• Privacy Victoria

Read the full text

Image: Andrew Jeffrey

10 August 2009This guide has been developed to meet a need of the Victorian public sector, including Local Councils.

Data matching is an activity which creates special risks and considerations for privacy. Privacy Victoria’s 2005 audit of data matching activities found that most of the organisations surveyed have difficulty in translating a high level of awareness of their privacy responsibilities into an understanding about how the Information Privacy Principles (the IPPs) apply to their data matching practices. Most organisations favoured the development of data matching guidelines from the office to assist in this regard.

Privacy Victoria has therefore developed this guide to assist organisations to assess existing or contemplated data matching activities for compliance with the Information Privacy Principles in the Information Privacy Act, as well as consistency with the Charter of Human Rights and Responsibilities and good privacy practice.

The guide is not intended to cover the Health Records Act 2001 (Vic). If your organisation handles health information, you will need to comply with the Health Privacy Principles (HPPs) in that Act as well. Advice on compliance with the HPPs should be sought, in the first instance, from the Office of the Health Services Commissioner, which regulates the handling of health information in Victoria.

This guide is not intended to deal with issues concerning ownership of information or copyright.

Responsibilities of participant organisations are discussed in light of privacy and data protection requirements, which apply regardless of who ‘owns’ the personal information involved. This guide is not legally binding and does not constitute legal advice about how organisations are to comply with the IPPs in specific  circumstances. It is intended to indicate how the Privacy Commissioner interprets and applies the IPPs.

This guide indicates the matters the Privacy Commissioner may consider if organisations seek advice about data matching, when dealing with complaints about data matching, or when conducting an investigation into an apparent breach of the IPPs involving data matching.