Skip to content
Victorian Government Website (Victoria, the Place to Be)
Department of Human Services, Victoria, Australia
Service Agreement Information Kit for Funded Organisations

4.9 Privacy and Whistleblower Protection Act

Privacy

New technology is providing opportunities to improve the accessibility and quality of human services, for example, through electronic linking of client records to the different services involved in client case management.

The department and organisations it funds are subject to a legislative privacy regime that governs the handling of personal and health information. The Information Privacy Act 2000 (IPA) and the Health Records Act 2001(HRA) protect personal and health information by setting standards on how such information should be handled, from collection to disposal.

The IPA covers personal information, other than health related information, held by Victorian public sector organisations. The HRA covers health information handled by both public and private sector organisations.

The Office of the Victorian Privacy Commissioner (OVPC) and the Office of the Victorian Health Services Commissioner administer the IPA and HRA respectively. Both have powers to investigate complaints, impose compliance notices and impose penalties if a privacy breach is found to have occurred.

It is expected that organisations have a privacy policy and that procedures incorporate the principles in the Victorian privacy legislation as minimum standards for handling personal and health information. Broadly, this means organisations should:

  • Collect only information which is needed for a specified primary purpose;
  • Ensure clients know why information is collected and how it will be handled;
  • Use and disclose the information only for the primary or a directly related purpose, or for another purpose with the person's consent (unless otherwise authorised by law);
  • Store the information securely and protects it from unauthorised access;
  • Retain the information for the period authorised by the Public Records Act 1973; and 
  • Provide the person with access to their own information and the right to seek its correction.

Funded organisations are required by the standard clause in their service agreement to comply with both Acts. Funded organisations are also subject to the HRA in their own right, if handling health information.

For further details on privacy, including the department's privacy policy and a summary of the privacy principles, go to http://www.dhs.vic.gov.au/pdpd/ciiru/privacy.

The Corporate Integrity Information and Resolutions Unit of DHS (CIIRU) is developing guidelines intended to assist the department and its funded service partners in meeting their legislative requirements. These guidelines will be available on this website by the end of July 2009.

The full set of principles in the respective privacy laws can be found in the Information Privacy Act 2000 and in the Health Records Act 2001. Copies can be purchased from Information Victoria telephone 1300 366 356.

For more information, on the Health Records Act, contact:

Health Services Commissioner, 30th Floor, 570 Bourke Street Melbourne Victoria 3000.

Telephone: 1800 136 066.

Website: http://www.health.vic.gov.au/hsc (external link)

For more information on the Information Privacy Act contact:

Victorian Privacy Commissioner,Level 11, 10-16 Queen Street Melbourne Victoria 3000.

Telephone: 1300 666 444

Website: http://www.privacy.vic.gov.au (external link)

If further advice is required about specific issues surrounding health privacy and information privacy, funded organisations should seek independent legal advice.

Whistleblower Protection Act

The Whistleblower Protection Act 2001 facilitates the making of disclosures about improper conduct by public bodies and public officials and provides a number of protections for those who come forward with a disclosure ('whistleblowers'). It also provides for the investigation of disclosures that meet the definition, as detailed in the Act, of a 'public interest disclosure'.

The main objectives of the Act are to:

  • promote a culture in which whistleblowers feel safe to make a disclosure
  • protect people who disclose information about serious wrongdoing within the public sector from recrimination or other adverse consequences
  • provide a framework for investigating disclosed matters, and
  • ensure that investigated matters are dealt with properly.

The Act recognises that improper or corrupt conduct by employees, officers or other staff within the public service should not be tolerated, neither should actions that involve reprisals against those who come forward to disclose such conduct.

The Act makes it clear that public interest disclosures are about serious wrongdoing. 'Improper conduct' is defined as:

  • corrupt conduct
  • substantial mismanagement of public resources
  • conduct involving substantial risk to public health or safety, or
  • conduct involving substantial risk to the environment.

To further narrow the scope of the behaviour falling within the definition, the Act requires that the above conduct would, if proved, constitute:

  • a criminal offence, or
  • reasonable grounds for terminating the services of the relevant public officer.

Every public body, including departments and their associated statutory authorities, must establish a set of written procedures for handling disclosures made under the Act. If you meet the definition of a 'public body' outlined below, your organisation is required to comply with the Act. Public bodies included in the Act are:

  • all government departments and administrative offices
  • statutory authorities
  • municipal councils
  • government appointed boards and committees
  • government owned companies
  • universities
  • TAFE colleges
  • public hospitals
  • state funded residential care services
  • health services contractors, and
  • correctional services contractors.

The Act requires that by 1 January 2002, or as soon as practicable thereafter, public bodies as defined in the Act must establish procedures to:

  • facilitate the making of disclosures under the Act
  • investigate the disclosed matters, and
  • protect the whistleblower from reprisals because of disclosures.

A complete copy of the Whistleblower Protection Act 2001 can be found at http://www.legislation.vic.gov.au/ (external link) under the 'Victorian Law Today' section.

You may also view the Ombudsman's guidelines in relation to the Act, which are available at http://www.ombudsman.vic.gov.au (external link).

The Department of Human Services has created its own whistleblower website that may provide valuable information. See http://www.dhs.vic.gov.au/pdpd/ciiru/whistleblowers (external link).

top of page