Privacy Policy


The Victorian community expects the public sector to act with integrity, accountability and transparency in all aspects of our roles in serving the Government and the people of Victoria. Core to our role is, delivering on government policy objectives, having a regard to prevailing circumstances and achieving value for money.

The purpose of this policy is to establish requirements for the way the Victorian Fisheries Authority (VFA) collects, stores, uses and discloses personal information in accordance with the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic).

All VFA employees are responsible for the security of information under their control. They are expected to use good judgement that is consistent with the VFA's values to ensure its information is secured appropriately in the workplace.


The policy covers all VFA employees, and Board members, and Committee members.

For this policy, an "employee" is a person employed under the Public Administration Act or is a consultant or contractor (including agency on-hire employees) to the VFA.


This policy supports the VFA’s need to collect, store and use personalinformation, and the right of the individual to privacy. It ensures that the VFA can collect personal information necessary for its services and functions, whilst recognising the right of individuals to have their information handled in ways they would reasonably expect and in accordance with the law.

Personal information is collected and used by the VFA to:

The VFA is subject to the Information Privacy Principles and Health Privacy Principles set out in the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) as minimum standards when dealing with personal information.

These principles regulate the way the VFA collects, stores, provides access to, uses, discloses and corrects personal information. Subject to certain exceptions, the VFA must not do or refrain from doing, an act, or engage in a practice that contravenes an Information Privacy Principle and/or Health Privacy Principle.


Means a natural person. Corporations and other types of “legal persons” do not have privacy rights under the Privacy and Data Protection Act 2014 (Vic).

Personal information
Means recorded information or opinion, whether true or not, about a person whose identity is apparent, or can be reasonably inferred. It does mean information of a kind to which the Health Records Act 2001 (Vic) may apply.

Sensitive information
Means information or opinion about a person’s race or ethnicity, political opinions, religious or philosophical beliefs, religious affiliations, sexual preferences or practices, criminal record or membership of trade, trade union, professional or political associations.

Transborder data flows
Means the transfer of data containing personal or sensitive information from an organisation for one state/country to another organisation in a different state/country.

Unique identifier
Means a code consisting of alphabet characters and numbers (not a person’s name) which is applied to an individual and distinguishes them from other individuals, for example, a driver’s licence number.

Victorian privacy law
Means the Privacy and Data Protection Act 2014 and the Health Records Act 2001.



The VFA must only collect personal information if that information is necessary for its functions or activities and:

Where the personal information of an individual is collected, reasonable steps should be taken to ensure that the individual is aware of:

5.2 Use and Disclosure

The VFA will only use and disclose the informationfor the primary purpose for which it is collected, unless:

In limited circumstances, the VFA is required or authorised by law to release information to other government agencies and law enforcement bodies to lessen or prevent:

5.3 Data Quality

The VFA values information as an important resource. Accordingly, the VFA should take reasonable steps to ensure that all personal information it collects, uses or discloses is accurate, complete, up to date.

Generally, the VFA relies upon individuals to provide accurate and complete information and to advise the VFA if the information collected has recently changed.

5.4 Data Security

The VFA is guided by the principle that all information is well governed and managed.

The VFA seeks to protect personal information from misuse, loss or unauthorised access, modification or disclosure.

The VFA will take reasonable steps to securely destroy or de-identify personal information when it is no longer needed in accordance with the Public Records Act 1973.

5.5 Openness

The VFA will maintain and make accessible clearly expressed policy on its management of personal information. On request by an individual, the VFA should take reasonable steps to let the person know:

5.6 Accessing and Correction

Individuals have the right to access and correct their personal information held by the VFA.

In most cases, requests for access will be administered in accordance with the access and correction provisions of the Information Privacy Principles particularly requests that may affect the privacy of another individual or where the personal information relates to a commercial activity.

The VFA may deal with requests to access and correct information informally if the request is straightforward and only relates to the individual.

An individual may request formal access or correction to their personal information by contacting the VFA’s Freedom of Information Unit by mail:

Manager Corporate Operations - (FOIOfficer),
Victorian Fisheries Authority
Level 19, 1 Spring Street
Melbourne VIC 3000

or email:

The VFA must provide written reasons for refusal of access or to correct private information.

5.6 Unique Identifiers

The VFA does not assign, use or disclose unique identifiers to individuals unless it is necessary to enable it to carry out its functions efficiently.

5.7 Anonymity

Where lawful and practicable, individuals have the option of not identifying themselves when entering into transactions with the VFA.

5.8 Transborder Data Flows

If an individual’s personal information travels outside Victoria, their privacy protection should travel with it.

The VFA should only transfer personal information about an individual to someone who is outside Victoria if:

5.9 Sensitive Information

The VFA must only collect sensitive information in limited circumstances. For example, the VFA may collect sensitive information if the individual has consented or if the collection is required by law.

5.10 Exceptions

Victorian Privacy Law stipulates certain situations where the VFA does not need to comply with or where an exception is permissible under the Information Privacy Principles.

Consultation is recommended to determine whether the particular facts require an approval, and if so, whose approval is required.

Should certain situations arise, exceptions to the privacy principles should be referred to the Chief Operating Officer (COO).


Where an individual believes that their personal information has been mishandled or misused by the VFA they may lodge a complaint with the VFA’s Manager Corporate Operations by emailing /

The VFA should be efficient and fair when investigating the complaint and aim to respond within approximately 30 days.


This policy provides information on:


Suspected breaches of this policy must be reported to the VFA Chief Operating Officer(COO) and will be investigated by the VFA as required.

VFAemployees who are found to be in breach of this policy will be managed in accordance with relevant VFA and Victorian Public Services (VPS) policies, as well as any relevant legislation or regulations. If the user is a VPS employee then a breach of this policy may lead to action under DEDJTR’sManaging Misconduct Policy (VFA policy to be developed) which may result in outcomes up to and including dismissal.