The Victorian government has failed a privacy audit of its Web sites with about half not even providing the security necessary to protect personal information.
About 95 of 400 Victorian government and council websites were audited in July for the first time since the introduction of the Privacy Act in 2001.
In his findings Victorian Privacy Commissioner, Paul Chadwick, attributed the poor results to the segregation of privacy officers from IT people within their organisations.
While 88 per cent of audited sites contained privacy statements, the audit found the number without statements was unacceptably high.
Half of the audited sites did not tell users they could access their own personal information and change it and two-thirds did not tell users who their details would be disclosed to.
The sites included small agencies and large departments, with an emphasis on sites with online transactions, such as facilities for council rates and bill paying services.
There was little or no information about the privacy status of users during online transactions.
"The frequency with which online payment facilities were not specifically mentioned in privacy statements was troubling," the audit said.
"Of all transaction types, payment engines always require personal information, regardless of whether the organisation or a service provider hosts the transaction."