• You are here:
  • VAGO
  • About Us

How VAGO manages personal information

How to contact us and access to your own personal information

The Victorian Auditor-General’s Office collects personal information in line with our Privacy Policy, which is available on request from our Privacy Officer. Our Privacy Policy is based upon the Information Privacy Principles (IPPs) which cover the collection, use and handling of personal information (information or an opinion that is recorded about an individual whose identify is apparent or can be reasonably ascertained, and does not include health information) by the Victorian public sector. Personal information that is in the public domain is exempt from the application of the IPPs.

Access and correction

You have a right of access to and correction of information about you that is held by VAGO. You can also access your personal information that has been collected on request to our Privacy Officer.

Access will be provided unless there are legal reasons for not providing access, for instance if the information is audit evidence and VAGO is not able to disclose this information. VAGO will correct inaccurate, incomplete or out of date personal information once new details are provided.

Why we collect personal information

Our Office has many different reasons why we may collect an individual’s personal information. These could include:

  • so that we can respond to telephone enquiries and correspondence, including via email and post and website queries, and where appropriate, forward this on to a more appropriate body to respond
  • to enable us to respond to and effectively manage complaints made to VAGO under our complaints policies
  • to enable us to gather audit evidence, including meetings, or conducting surveys, for our financial and performance audits under the powers in the Audit Act 1994
  • for recruitment purposes, if you apply for a job at VAGO or express an interest in a role via our website, and for internal reporting purposes if necessary
  • for tenderers of products and services, so that we can respond to you
  • so that we can provide you with notifications of our audit reports when tabled in Parliament
  • to enable us to comply with our statutory obligations.

Use and disclosure of your personal information

VAGO will use personal information for the primary purpose for which it was collected. We may use or disclose personal information about you for another purpose (the secondary purpose) other than the primary purpose, but only if it is related to the primary purpose and you would reasonably expect us to use or disclose the information for this purpose.

We will use and disclose personal information if it is required or authorised by, or under, law. For instance, under the Audit Act 1994, the Auditor-General is required to notify the Independent Broad-based Anti-Corruption Commission (IBAC) of any matter that appears to involve corrupt conduct.

Other situations in which VAGO will use or disclose your personal information could include:

  • a serious and imminent threat to an individual's life, health, safety or welfare; or a serious threat to public health, public safety or public welfare
  • if we reasonably believe that the use or disclosure is reasonably necessary for a law enforcement agency for matters relating to criminal offences, proceeds of crime, protection of public revenue, or seriously improper conduct.

Laws that require particular information to be collected

The Audit Act 1994 provides the Auditor-General with broad powers to gather information for the purpose of audit evidence and this could include personal information. If we collect personal information for a reason other than conducting an audit, this will not come under any law that requires you to provide the particular information.


VAGO provides the option for you not to identify yourself when providing information, but only in circumstances where it is lawful and practicable.

The main consequences (if any) for you if all or part of the information is not provided

If we request personal information and you choose not to provide all the information, this may have consequences depending on the reason we requested the information. For example, if you write to us with an issue but do not provide an address, we may not be able to respond to your correspondence.  

Data Quality

VAGO takes reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. To assist us to do this, if you are providing personal information to VAGO, please try to ensure that this is accurate and complete. VAGO should be advised of any subsequent changes to personal details.

Data Security

VAGO maintains a secure system for storing personal information. Technological and operational policies and procedures are in place to protect personal information from misuse, loss, unauthorised access, modification or disclosure. VAGO will dispose of personal information, where it is no longer necessary to fulfil the purposes for which the information was collected, using appropriate disposal methods and according to legislative requirements.

Unique Identifiers

VAGO does not assign, use or disclose unique identifiers. It does not use identifiers assigned by other organisations.

Transborder Data Flows

VAGO does not, as a general rule, transfer personal information to persons outside Victoria. If we have the need to transfer personal information in this way, we will do so in relation to this IPP.

Sensitive Information

VAGO will only collect sensitive information from you (such as data about racial or ethnic origin, religious belief, political opinions, membership of a trade union or professional association, sexual preference or criminal record) if the collection is required under law or if you have given consent.

Complaints regarding breaches of the IPPs

Breaches or interferences of privacy can be brought to the attention of VAGO's Privacy Officer. We encourage you to contact VAGO first before contacting the Commissioner for Privacy and Data Protection.

All complaints should be put in writing in the form of an email or letter:

  • Tell VAGO how you believe your privacy has been breached.
  • Explain the effect the breach has had on you.
  • Outline what you would like VAGO to do in response to your complaint.
  • Give VAGO time to respond.

If we do not respond within 28 days, or you are unsatisfied with our response, you can then complain to the Commissioner for Privacy and Data Protection (refer to http://www.cpdp.vic.gov.au/).

Interaction between the Audit Act 1994 and the Information Privacy Principles

The Audit Act 1994 takes precedence if there is an inconsistency between it and the IPPs, to the extent of the inconsistency. If you have provided personal information for the purpose of an audit, this could impact on you in relation to accessing your personal information as set out above under 'Access and Correction'.


Last updated on 11/05/2017