Victorian Protective Data Security Standards

OVIC logo
Victorian Protective Data Security Standards - clarification of agency requirements

 

A number of funded organisations have contacted the Office of the Victorian Information Commissioner (OVIC) or the Department of Health and Human Services seeking clarification regarding their Victorian Protective Data Security Standards (VPDSS) compliance and reporting obligations.

Please note that funded organisations are not required to directly report to OVIC, or complete the VPDSS compliance documents published on the OVIC website.

The VPDSS categorises funded organisations as Contracted service providers. The information security compliance and reporting obligations between the department and funded organisations is defined by VPDSS Standard 9.

According to VPDDS Standard 9, it is the department's responsibility to ensure that Contracted service providers “do not do or act or engage in a practice that contravenes the Victorian Protective Data Security Standards (VPDSS).

During 2018, the department will commence work with funded organisations to develop a risk based reporting arrangement to ensure they are taking suitable steps to protect client data.

Recommended next steps