OVIC publishes revised data security standards

By Dylan Bushell-Embling
Thursday, 14 November, 2019

The Office of the Victorian Information Commissioner (OVIC) has published the second iteration of the Victorian Protective Data Security Standards (VPDSS) in the Government Gazette.

The publication of the new simplified version of the standards, which brings them into full effect, follows the approval of the new version by Special Minister of State Gavin Jennings last month.

The VPDSS 2.0 establish 12 high-level mandatory requirements to protect public sector information across all security areas including governance, information, personnel, ICT and physical security.

The standards have been designed to take into account the policy and operational responsibilities of the Victorian Government, and focus on the security of public sector information.

The VPDSS are consistent with national and international standards, but have still been tailored to the Victorian Government environment.

Agencies with protective data security obligations under part 4 of Victoria's Privacy and Data Protection Act 2014 must now adhere to the updated standards.

They will also be required to submit a high-level protective security data plan that takes into account the new standards to the OVIC by the end of August next year.

Contracted service providers with direct and indirect access to Victorian Government information must also comply with the standards.

The information security component of the standards governs protection of information across the information life cycle from when it is created to when it is disposed or destroyed. The ICT security component meanwhile covers securing communications and technology systems processing or storing information.

Image credit: ©stock.adobe.com/au/Tomasz Zajda