Key messages

  • The Victorian Protective Data Security Framework was developed by the Victorian Information Commissioner.
  • Cemetery trusts are required to meet the Victorian Protective Data Security Standards.
  • Cemetery trusts should take a risk-based approach to the protection of trust data.

The Victorian Information Commissioner has developed the Victorian Protective Data Security Framework (the Framework) as required under the Privacy and Data Protection Act 2014. The Framework prescribes mandatory requirements designed to protect data security across the Victorian public sector. In order to comply with the Framework, cemetery trusts are required to meet the Victorian Protective Data Security Standards (the Standards).

Cemetery trusts should take a risk-based approach to the protection of trust data by considering the likelihood and consequence of a breach of information confidentiality, integrity or availability. This type of approach will enable trusts to identify risks and develop risk mitigation strategies to ensure information is protected in a manner consistent with the Standards.

The Framework requires organisations to integrate security measures proportionate to the individual organisation's business risks.

More information is available on the Office of the Victorian Information Commissioner's website.

Class A cemetery trusts

Class A cemetery trusts are required to submit a Protective Data Security Plan to the Office of the Victorian Information Commissioner every 2 years (or sooner if there is significant organisational change). The current reporting period ends on 31 August 2020.

Class B cemetery trusts

The department has developed a Protective Data Security Plan to help Class B trusts assess and manage risks to trust records in line with the Standards. The plan is available for download below.

Class B trusts are required to make an attestation on the annual Abstract of accounts form to confirm that data risks have been assessed and appropriate security measures are in place.