Changes to Privacy and Data Protection Act from 11 September 2024

As some of you will be aware, amending legislation which was finally approved on 10 September 2024 made some important changes to the Privacy and Data Protection Act 2014 (Vic) ("PDP Act").  They commenced on 11 September 2024.

In summary, some of the were:

• the definition of "sensitive information" has been amended to not be about sexual preferences, but rather now includes information about "sexual orientation"
• to extend the definition of "law enforcement agency" to the Legal Services Board and the Legal Services Commissioner
• adding as a basis for when the Information Commissioner can decline to entertain a complaint where the complainant has failed to co‑operate with the Information Commissioner without reasonable excuse
• new provisions are included to allow the Information Commissioner to conduct preliminary inquiries or consult with the respondent body to determine whether a complaint can be resolved informally.  There is emphasis on informal resolution first before considering conciliation
• requires that protective data security standards can only be issued if first agreed to by the Minister and that they can be for the "confidentiality, integrity and availability" of and access to public sector data - the reference to "security" was removed
• exemption under the FOI Act now extends not just to a protective data security plan, but also to "a security risk profile assessment" under s 89 of the PDP Act.

If you have any queries about what changes have been made or how it may affect your agency, please do not hesitate to contact us.

Mick Batskos

Executive Director