Victorian government agencies collect, own, use, manage and store a wide variety of individuals' personal and health information. Designing sound public policy and supporting effective decision-making relies on good data. The obligations on government, and the rights of individuals in relation to that information, are contained in a complex framework of legislation.
As a major legal provider to government and its agencies, VGSO understands the challenges of applying privacy and data laws to an ever-changing technological landscape and embedding a constructive privacy and data protection culture.
Information sharing
VGSO advises on significant and complex multi-agency information sharing arrangements, as well as security arrangements and protocols. VGSO has a deep understanding of the data sharing schemes relied on by the Victorian government and VGSO’s advice often shapes State policy, as well as service delivery and design. VGSO advises on:
- the interpretation of statutes, including the characterisation of information and whether an organisation’s enabling legislation permits information sharing
- data sharing under the Privacy and Data Protection Act 2014 (PDP Act) (collection, use and disclosure), Public Records Act 1973 (storage and disposal) and the Freedom of Information Act 1982 (disclosure)
- the Victorian Data Sharing Act 2017, the Victorian Child and Family Violence Information Sharing Schemes and other emerging schemes
- multi-jurisdictional information sharing agreements, as well as one-way and reciprocal intergovernmental information sharing MOUs, and other arrangements on the handling and storage of shared information
- special purpose information sharing agreements, such as for construction cladding cost recovery and bushfire recovery rebuild support services
- the impact of specific technologies on information sharing risks, including in connection with the use of artificial intelligence and facial recognition applications
- the development of business cases for new data sharing arrangements.
Right to privacy and charter assessments
VGSO's specialist Human Rights Team routinely assists a range of agencies to understand the Charter right to privacy and how agencies can meet their Charter obligations to properly consider relevant rights and act compatibly with those rights when collecting, using and sharing information.
Privacy complaints
VGSO acts for and appears on behalf of a range of government agencies in relation to complaints against government for alleged privacy breaches, including complaints before the Privacy and Data Protection Deputy Commissioner and in VCAT proceedings.
Privacy documents
VGSO regularly advises on and drafts bespoke privacy policies, consent forms, collection statements and website privacy statements.
Privacy in commercial arrangements
VGSO routinely advises on privacy issues arising in commercial contexts, including:
- advising on data collection and handling practices under the PDP Act
- drafting and enforcing privacy and data protection provisions in supplier and outsourcing services agreements
- the use of privacy by design principles in the development of new applications and technologies
- advising on the inherent risks of integrating large data sets, including following machinery of government changes, and offering strategic advice on data minimisation methods
- reporting on the privacy impacts of cyber incidents, and advising on the organisation’s obligation to engage with OVIC and other VPS organisations
- preparing privacy impact assessments
- overseas and interstate data flows
Law enforcement data and agencies
Our lawyers have a detailed understanding of the regulatory regimes and practical considerations that apply when sharing data with law enforcement agencies, corporate bodies and individuals not only within Victoria but interstate and internationally.
Data protection
Victorian government agencies must keep public sector data secure. VGSO has assisted agencies to meet their obligations under the Victorian Protective Data Security Framework and Standards, as well as the Public Records Act 1973, and routinely advises organisations on these requirements in the course of their procurement of ICT services.
Updated