Privacy Policy: Mosquito Surveillance App & Atlas of Medical Entomology Website

Effective Date: May 2025

1. Overview

The Department of Health (department) collects, uses, and may disclose personal information about its workplace participants (as defined below) who use the Mosquito Surveillance App (the "App") and/or the Atlas of Medical Entomology website (the "Website"). The department acknowledges the sensitivity of personal information provided to it. Therefore, the department is committed to protecting the privacy of this personal information in accordance with the law.

The department is bound by privacy and other laws, including:

  • Privacy and Data Protection Act 2014
  • Charter of Human Rights and Responsibilities Act 2006
  • Freedom of Information Act 1982
  • Victorian Data Sharing Act 2017
  • Public Records Act 1973

Using and disclosing information about workplace participants in the context of the App and Website is a legitimate part of facilitating mosquito surveillance and entomological mapping activities. However, it is important to note that information may only be dealt with in accordance with the law.

Information on general website privacy can be found on the department's Website privacy statement page, and more information can also be accessed on our general Privacy page. This policy specifically covers the App and the Website.

2. To what and whom does this policy apply?

This policy applies to all personal information collected, stored, used, and disclosed about individuals using the Mosquito Surveillance App and/or the Atlas of Medical Entomology website. These users are department staff and other authorized personnel, including:

  • department staff
  • secondees
  • labour hire personnel
  • contractors and sub-contractors
  • those on work experience and volunteers (where explicitly granted access for relevant duties)

These individuals are collectively referred to throughout this document as "workplace participants." This policy does not apply to the collection of health records or patient information, which are covered under separate departmental policies.

3. Definitions of personal information

Personal information

Personal information is defined in the Privacy and Data Protection Act 2014 as:

  • information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act 2001 applies.

For the purpose of the App and Website, this primarily includes identification, contact, and location details of workplace participants.

4. Collection of personal information

The department collects personal information necessary for the functions and activities associated with the App and Website. Specifically, this includes information required for mosquito surveillance efforts and the maintenance of the Atlas of Medical Entomology. The department collects personal information only by lawful and fair means and not in an unreasonably intrusive way.

If it is reasonable and practicable to do so, the department collects personal information about an individual only from that individual (e.g., when they use the App or Website). When collecting information directly from a workplace participant, the department will take reasonable steps to ensure the individual is aware of:

  • why the information is being collected (i.e., for mosquito surveillance and entomological mapping, and any relevant laws requiring the collection)
  • who it may be disclosed to (e.g., relevant internal units for data analysis and mapping)
  • the main consequences if the individual does not disclose the information (e.g., inability to use the App or Website for its intended purpose)
  • how the individual may contact the department and gain access to the information collected

The department typically collects information for the App and Website directly from the workplace participant using these systems.

Unless the use or disclosure of personal information is for the primary purpose of collection (i.e., mosquito surveillance and entomological mapping), or it is for a secondary purpose and one of the permissible exceptions under Information Privacy Principle 2.1 applies, the department ordinarily removes identifying details from the information before any broader analysis or reporting, where appropriate.

5. Types of information collected by the department for the App and Website

The types of personal information the department collects via the App and Website include (but are not limited to):

  • Name, work-related contact details (e.g., email, phone number)
  • User credentials for accessing the App and Website
  • Location data (e.g., GPS coordinates) when the App is being used for surveillance activities or when data is submitted to the Website
  • Device information (e.g., device type, operating system) for the App to function correctly and for troubleshooting purposes
  • Data entered by the workplace participant related to mosquito surveillance (e.g., trap locations, species identified, environmental conditions)

The App and Website do not collect health information or sensitive information (as defined more broadly in other departmental policies related to patient or public health data) from workplace participants. Any information defined as "sensitive" under the Privacy and Data Protection Act 2014 (such as precise location data which could, in some contexts, be considered sensitive) is collected with the workplace participant's understanding as it is essential for the functioning of the App and Website for their work duties.

6. What the department does with the information collected via the App and Website

The department uses and discloses personal information collected via the App and Website for:

  • the primary purpose for which it was collected (i.e., to facilitate and record mosquito surveillance activities, populate and maintain the Atlas of Medical Entomology, manage user access, and ensure the functionality of these systems); or
  • a secondary purpose where the legislative requirements for using or disclosing for a secondary purpose are met

The department may use or disclose personal information from the App and Website when:

  • the secondary purpose relates to the primary purpose of collection and a workplace participant would reasonably expect the department to use or disclose it in this way (e.g., for internal analysis of surveillance data, reporting on mosquito distribution),
  • the workplace participant to whom the information is about has given consent for the use or disclosure, or
  • the department is required, authorised or permitted by or under law to use or disclose the information

Information collected via the App and Website may be shared within relevant department business units if those units comply with the Information Privacy Principles. Such information may also be shared by the department with contracted service providers who assist in maintaining or developing the App and Website, under strict contractual privacy obligations.

The department collects, uses, holds, and discloses personal information from the App and Website for matters including, but not limited to:

  • managing user accounts and access to the App and Website
  • collecting and analyzing mosquito surveillance data
  • populating and updating the Atlas of Medical Entomology
  • planning, monitoring, and evaluating mosquito control programs and entomological research
  • ensuring the security and integrity of the App and Website
  • employment and personnel matters concerning department staff and contractors in relation to their use of these systems
  • meeting legislative requirements
  • policy development and research directly related to entomology and mosquito-borne disease prevention

Wherever it is lawful and practicable, a workplace participant must be given the option of remaining anonymous when interacting with the department. However, for the purposes of the App and Website, anonymity is generally not practicable as user identification and location data are core to their functionality for surveillance and mapping.

The department will not assign unique identifiers to workplace participants for the App and Website unless the assignment is necessary to enable it to carry out its functions efficiently (e.g., user IDs) or is otherwise required by law.

7. Linking of data

To better inform mosquito surveillance strategies and entomological understanding, the department may link data collected via the App and Website. Where this occurs, the department may combine datasets, which can then be used for policy development, statistical research, and evaluating current and future surveillance and control services. Statistical data and trends identified from this may be provided to other relevant government bodies and agencies to promote public health and environmental management related to mosquito-borne diseases. Any personal information used in linked datasets will have been lawfully collected by the department, and the subsequent use of that data to create a linked dataset, and disclosure of that linked dataset, will only occur where this is in compliance with law. Often data linkage will involve de-identifying data beforehand to ensure that it is not traceable to an individual workplace participant where appropriate for the purpose, and this de-identification will only be done where it is in compliance with law.

8. How the department stores and protects information

The department has security measures designed to protect personal information collected via the App and Website from misuse, loss, unauthorised access, modification, or disclosure. The department must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose in line with the Public Records Act 1973. The department takes reasonable steps to ensure that any personal information it collects, uses, and discloses via the App and Website is accurate, complete, and up to date.

9. Access to and correction of information

A workplace participant may ask for access to their personal information collected via the App or Website, or request a correction to their information by contacting:

  • their direct manager or supervisor
  • the department area responsible for the App or Website (where known)
  • contacting the Freedom of Information Unit by email at foi@health.vic.gov.au or by phone on 1300 020 360

When contacted, the department will let the workplace participant know whether it holds their information via these systems and any further steps that that individual should take to obtain access.

10. Making a complaint about a privacy incident (breach)

A workplace participant may make a complaint about a potential privacy incident (breach) concerning information collected via the App or Website by emailing the department's Privacy and Legal Compliance team in Legal Services at privacy@health.vic.gov.au. The team can also provide advice in relation to information sharing and privacy matters for department staff. The department undertakes to resolve privacy complaints and breaches in a timely and fair manner.

A workplace participant may also make a privacy complaint to:

OVIC provides independent oversight of the Victorian public sector's collection, use and disclosure of public sector information. Its functions include resolving privacy complaints through a conciliation process.

11. Protecting information transferred outside of Victoria

The department adheres to the requirements of the Privacy and Data Protection Act 2014 when transferring personal information collected via the App and Website outside of Victoria. The only circumstances in which personal information from the App or Website may be transferred or stored outside of Victoria is when the transfer or storage meets one (or more) of the following criteria:

  • the department reasonably believes that the recipient of the information is subject to a law, binding scheme or binding contract that provides substantially similar protection to the Privacy and Data Protection Act 2014
  • the workplace participant has provided consent to the transfer
  • the transfer is necessary for the performance of a contract between the workplace participant and the department, or for the implementation of pre-contractual measures taken in response to the individual's request (generally not applicable in this context)
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the workplace participant between the department and a third party (e.g., for cloud hosting services with appropriate safeguards)
  • the transfer is for the benefit of the workplace participant, and it is impracticable to obtain the individual's consent to the transfer, but if it were practicable to obtain consent the individual would be likely to give it
  • the department has taken reasonable steps to ensure that information which it has transferred will not be held, used or disclosed by recipients inconsistently with the Information Privacy Principles

12. Workplace participant responsibilities

It is every workplace participant's responsibility to familiarise themselves with the Information Privacy Principles set out in the Privacy and Data Protection Act 2014 and to ensure that they comply with them when using the App and Website. Workplace participants must also use these systems in accordance with departmental codes of conduct and any specific usage guidelines provided for the App or Website.

13. Relevant legislation

  • Privacy and Data Protection Act 2014
  • Charter of Human Rights and Responsibilities Act 2006
  • Freedom of Information Act 1982
  • Victorian Data Sharing Act 2017
  • Public Records Act 1973

These Acts are available on the Victorian Legislation and Parliamentary Documents website via http://www.legislation.vic.gov.au by searching under 'Victorian Law today.'


V4.2.4 © State of Victoria 2025 Terms & Conditions  |  Privacy