The Privacy and Data Protection Act 2014 (PDP Act; Victorian Legislation and Parliamentary Documents) provides a legal framework for the collection, use, disclosure and holding of personal information. The PDP Act covers all Victorian public sector bodies, including EPA. The Information Privacy Principles (IPPs) underpin the PDP Act. The full text of the Information Privacy Principles can be found in Schedule 1 of the PDP Act. 

EPA is committed to valuing and respecting the privacy of the people that it interacts with as well as protecting the personal and sensitive information collected in the course of performing its functions under the Environment Protection Act 1970 (EP Act).

EPA has obligations under the PDP Act, as well as other laws, in respect of how it manages personal information. The PDP Act aims to reach a balance between the free flow of information for the public good and the protection of privacy of personal information in an increasingly information dependent environment.

EPA seeks to reinforce this balance in the way it exercises its powers under the EP Act, including the manner in which it meets its regulatory and law enforcement responsibilities.

The EP Act permits EPA to collect, use and disclose the personal information it needs to carry out its functions and activities. EPA may also be lawfully required to collect, use or disclose personal information in order to meet its obligations under other legislation. This may include sharing data with other departments or agencies, like Victoria Police

In accordance with EPA's commitment to privacy, as well as the requirements of the PDP Act, personal information is handled, wherever practicable, in a way that is transparent to the individual concerned. Where this would adversely impact on or prevent EPA from undertaking its law enforcement functions and activities, the PDP Act provides exemptions that permit EPA to be exempt from the usual standards of openness and the normal limits placed on the purposes for which personal information may be used and disclosed.

The protection of personal information is balanced with meeting our enforcement activities and functions under the EP Act, including delivering transparent decision-making, influencing the behaviours of people whose actions may have an adverse environmental impact and providing reliable and relevant information to Victorians.

Personal information

The PDP Act outlines the manner in which Victorian Government agencies manage personal information.

Personal information is information, whether fact or opinion, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Personal information may be held on a paper file, database or in another medium such as film, video or audiotape. Personal information must relate to a natural person.

The PDP Act is based on a set of 10 Information Privacy Principles that ensure that government agencies collect personal information only if necessary to undertake their functions and activities, and use and disclose it only as authorised either by the individual concerned or by law.


The Chair, Executive, managers and Privacy Officer are responsible for ensuring that EPA staff understand and comply with this policy.

All EPA staff, contractors and service partners are required to comply with this policy.

Collection of personal information

It is necessary for EPA to collect personal information in order to carry out its functions and activities, including when: 

  • community members contact EPA through the Pollution Hot Line 
  • statements are obtained from individuals by EPA officers in the course of undertaking enforcement activities 
  • people wish to be added to EPA mailing lists for regular bulletins and newsletters 
  • applications are submitted to EPA as a part of our recruitment processes. 

EPA will only collect personal information by lawful and fair means, and only such information as is necessary or desirable to perform its functions in accordance with the principles laid out in the EP Act and consistent with the PDP Act (and any exemptions thereto). 

Sometimes the collection will involve indirect collection, that is, the collection from another source, for example, from another agency such as Victoria Police. 

As a law enforcement agency, it will not always be possible for EPA to tell people that personal information is being collected about them, which the PDP Act normally requires. 

EPA is exempt from this requirement where collection is in relation to its law enforcement functions. 

Use and disclosure of personal information

With specific exceptions, the PDP Act provides that personal information must not be used or disclosed other than for the primary purpose of its collection.

In some circumstances personal information collected for one reason may also be used for another reason. The PDP Act recognises this and provides exemptions in situations where this is necessary.

This may include instances where: 

  • the secondary purpose is related to the primary purpose of collection and the individual would reasonably expect EPA to use or disclose the information for the secondary purpose 
  • it is reasonably necessary for the purposes of one or more of EPA's law enforcement functions or activities 
  • the disclosure is required or authorised by or under law 
  • there is a serious and imminent threat to an individual's life, health, safety or welfare or a serious threat to public health, safety or welfare 
  • the use or disclosure is necessary for the preparation for, or conduct of, proceedings before any court or tribunal. 

Consistent with the principles set out in the EP Act, EPA may disclose publicly the names of people who are the subject of infringement notices or breaches of the EP Act, whether such people are involved as owners, directors or officers of businesses responsible for breaching the EP Act or in their capacity as individuals.

Publication of details of the identity and behaviour of individuals involved in environmentally detrimental activity is central to the EPA's obligations to enforce the EP Act in a transparent and open manner.

Under the EP Act, EPA seeks to achieve public awareness of matters relevant to enforcement in order to influence the attitude and behaviour of people whose actions may have adverse environmental impacts.

This disclosure is also designed to keep affected communities and the Victorian public aware of the enforcement actions undertaken by EPA.

Accuracy and security

EPA takes reasonable steps to ensure that the information it collects, uses or discloses is accurate, complete and up-to-date. 

Personal information kept by EPA is kept in a secure environment and controls are in place to ensure that only staff that have a demonstrated need to access the information are able to access that information.

Steps in place to help protect the personal information held by EPA from misuse, loss, and from unauthorised access, modification or disclosure include: 

  • the use of computer firewalls to protect electronic information 
  • screening for viruses 
  • the application of security controls and permissions relating to electronic and paper-based files, such as personal files and other sensitive personal information. 


EPA recognises that there are many situations where there are no lawful reasons or practical reason for a person to have to identify themselves to EPA. EPA does not require that the person identify themselves in these situations.

However, it is not always lawful or practicable for individuals to be provided with the option of remaining anonymous when dealing with EPA. There are many situations where a person may be required by law to identify themselves to EPA. These circumstances relate to EPA's enforcement functions and activities and are set out in the EP Act.

There are also many practical reasons why a person needs to identify themselves when interacting with EPA, even though they may not be required to do so by law; for example, where an individual reports to EPA that litter has been thrown from a motor vehicle. The provision of personal details by the person reporting the litter incident enables EPA to rely on the information in order to fine the vehicle owner or to ask the person to be a witness if the matter is dealt with in court.

Third parties

EPA may from time to time use contracted service providers to perform activities and tasks in accordance with contractual arrangements. Where a contracted service provider collects, uses, discloses and holds any personal information in the course of performing the contract, EPA requires that the contract requires confidentiality and that the contractors are required to comply with the information privacy principles.

Access to information about you

People have a right to access and correct personal information that EPA holds about them. There may be some circumstances where access to information cannot be granted as it may compromise the privacy of another individual or for other reasons set out in the Freedom of Information Act 1982.

For information about accessing your personal information or any other privacy concerns privacy, contact:

Freedom of Information Officer
EPA Victoria
GPO Box 4395
Melbourne Victoria 3001
Telephone: 1300 372 842

Read next

EPA and digital privacy

Freedom of information

Privacy information can also be found at the website of the Office of the Victorian Information Commissioner


This page was copied from EPA's old website. It was last updated on 17 October 2018.

Reviewed 9 September 2021