7.1 Data and Information Governance Policy
Data and Information Governance Policy
Purpose:
Effective management of information and cyber security enables the strategic objectives of the University to be met while managing risks and protecting systems and information from cyber threats. This policy outlines our commitment to responsibly manage risks, and safeguard systems and information in a way that controls and protects, while maximising the value of information in an ethical and compliant way and minimising the cost and risk of holding information.
| 1 | Privacy | Responsible |
|---|---|---|
| 1.1 | The University will embed a culture of privacy that respects individual’s rights. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.2 | The University will ensure contemporary privacy practices are used to govern the collection, management and use of personal information. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.3 | The University will ensure that data, which is collected and managed to assist evidence based organisational decisions, is only used in ways that respect the privacy of individuals. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.4 | The University will only share data with partner organisations where it was clear when the information was originally obtained that it could be used for these purposes and where the University is confident the partner organisation will meet the University’s standards for the protection of privacy. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.5 | The University will act appropriately and respond diligently if there is a suspected breach of privacy obligations, mitigating against any harm to staff, students and our stakeholders. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.6 | Disciplinary action may be taken where a privacy breach is found to be intentional. | Deputy Vice-Chancellor (Student Services and Operations) |
| 1.7 | The University may use personal information if it is needed to protect people from material threats to personal safety and wellbeing. | Deputy Vice-Chancellor (Student Services and Operations) |
| 2 | Cyber security | |
| 2.1 | The University will identify and manage cyber security risk to systems, assets, data, and capabilities. | Deputy Vice-Chancellor (Student Services and Operations) |
| 2.2 | The University will implement appropriate cyber security controls to protect the delivery of critical infrastructure services. | Deputy Vice-Chancellor (Student Services and Operations) |
| 2.3 | The University will maintain frameworks, plans and systems to identify the occurrence of cyber security events, respond to events and restore the capabilities or services. | Deputy Vice-Chancellor (Student Services and Operations) |
| 2.4 | Users of the University's information, communication and technology services and facilities will understand their cyber security obligations and report all cyber security incidents and events. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3 | Information, communication and technology (ICT) services and facilities use | |
| 3.1 | University information, communication and technology services and facilities are for use by authorised users only and governed by appropriate controls. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3.2 | University information, communication and technology services and facilities will be used in a manner that supports the University mission and values and may only be used for University business and limited appropriate personal use. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3.3 | University information, communication and technology services and facilities are only for appropriate, legal and ethical use. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3.4 | The University may, where appropriate, monitor and restrict the use of University's services and facilities. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3.5 | The University will only allow authorised privately owned information, communication and technology devices to connect to University services and facilities. | Deputy Vice-Chancellor (Student Services and Operations) |
| 3.6 | Systems and applications will be designed, deployed, maintained and decommissioned according to their value and their confidentiality, integrity and availability requirements. | Deputy Vice-Chancellor (Student Services and Operations) |
| 4 | Data and information management | |
| 4.1 | The University will ensure appropriate governance for management of data and information that is consistent with regulatory, legal, risk, environmental and operational requirements. | Deputy Vice-Chancellor (Student Services and Operations) |
| 4.2 | The University will ensure that data and information, recognised as an asset, is available for use and reuse where appropriate. | Deputy Vice-Chancellor (Student Services and Operations) |
| 4.3 | University staff will ensure that information is created and captured to support all university functions and activities. | Deputy Vice-Chancellor (Student Services and Operations) |
| 4.4 | Members of the University community will ensure that data and information is appropriately stored, accessed, shared, preserved and disposed of protecting it from loss and unauthorised access. | Deputy Vice-Chancellor (Student Services and Operations) |
Definitions and acronyms: Information
23 September 2022 Once printed this is an uncontrolled document: Version history
All University community members must comply with all relevant laws and regulations, University By-Laws, ordinances, policies and procedures.