Victoria’s Commissioner for Privacy and Data Protection, David Watts has issued the Victorian
Protective Data Security Standards (VPDSS).
The standards comprise 18 mandatory data security requirements for the Victorian public sector.
The VPDSS are part of the Victorian Protective Data Security Framework, which was released on 28 June and took effect on 1 July. The VPDSF comprises the standard, an assurance model and a collection of Supplementary security guides and supporting resources.
Following the release of the standards, Victorian government agencies have until July 2018 to submit a security risk profile assessment and a protective data security plan.
The aim of the standards is to “provide a set of criteria for the consistent application of risk-managed security practices across Victorian government information,” states the primary document. They fall into five key categories: Security governance (which covers 12 of the 18 standards), information security, personnel security, ICT security, and physical security.
“Information is the currency of government – vast volumes of information are held and processed by Victorian government agencies,” a statement issued by the CPDP said.
“These standards apply sound risk management and best practice security measures to protect Victorian government information. They benefit the Victorian community by ensuring that government agencies observe a transparent set of security principles and are held accountable for security breaches.”
Information and data reform is a key component of Victoria’s 2016-2020 ICT strategy, which was released in May.
As part of the strategy, the government has committed to creating a ‘data agency’ to facilitate risk management and data management across government.
The CPDP's security standards are available online (PDF).