Information Privacy Act 2000

The Victorian Information Privacy Act 2000 covers the handling of all personal information except health information in the public sector in Victoria. The Information Privacy Principles (IPPs) regulate how government agencies (e.g. schools) must manage personal information.  They cover how and when personal information can be collected, how it should be used and disclosed, and storage and security.  They also allow individuals to access that information and have it corrected if it is wrong.

It is important to consider how these Principles apply when using social media tools:

1. Manner and purpose of collection

The information must be necessary for the agency's work, and collected fairly and lawfully.

2. Collecting information directly from individuals

An agency must take steps to tell individuals why they are collecting personal information, what laws give them authority to collect it, and to whom they usually disclose it.

3. Collecting information generally

An agency must take steps to ensure the personal information it collects is relevant, up-to-date and complete and not collected in an unreasonably intrusive way.

4. Storage and security

Personal information must be stored securely to prevent its loss or misuse.

5. Access and amendment

These principles require agencies to take steps to record the type of personal information that they hold and to give individuals access to personal information about them.  Personal information can be amended or corrected if it is wrong.

6. Information use

These principles outline the rules about keeping accurate, complete and up-to-date personal information; using information for a relevant purpose; and only using the information for another purpose in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.

7. Disclosure

This principle sets out when an agency may disclose personal information to someone else, for example another agency. This can only be done in special circumstances, such as with the individual's consent or for some health and safety or law enforcement reasons.

Further information:

The Information Privacy Act 2000 requires an organisation to provide individuals with a privacy collection statement when collecting personal information. Prior to opening a social media account for professional purposes a privacy collection statement needs to be provided to potential users when personal information is likely to be collected, used and/or disclosed.  The purpose of the privacy collection statement under the IPA is to ensure organisations are transparent about why they require individuals personal information, what they will do with the information and to whom they might disclose it. The privacy collection statement allows individuals to make an informed decision about the information they are being asked to disclose/share with an organisation.

Sample Privacy Collection Statement

The(insert school name/business unit/regional office) is utilising social media tools to (explain purpose for using social media). We will post (list the type of personal information that may be posted – photographs of students, student works, etc). The social media tool will restrict access to registered users (delete if not appropriate). Be aware that other registered users will be able to view any posting made by the moderator, and any responses from other registered users that are posted. The (insert school name/business unit/regional office) will not retain any information posted on social media sites (delete if not appropriate). (If the information collected via a social media platform is to be retained, indicate that some information may be retained, broadly the reason for the retention, and that individuals can access the information be retained by contacting the school//business unit/regional office). Additional information about (insert name of social media platform) can be found below.

All social media sites have their own privacy policies (these are different to privacy collection statements). For more information see,

 For a copy of the complete Act, see: Information and Privacy Act 2000