Privacy policy
On this page:
Policy statement
Scope
DTP's functions
Definitions of personal, health and sensitive information
Collection
Examples of information collected
Use and disclosure
Data release
Information protection
Privacy Impact Assessments
Access to and correction of information
Privacy incidents (breaches/complaints)
Information transferred outside Victoria
Relevant legislation
Responsibilities
Non-compliance with this policy
Summary of changes to latest version
Policy statement
- plan, fund, implement, monitor, regulate and evaluate its services and functions
- fulfil statutory and other legal functions and duties
- comply with reporting requirements
- investigate incidents and/or defend any legal claims against DTP or its employees.
Scope
This policy applies to all personal and health information DTP collects, stores, uses and discloses to perform its business functions and activities. This policy applies to all DTP people (Executives, VPS employees and contractors) and third parties whose personal and/or health information may be held by DTP.
DTP’s functions
On 1 July 2019, VicRoads and Public Transport Victoria (PTV) came together with the Department of Transport (DoT) to create an integrated transport department – in step with other global cities. DoT will plan and operate the transport system in a way that responds to the needs of the people and freight that travel on it - focused on where people and goods need to go, rather than what mode they use.
In doing so, DoT is responsible for a range of transport services, including public transport, road management, vehicle registration and driver licensing. DoT collects, uses, stores and discloses a range of personal and health information for the purposes of providing services and to carry out its statutory functions.
On 1 January 2023, DoT was renamed the Department of Transport and Planning.
Definitions of personal, health and sensitive information
Personal information
‘Personal information’ is defined in the Privacy and Data Protection Act 2014 as information or an opinion that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Examples of personal information are your name, date of birth, address, financial details, marital status, education and employment history.
Sensitive information
Some personal information is called ‘sensitive information’ and is given extra protection under the law. This includes information about your:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional or trade association
- membership of a trade union
- sexual preferences, orientation or practices and
- criminal record.
In this policy, personal information refers collectively to personal information and sensitive information, unless otherwise specified.
Health information
‘Health information’ is defined in the Health Records Act 2001 to include personal information which is also information or an opinion about:
- the physical, mental or psychological health (at any time) of an individual
- a disability (at any time) of an individual
- an individual's expressed wishes about the future provision of health services to him or her
- a health service provided, or to be provided, to an individual.
Collection
- why the information is being collected (including the purposes for the collection and any relevant laws requiring the collection)
- who the information may be disclosed to
- the consequences if you do not disclose the information (if we are collecting information directly from the you)
- how you may contact us and gain access to the information collected.
Examples of information collected
Information from applications
We may collect your personal details and image in order to process a driver’s licence or vehicle registration application, or a disability parking application (among others). This personal information is kept in a secure system, and only used in accordance with Part 7B of the Road Safety Act 1986.
Complaints under the Australian Towing Services Act 2007
We may collect your personal details and vehicle registration details for the purpose of investigating complaints under the Australian Towing Services Act 2007. This personal information is kept in a secure system, and only used in accordance with Part 7B of the Road Safety Act 1986.
Credit card information
We may collect your credit card information to process a payment. Credit card information collected by us will be held in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS is a set of requirements for enhancing payment account data security, including requirements for secure network and systems, cardholder data protection, vulnerability management program, access control measures, network monitoring and testing and information security policies.
Employment and recruitment information
If you are employed by, or apply to be employed by, DTP, we may collect and store information about the recruitment process and your application including reference checks, security clearances and criminal history checks undertaken as part of that process.
Your employment and recruitment information collected by DTP is used or disclosed for people management purposes, including employee relations, human resources, payroll, learning and development, agency and government directory capability development and workforce planning, emergency management, occupational health and safety and public health, safety and welfare, disputes or litigation, and is retained in accordance with the Public Records Act 1973, the Public Administration Act 2004 and other applicable legislation.
Closed Circuit Television (CCTV)
Many Victorian railway stations and train carriages are equipped with Closed Circuit Television (CCTV) cameras. Some trams and buses also have CCTV.
CCTV cameras capture video footage to support passenger safety, law enforcement and the operation of the network. Footage may also provide data to DTP on patronage to support appropriate provision of services. For example, footage may be used to assess passenger congestion to support social distancing, when required. These uses are authorised under the Transport (Compliance and Miscellaneous) Act 1983, and are managed in accordance with the IPPs.
Select footage may be disclosed to Victoria Police to aid any investigation. Unless secured for an authorised use, footage is generally deleted 30 days after it is captured.
Access to footage of yourself can be sought from DTP under the Freedom of Information Act 1982, by submitting a Freedom of information (FOI) request through the online portal at online.foi.vic.gov.au.
Sensors are also being tested for use in counting passengers and assessing crowding. Those sensors convert images to a deidentified data entry, with only minimal footage retained.
Correspondence
Your correspondence (including email) or complaints addressed to DTP, Victorian Government ministers or agencies, or queries made through our contact centres regarding matters related to the functions of, or services provided by us, may be referred to the relevant program areas undertaking those functions for advice and response. Such correspondence may include your personal information and may be accessed by our staff, subject to operational needs.
Copies of correspondence and applicable responses may be retained by DTP for certain periods of time, in accordance with the Public Records Act 1973 and other applicable legislation.
Use and disclosure
We use and disclose your personal and health information for:
- the primary purpose for which it was collected, or
- a purpose related to that for which it was collected (secondary purpose) where the legislative requirements for using or disclosing for a secondary purpose are met.
The information collected might be shared within DTP to enable efficient and effective delivery of quality services.
We may transfer your personal information or health information to another person or organisation in limited circumstances, including that the recipient is subject to a law which upholds similar principles to the IPPs or HPPs, or if the transfer is consented to.
We may also provide your personal information or health information to public transport operators and public transport authorities where an issue, query or complaint is raised by you with us and responding to that issue, query or complaint requires information or response directly to you from that party.
We may also share your information with other entities (usually government entities, transport entities, councils or law enforcement agencies) if authorised to do so by Part 7B of the Road Safety Act 1986, the Privacy and Data Protection Act 2014 and other relevant Acts.
Driver licence and permit information from every state and territory is being shared with the Commonwealth as part of the Commonwealth’s initiative on Identity Matching Services (IMS). The Premier committed Victoria to the Identity Matching Services when he signed the Intergovernmental Agreement on Identity Matching Services on 5 October 2017. DTP has legal authority to share this information for this purpose under Part 7B of the Road Safety Act 1986. Data and images from driver licences and permits, along with associated biographic information, may be used to confirm your identity and to identify unknown persons. Only certain agencies will be able to access the face matching services, which employs facial recognition technology for approved purposes and under strict conditions.
Data release
Information protection
Privacy Impact Assessments
Access to and correction of information
We will take all reasonable steps to ensure that your personal information and health information we collect is accurate, complete and up to date.
You are entitled to contact the DTP Privacy Manager and request access to, and correction of, any of your personal information or health information held by us. We will take all reasonable steps to correct and update any of your personal information or health information that is found to be inaccurate, incomplete or not up to date or provide a written statement if such a request is refused.
You may ask for access to your information or request a correction to your information by contacting the DTP Manager, FOI and Information Privacy, at [email protected].
Privacy incidents (breaches/complaints)
You may make a complaint about a potential privacy incident (breach) by contacting [email protected].
We undertake to resolve privacy complaints and breaches in a timely and fair manner.
You may also make a privacy complaint to the Office of the Victorian Information Commissioner, in relation to the use of your personal information.
You can complain to the Health Complaints Commissioner about an act or practice that may be an interference with the your privacy.
Information transferred outside Victoria
DTP adheres to the requirements of relevant Victorian legislation when transferring personal information outside Victoria. In particular, your personal information may only be transferred to another jurisdiction if:
- The purpose of the transfer is allowed under enabling legislation (e.g. under Part 7B of the Road Safety Act 1986 for interstate law enforcement), and
- The recipient jurisdiction offers equivalent privacy protection to Victoria.
Relevant legislation
- Privacy and Data Protection Act 2014
- Health Records Act 2001
- Charter of Human Rights and Responsibilities Act 2006
- Freedom of Information Act 1982
- Road Safety Act 1986
- Transport (Compliance and Miscellaneous) Act 1983
- Transport Integration Act 2010
- Public Records Act 1973
- Public Administration Act 2004
Responsibilities
The Accountable Officer for this policy is the Director, Privacy and Information Access, DTP. The Accountable Officer is responsible for:
- development of the policy
- implementing any supporting protocols, processes and guidelines, and
- ongoing monitoring of compliance with this policy.
This policy will be reviewed and updated when required to account for new laws, technology and processes.
Non-compliance with this policy
Suspected breaches of this policy can be reported to the Director, Privacy and Information Access and will be investigated as required.
Summary of changes to latest version
Content in this policy was developed through the consolidation of former DTP, PTV and VicRoads privacy policies as part of the transition to an integrated department.
This policy replaces the following policies:
- Privacy Policy (former DTP)
- Information Privacy Policy (former PTV).