Victoria's Department of Health and Human Services says it welcomes impending scrutiny from the state’s privacy watchdog, after newspaper reports exposed serious shortcomings in the way the agency treats sensitive data.
The state's Commissioner for Privacy and Data Protection is preparing to launch a wide-ranging review of information controls at the DHHS.
A spokesperson for the office confirmed to iTnews that the commissioner had "served notice on DHHS to produce documents and information relating to the review".
"The commissioner urges all who consider that the security of their personal and sensitive information may have been compromised to contact our office on 1300 666 444," the spokesperson said.
The review is set to focus on foster care and domestic violence operations at the department, and well as conducting an overall survey of data governance "in order to better understand the root causes of any systemic security shortcoming".
Update 15 July 2016 1:50pm: Watts told iTnews the review would "necessarily involve looking at the IT systems through which the information is shared to make sure they conform to the department's regulatory obligations".
He said his team would approach the investigation from a privacy-by-design and security-by-design viewpoint, but could not forecast a concrete completion timeframe.
"We're going to do it once and we're going to do it well," he said. "We will do it as quickly as is consistent with this objective".
A DHHS spokesperson said the department would "co-operate fully to ensure any necessary improvements are made”.
Earlier this month Fairfax newapapers revealed the department has been forced to offer home security installations, compensation for home moves and even temporary re-locations for foster carers after it handed the addresses of children in care to sometimes violent or drug-affected parents.
The reports pointed to a systematic weakness in the way the department handles sensitive information, in the absence of any comprehensive policy governing its use and dissemination.
The newly restructured office is in charge of making sure the state’s public sector agencies are keeping up with their obligations under Victoria’s recently updated Privacy and Data Protection Act.
Late last month it issued a new set of minimum information security standards it expects public sector agencies to meet, and has pledged to keep tabs on agency compliance annually.