Protective markings

Protective markings on public sector information are security labels that act as a visual signal to those handling the information. It indicates the minimum level confidentiality and security measures required when handling, storing, transmitting, transferring, sharing and disposing of that information.

Protective markings are mandatory for all Victorian public sector organisations under the Victorian Protective Data Security Standards (VPDSS). The standards are administered by the Office of the Victorian Information Commissioner (OVIC) as part of the Victorian Protective Data Security Framework (VPDSF).

An 'originator' is the person or organisation responsible for creating or preparing public sector information, and best placed to conduct an assessment of the material.

Protective markings and VIDA

Protective markings are applied to all information handled by the Victorian Infrastructure Delivery Authority (VIDA) and shared with partners and third party providers. VIDA's Project Offices and Victoria’s Big Build agencies also apply protective markings.

How to handle information with protective markings

If you receive information from VIDA that has a protective marking, you should contact the originator to understand its handling requirements. Otherwise, you should continue to protect your information as usual.

If you receive information that does not have a protective marking, you should contact the originator to understand its confidentiality requirements and enquire as to which protective marking is appropriate. Protective markings should not be altered without consulting with the originator of the information.

Information obtained, received, reused, or stored for an official purpose or in supporting official activities must have one of these protective markings applied. This includes personal information.

Please ask the originator about the handling requirements of the information with respect to the protective marking.

From time to time, you may also receive enquiries from VIDA staff about the sensitivity of your information to inform its handling requirements. There may be a need to confirm the privacy and security requirements of the information you have provided to VIDA.

Find out more in the OVIC Protective Marking user guide.

Protective markings categories

There are various categories of protective markings. The following table describes these and provides some typical examples.

Protective marking	Description	Examples
OFFICIAL	Compromise of this information could cause minor harm or damage to our operations, organisations or individuals. This is most of our routine business operations and services information.	most routine emails and documents press releases administrative or operational documents.
OFFICIAL: Sensitive	This information is official information that, due to its sensitive nature, requires limited dissemination. Compromise of this information could cause limited harm or damage to our operations, organisations or individuals resulting in one or more of the following: breach of personal information (including sensitive information as defined in Schedule 1 of the Privacy and Data Protection Act 2014) humiliation, distress or embarrassment non life-threatening injury financial hardship.	personal or staff information information subject to legal privilege tenders or commercially confidential contracts Commercial-in- Confidence information.
PROTECTED	This information is official information that has been evaluated as valuable, important, and sensitive. Compromise of this information could cause major harm or damage to our operations, organisations or individuals resulting in one or more of the following: breach of personal information (including sensitive information as defined in Schedule 1 of the Privacy and Data Protection Act 2014) humiliation, distress or embarrassment irreversible or life-threatening injury direct threat to life financial hardship (e.g. bankruptcy or dissolution of assets).	pre-release state budget papers protected disclosures high-value tender negotiations.
PROTECTED: Cabinet-In-Confidence	Any information which: is or forms part of a document to be considered by Cabinet, even if that document is in draft or withdrawn prior to consideration is attached to a document to be considered by Cabinet and is not already in the public domain contains or refers to a Cabinet decision or deliberation or relates or refers to the development or progress of a submission.	All information that is prepared for Cabinet consideration (including drafts).

Cabinet-In-Confidence information handling requirements

Cabinet-In-Confidence information (sometimes referred as ‘CIC’) must be handled in compliance with the Victorian Government Cabinet Handbook.

Handling information with a protective marking from former protective marking schemes

Information that has been protectively marked under a former scheme must be reassessed under the current VPDSF protective marking scheme when actively used.

Documents not in active use do not need to be reassessed, or re-marked. Please request the originator to re-assess the information and replace the former protective marking.

The protective marking scheme aligns with the Commonwealth Government’s Information Security requirements of the Protective Security Policy Framework (PSPF).

Protective markings comparison: former versus current scheme

The following table compares and matches some protective markings from former schemes with the new scheme.

Some protective markings from former schemes	New (current) protective marking scheme under VPDSS
No equivalent	UNOFFICIAL Used on emails to indicate emails of a personal, rather than official nature.
CONFIDENTIAL	No direct replacement. Re-assess the security value of the information and apply an appropriate protective marking.
UNCLASSIFIED	OFFICIAL
FOR OFFICIAL USE ONLY	OFFICIAL: Sensitive
PROTECTED	PROTECTED
Protected: Vic Cabinet	PROTECTED // Cabinet-In-Confidence