This document provides an overview of data privacy requirements for an organization called ICMS. It defines key privacy terms like personal information and sensitive information. It explains privacy legislation in Victoria and how information security is important for privacy. It provides examples of reasonable security steps organizations should take, like access controls, audit trails, training and encryption. It also discusses properly collecting, using, disclosing, accessing and correcting personal data, as well as where to go for help with privacy, records management and freedom of information issues at ICMS.