Privacy by Design

Privacy by Design H Negative CMYK

The Commissioner for Privacy and Data Protection (CPDP) has formally adopted ‘Privacy by Design’ (PbD) as a core policy to underpin information privacy management in the Victorian public sector.

PbD is a methodology that enables privacy to be ‘built in’ to the design and architecture of information systems, business processes and networked infrastructure. PbD aims to ensure that privacy is considered before, at the start of, and throughout the development and implementation of initiatives that involve the collection and handling of personal information.

PbD enables public sector policy-makers, information technology professionals and those responsible for delivering services to the community to approach privacy as a ‘design feature’ of public sector processes and activities rather than as a compliance burden to be endured or to which lip-service is given. It shifts the privacy focus to prevention rather than compliance, using innovative approaches that are anchored in genuine respect for individuals’ personal information.

Privacy by Design features seven Foundation Principles:

1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality – Positive-Sum, not Zero-Sum
5. End-to-End Security – Full Lifecycle Protection
6. Visibility and Transparency
7. Respect for User Privacy – Keep it User-Centric

By following these Foundational Principles, Victorian Public Sector management and employees will be able to build privacy into policies, programs and practices.

Privacy by Design resources

Checklist for sharing personal information
Privacy Impact Assessment Template
Fact sheet
Information sheet for employees
Information sheet for managers
Privacy by Design (Canadian website)

Checklist for sharing personal information

Information sharing refers to the practice of disclosing information to a third party. There are a number of parties with whom information might be shared, including another organisation, an individual, or a different section of the same organisation. A third party could also be a data processor, who processes information on behalf of an organisation but who does not retain the information once the arrangement has expired.

Information sharing can occur on a systematic or an ad-hoc basis. Systematic or routine information sharing is often undertaken between organisations for an agreed upon purpose and may be reciprocal. Typically an information sharing arrangement will be in place to document the terms and conditions of the exchange and clearly articulate the expectations, roles and responsibilities of the parties. Sometimes information sharing may occur on an ad-hoc basis as a result of an urgent need for information. These types of information sharing will not be covered by established agreements or procedures. Specific and non-regular requests for personal information should be handled on a case-by-case basis. Ad-hoc sharing still requires proper legislative authority to share and should be documented accordingly.

A Privacy Impact Assessment (PIA) should always be undertaken to assess legislative authority and identify and mitigate privacy risks prior to sharing any personal information.

This checklist is designed to assist organisations to ask the right questions when considering both systematic and ad-hoc requests for information sharing.

Click here for the checklist for sharing personal information.

Privacy Impact Assessments

A privacy impact assessment (PIA) is a tool that is designed to assess an organisation’s compliance with their information privacy obligations, and to identify any potential privacy risks and mitigation strategies. A PIA should ideally be completed at the design stage of a new system or program, and then revisited as program requirements and legal obligations change.

A Template has been prepared to assist you in conducting a PIA. It is designed to evaluate compliance with the Information Privacy Principles (IPPs) contained in the Privacy and Data Protection Act 2014 (PDPA), and identify potential privacy risks and risk mitigation strategies. This document should not be considered a substitute for legal advice.

The PIA Template may be used in the preliminary or conceptual phase of a program, in order to identify potential privacy risks or barriers, and then revisited prior to the implementation of a program to ensure that the program complies with privacy obligations.

This PIA assesses information privacy only. Complex initiatives may require an additional assessment of other privacy risks, such as bodily, territorial or locational privacy, and broader privacy considerations required by the Charter of Human Rights and Responsibilities Act 2006.

Health information is subject to the Health Records Act 2001 (HRA). If the proposed program handles any health information, it will need to comply with the Health Privacy Principles (HPPs) in that Act as well. Advice regarding the HPPs should be sought from the Office of the Health Services Commissioner, which regulates the collection and handling of health information in Victoria.

While the IPPs do not specifically apply to health information or de-identified information, this PIA asks you to consider health information as well as any de-identified information that is potentially re-identifiable. A consideration of both these types of information is helpful for a comprehensive information privacy assessment.

The 10 IPPs have been grouped and considered in an order that is different to the way they are set out in Schedule 1 of the PDPA. This has been done intentionally for ease of analysis. The start of each section provides direction to the corresponding IPP, and each question contained within it refers to the appropriate IPP subsection.

Part 1 of the PIA Template asks you to describe the program and identify the types of information that will be handled. This will determine the scope of privacy analysis required. Part 1 is important for all programs as it ensures that a program has been viewed through a privacy lens. Where no personal information is identified the assessment is complete and can be signed off in Part 4. If a program handles personal information, you will proceed through to Parts 2 and 3 to assess and mitigate any privacy risks. Please see the PIA visual workflow for more information on the PIA process.

If you have any questions about this PIA Template please contact the CPDP enquiries line on 1300 666 444, or by email at This email address is being protected from spambots. You need JavaScript enabled to view it.. For more information on the application of the IPPs please see the Guidelines to the Information Privacy Principles.

PIA Template downloads

Click here to go to the PIA Template downloads.