Victoria's health department has been criticised over COVID-19 data breaches. 

Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), has accused the Department of Health of failing to safeguard citizens' personal information during the COVID-19 pandemic. 

A new OVIC report suggests the department's use of third-party call centres to cope with the heightened demand for staff during the crisis led to the misuse of sensitive data.

The investigation shed light on alarming lapses in pre-employment screening and police background checks for external staff, which proved to be a recipe for disaster. 

One such case involved an external staff member with a relevant criminal history and who was on bail at the time. 

Shockingly, this individual used personal information from the department's system to intrude upon and harass a woman who was isolating, pretending to be a health department inspector. 

The staff member reportedly attempted to coerce the woman into engaging in sexual acts.

OVIC's deputy commissioner stressed the challenging circumstances the department faced during the pandemic. 

Nevertheless, the regulator said steps must be taken to mitigate privacy risks in the future. 

As part of its recommendations, OVIC suggested that the Department of Health revises its policies for surge workforce recruitment, specifically addressing privacy concerns. 

Additionally, it advised the department to appoint a senior employee to handle contracts with third-party hires, with a strong focus on protecting personal information.

The Department of Health expressed deep remorse over the privacy breach and acknowledged the gravity of the situation. It said more could have been done to safeguard the privacy of Victorians and pledged to carefully consider and implement the OVIC's recommendations in a practical manner.

Commissioner Sven Bluemmel stressed the importance of learning from this incident to better handle future crises.