Law: Privacy and Data Protection Act 2014 (No. 60 of 2014) (the Act). Please note that the Act applies to public bodies. Private organisations are subject to the federal Privacy Act 1988.

Regulator: The Office of the Victorian Information Commissioner (OVIC)

Summary: There is no separate, territorial level private sector data protection law in Victoria. However, while the Act principally applies to public bodies, it also contains provisions that may bring contracted service providers under its scope. The OVIC ensures compliance with the Act. The OVIC is relatively active in producing guidance, although such guidance is primarily focused on the public sector. In addition, the Health Records Act 2001 (the Health Records Act) establishes several requirements for the handling of health information. The Health Complaints Commissioner (HCC) administers the Health Records Act and acts on complaints related to the handling of health information. The HCC has released extensive guidance on its processes and the scope of its powers.