Collecting customer data and online forms

The SDP content management system (CMS) is only classified to collect data up to the level “unclassified”.

This means no 'sensitive personal information' can be captured in any webforms that store submissions in the CMS.​

The definition of ‘sensitive information’ is in Schedule 1 of the Privacy and Data Protection Act 2014 and means information or an opinion that relates to an individual’s:

• health (including predictive genetic information)​

• racial or ethnic origin​

• political opinions​

• membership of a political association, professional or trade association or trade union​

• religious beliefs or affiliations​

• philosophical beliefs​

• sexual orientation or practices​

• criminal record​

• biometric information that is to be used for certain purposes​

• biometric templates.​

More information

• The Office of the Victorian Information Commissioner (OVIC)'s definition of sensitive information

• The Office of the Australian Information Commissioner’s guidance on the Australian privacy principles

• The Single Digital Presence guide on privacy requirements for webforms

• The Victorian Government digital guide on how to protect privacy when designing, building and managing a digital service.