP)|
|Chair:||David Watts, Commissioner for Privacy and Data Protection|
121 Exhibition Street
|Primary contact:||Jeannette Van Den Bulk, Assistant Commissioner Strategic Privacy
|Number of staff:||22|
|Founding Act or Law:||Privacy and Data Protection Act 2014|
|Online profile (website, social media, etc.):||Website: cpdp.vic.gov.au
|General description of activities:||CPDP is responsible for promoting the protection of personal information, public sector data and law enforcement data held by the Victorian public sector. CPDP provides guidance to government organisations and agencies on how to uphold their legislative responsibilities, through producing resources and consulting with organisations on their projects. The Privacy and Data Protection Act 2014 does not impose obligations on the private sector or individuals.|
|General description of enforcement actions (powers of investigation, inspection and/or sanction):||The Commissioner has the legislative authority to:
|Number of decisions, opinions, recommendations in previous year:||The Commissioner addressed 31 complaints in the past year. Of these complaints nine were declined, nine went to conciliation, two were successfully conciliated, and 13 were referred to the Victorian Civil and Administrative Tribunal.
The Commissioner approved one information usage arrangement and one application for certification in the past year.
|Significant decisions, opinions or recommendations:||In March 2016 the Commissioner certified the first information usage arrangement under the Privacy and Data Protection Act 2014, permitting a departure from a number of the Information Privacy Principles and information handling provisions in other legislation to enable better information sharing between specified organisations for family violence purposes.
In July 2016 the Commissioner also received the first application for certification under the Privacy and Data Protection Act 2014, where the organisation in question sought confirmation that their decision to provide online notification to individuals that their information may be indirectly collected in particular circumstances was in fact consistent with the collection principle.