(1) The Information Commissioner has the following functions in relation to information privacy—
(a) in accordance with Division 3 of Part 3, to undertake activities relating to the development and approval of codes of practice;
(b) to develop and publish model terms capable of being adopted by an organisation in a contract or arrangement with a recipient of personal information being transferred by the organisation outside Victoria;
(c) to make public interest determinations and temporary public interest determinations in accordance with Division 5 of Part 3;
(d) to approve information usage arrangements in accordance with Division 6 of Part 3;
(e) to examine and assess any proposed legislation that would require or authorise acts or practices of an organisation that may, in the absence of the legislation, be interferences with the privacy of an individual or that may otherwise have an adverse effect on the privacy of an individual, and to report to the Minister the results of the examination and assessment;
(f) to make public statements in relation to any matter affecting personal privacy or the privacy of any class of individual;
(g) to issue guidelines and other materials in relation to the Information Privacy Principles and information usage arrangements;
(h) to undertake reviews of any matters relating to information privacy, as requested by the Minister;
(i) to make reports or recommendations in relation to information privacy as provided for by section 111.
(2) The Information Commissioner and the Privacy and Data Protection Deputy Commissioner each have the following functions in relation to information privacy—
(a) to promote understanding and acceptance of the Information Privacy Principles and of the objects of those Principles;
(b) to examine the practice of an organisation with respect to personal information maintained by that organisation for the purpose of ascertaining whether or not the information is maintained according to the Information Privacy Principles or any applicable code of practice;
(c) to issue certificates under Division 7 of Part 3;
(d) subject to this Act—
(i) to receive complaints about an act or practice of an organisation; and
(ii) if appropriate to do so, to endeavour, by conciliation, to effect a settlement of the matters that gave rise to the complaint;
(e) to issue compliance notices under Division 9 of Part 3 and to carry out an investigation for that purpose;
(f) to conduct or commission audits of records of personal information maintained by an organisation for the purpose of ascertaining whether the records are maintained according to the Information Privacy Principles or any applicable code of practice;
(g) to consult and cooperate with persons and bodies concerned with information privacy;
(h) to undertake research in relation to matters relating to information privacy.
S. 8D inserted by No. 20/2017 s. 80.