Navigating legislation and sharing safely
Legislation, standards and policies that ensure data security, privacy and integrity.
On this page
- The Victorian Data Sharing Act
- Legislation that applies to data sharing and use
- Frameworks and standards for data sharing and use
- Reporting on data security
- Ensuring secure and ethical data use
Victoria has legislation that allows data to be shared across government in a safe and secure way:
- Data can only be shared when it helps to improve policies and service delivery in the public interest.
- Data sharing involves following strict privacy, data security and other specific information-sharing rules.
These requirements are supported by the Victorian Centre for Data Insights (VCDI) working closely with the Office of the Victorian Information Commission and Health Complaints Commissioner.
The Victorian Data Sharing Act
The Victorian Data Sharing Act 2017 (VDS Act) enables data to be shared across government while providing strong safeguards and oversight.
The Act sets up the Chief Data Officer as the head of VCDI. The Act makes it easier for VCDI to access data for projects that respond to government priorities, particularly those with a whole-of-government strategic focus, and where cross-government data sharing is required and expected by the community. The Act also provides a legal pathway for departments and agencies to access identifiable data in order to integrate it with other datasets for analysis, in a way that works alongside existing privacy rules which still apply.
How the Act enables data sharing safely:
The Chief Data Officer has the power to request data held by departments and agencies for the approved purpose of informing policy making, service planning and design
Departments and agencies are required to respond within 10 business days with the data, or by providing written reasons for refusal
Departments and agencies can also access identifiable data to carry out data integration, to inform policy making and service planning.
Before any data is used for analytics, steps must be taken to ensure no individual can be identified from that data
There are offences for unauthorised data access, use or disclosure
VCDI reports annually to Victorian privacy regulators on its operations, functions and any privacy breaches
- The VDS Act ensures accountability and oversight by independent authorities (the Office of the Victorian Information Commissioner and Health Complaints Commissioner).
Guidance on data sharing in government
Victorian Data Sharing Act 2017 – De-identification guidelines PDF 975.79 KB (opens in a new window)
Information sharing schemes
The Child Information Sharing Schemeallows authorised organisations and professionals who work with children, young people and their families to share information with each other to promote children’s wellbeing and safety.
The Family Violence Information Sharing Scheme allows authorised organisations that work with victims and perpetrators of family violence to share information with each other to in order to keep victims safe and hold perpetrators to account.
Legislation that applies to data sharing and use
- Privacy and Data Protection Act 2014
- Health Records Act 2001
- Victorian Data Sharing Act 2017
- Family Violence Protection Amendment (Information Sharing) Act 2017
Frameworks and standards for data sharing and use
- Victorian Protective Data Security Framework
- Victorian Protective Data Security Standards
- Public Records Office Victoria Standards
- Information Management Framework for the Victorian Public Service
- Information management policies and standards
- Information Security Management Framework
Reporting on data security
All public sector organisations must undertake a range of activities to meet their reporting obligations under the Privacy and Data Protection Act 2014, including:
- submitting their Protective Data Security Plan
- cooperating with the Office of the Victorian Information Commissioner when they undertake monitoring and assurance activities such as audits or reviews
Ensuring secure and ethical data use
Standard operating protocols
Our standard operating protocols outline the process and framework for conducting data analytics projects - including the protection and control measures we must take for safe and ethical data use.
This ensures we are taking the required steps to protect the data we hold from misuse, loss and unauthorised access, modification and disclosure.
Assessing and mitigating risk
We use a trusted data access and sharing model
We use the Five Safes Framework to assess and mitigate risk when we access, share and disclose data. This framework is also used by the Australian Bureau of Statistics, UK Data Service, Statistics New Zealand, South Australian Office for Data Analytics and Eurostat (European Commission).
The framework has five elements. We evaluate these independently and then analyse them together to measure the overall risk level for each project:
- Safe Projects: is data to be used for an appropriate, authorised purpose?
- Safe Data: is there a disclosure risk in the data itself (sensitivity and re-identification)?
- Safe People: can those using the data (e.g. researchers and analysts) be trusted to use it in an appropriate manner?
- Safe Settings: does the access environment (physical, technical, and procedural) prevent unauthorised data use?
- Safe Outputs: are the analytical results non-disclosive (e.g. can individuals or groups be re-identified from a broader audience)?
This approach shifts the focus away from the data itself to how the data will be accessed, used and released.
We’re guided by key data security and privacy principles
Our operating model, project model and technology platforms are based on the following principles:
-
Privacy by Design: this ensures that appropriate privacy protections are embedded into the overall design from the very start and built into all planning and design decisions. This model gives us a clear, layered, scalable privacy risk assessment framework that aligns with the Five Safes Framework. Privacy risks require a flexible, case-by-case risk management approach.
-
Defence in Depth: this ensures we have a series of layered defensive mechanisms to protect our data and information, including physical, technical, and people security. This approach aligns with the requirements of the Victorian Protective Data Security Framework and Standards and Five Safes Framework.
Updated 31 January 2025
Related links
- Read OVIC’s Victorian Protective Data Security Framework
- Read OVIC’s Victorian Protective Data Security Standards
- Join OVIC’s Victorian information security network
Community of Practice
The Data Analytics and Insights Community of Practice (Victorian public service only) brings together the latest news, toolkits, case studies and events to help you do your work better. To join the community, sign up and log in to the Innovation Network(opens in a new window).
Join the Data Analytics and Insights Community of Practice
About the VIC Government
- The Premier and ministers
- Find a Vic Gov department, agency or service
- Strategies and policies
- Inquiries and royal commissions
Grants and programs
Jobs and careers
Arts, culture and heritage
Business and the workplace
- Mentally Healthy Workplaces Framework
- Portable Long Service Authority
- Victoria’s racing industry
- Workforce Inspectorate Victoria
- Liquor licensing, sale and supply
Communities
- Children
- First Peoples - State Relations
- Finding records
- Gender equality & women’s leadership
- LGBTIQA+ equality
- Multicultural communities
- Seniors Online
- Veterans support and commemoration
- Volunteering in Victoria
- Youth Central
Education and training
- Victorian Early Childhood Regulatory Authority
- Early childhood education – information for professionals
- Kinder: Best Start, Best Life
- Education – information for parents
- Schools.Vic - information for schools
- Education grants, programs, awards and events
- PROTECT
- TAFE, training and universities sector
- TAFE Victoria
- Victorian Skills Authority
- Apprenticeships Victoria
- Learn Local
Environment, water and energy
Finance and economy
Health and social support
- Family violence reform
- NDIS Worker Screening Check
- NDIS and disability services and support in Victoria
- Patient Review Panel
- Transforming Trauma Victoria
Housing and property
Law and justice
- Adoption
- Births, deaths and marriages
- Honorary justices
- Machete ban
- Safeguarding Victorians against terrorism
- Stolen Generations Reparations Package
- Victims of Crime
- Victorian Racing Tribunal
Safety and emergencies
- Emergency Recovery Victoria
- Victorian Emergency Relief and Recovery Foundation
- Emergency Recovery Resource Portal
- How well do you know fire
- Fire Services Reform
- Water safety
- Marine Search and Rescue
Science and technology
- Data sharing and open data
- Data.vic - discover and access Vic Gov open data
- Developer.Vic - portal for API developers
- Go.vic URL shortener
- Vic Gov IT project dashboard
- Victoria’s free public wi-fi network
- Cyber security in the Victorian Government
Sport and recreation
Traffic and transport
- Cameras Save Lives
- Transport Fines
- Getting Around
- Transport Planning
- Transport Future
- Climate Change and transport
- Future Directions For Transport
- Transport projects
- Ports and Freight
Working in the Victorian Government
- Single Digital Presence home
- Accommodation and Library Services
- Executive employment in the Victorian public sector
- Budget, procurement and funding
- Careers in the Victorian Government
- Council and Regulator Toolkit
- Guidelines for working in government
- Join a government network
- Standards and guidelines
- VicFleet CarPool
- Victorian Government style guide