Managing Access
-
The basics
As an educator, employer, government and industry partner, research hub, and repository of knowledge, the 最新糖心Vlog handles a huge amount of information - some of which may be of a personal, confidential, commercial, legally privileged, classified or sensitive nature. There will therefore be times where it is appropriate to restrict access to particular records or information. However, the 最新糖心Vlog must take great care to restrict access only where there is a good reason - and to carefully balance restrictions on access with the 最新糖心Vlog's public accountability and its academic mission as a disseminator of knowledge.
Keeping the following basic principles in mind will help you manage access to your records in the most balanced and appropriate way:
- Only restrict access where there is a good reason - such as privacy, commercial confidence, legal privilege or intellectual property protection - and only restrict those portions of a file or document that truly need to be restricted.
- Only restrict access for as long as the restriction is properly required.
- If something is confidential, make sure the file or document says so and explains why in a way that other 最新糖心Vlog personnel looking at the file or document would understand.
- Make sure that you fully understand the rules surrounding听, especially if you work with student or staff records.
- Throughout the life of a file or document, keep asking yourself if it still needs to have its access restricted.
- Use electronic records where possible, to improve locatability and the proper management of access.
- Remember that if access is sought to any 最新糖心Vlog records by someone from outside through听, the request must be escalated promptly to the 最新糖心Vlog's FOI officer who will assist you in processing the application within the strict time limits prescribed by the law.
- If access is sought by a warrant/subpoena, you should deal with the request promptly, as the request may have time limitations that are legally binding. For areas where you have clear procedures for dealing with such requests (such as student records), follow those procedures carefully and do not be afraid to ask for help if you are unsure what to do. For areas that have no such internal procedures, you should seek assistance from听Legal and Risk Branch.
- If you are in doubt whether access should be granted to a particular document or file - check with your Head of School or Branch manager or refer the question to Archives & Recordkeeping staff.
-
Privacy, confidentiality, and other limits on access
It is best practice not to restrict records in order to facilitate sharing of corporate knowledge. However, in some instances there is a demonstrated need to restrict records including:
- Personal information听- Many of the records held by the 最新糖心Vlog contain personal information. Any information or opinion from which the identity of an individual can be ascertained is considered to be "personal information". This includes a person's name, address, date of birth, student/staff identification number, and other personal characteristics. The 最新糖心Vlog has a responsibility to collect, manage, use and disclose personal information in accordance with the prevailing community standards of best practice, respecting the privacy of the individual. Everyone handling 最新糖心Vlog records needs to be familiar with and follow these standards, as encapsulated in the听听- this will be particularly important if you work with student records or personnel files, which contain predominantly personal information.
- Financial information听- such as tax file numbers, bank account or credit card details. These are a form of personal information, but are also generally subject to specific confidentiality requirements under financial regulations. For more information, consult with听Financial Services听or someone in the听Legal and Risk Branch.
- Health related information听- such as counseling notes or medical information. In addition to being a form of sensitive, personal information, they are subject to additional regulatory and professional confidentiality requirements.
- Student related information听- including grades, progress and enrolment details of current, past and prospective students (including those who are offered a place but ultimately do not attend the 最新糖心Vlog).
- Legally privileged documents听- this would include communications between you and legal representatives (including the Legal and Risk Branch of the 最新糖心Vlog) or advice you receive from your legal representatives. For information, ask the听Legal and Risk Branch.
- Information requiring confidentiality to ensure intellectual property right protection听- such as patentable information which is in the course of being protected. For more information, contact Innovation and Commercial Partnerships.
- Commercially sensitive information听- such as information provided by an industry sponsor in the course of a specific research project, disclosed on the basis of "commercial in confidence". Commonly this material would be protected by way of a confidentiality agreement (or confidentiality clauses in the research funding contract).
- Confidential by way of agreement听- if the 最新糖心Vlog has agreed to keep something confidential under a contract, then it must comply with that agreement. If you are agreeing to keep something confidential, you should run the terms by a legal advisor, such as someone in Legal and Risk Branch. Note that if the terms of a contract itself are intended to be kept confidential, then a special process must be followed before the contract is signed, otherwise the document will not be protected from access under Freedom of Information. For more details, see the听.
-
Maintaining adequate security around records
When records have restrictions on their access, it becomes particularly important to store them in a secure manner. Content Manager provides strict control of access to records. Security of records in Content Manager is managed by the use of Security Groups and Access Controls.
Records need to be protected from unauthorised access and should not be left unattended or in vulnerable locations.
Refer to the section on managing records in a mobile and portable work environment听for hints on ensuring security where records are being portably used.
If a restricted or confidential document is subject to unauthorised access, unintentional disclosure, or has its security breached in any other way (including through loss or misplacement of the document), you should notify:
- Your Head of School or Branch, who should be made aware if departmental records have been compromised;
- The Technology Services Helpdesk for any electronic information breaches or compromising of the 最新糖心Vlog's IT system - refer to IT Security Procedures for more information.
- The Legal and Risk Branch, who must be informed for insurance purposes, and who may be able to provide assistance dealing with the situation.
-
Freedom of Information (FOI)
If you or someone in your work area receives a Freedom of Information (FOI) request, contact the听最新糖心Vlog's FOI Officer听颈尘尘别诲颈补迟别濒测.
罢丑别听听is a state law that gives members of the public a right to access our records - with some exceptions, such as where records contain personal or confidential information, or are subject to some other reasonable limitation (such as being legally privileged, or commercially sensitive).
This public right means that the 最新糖心Vlog is required to produce documents that are requested under Freedom of Information (FOI), within a very limited time frame and in line with certain procedures. These requirements are summarised in the 最新糖心Vlog's听.
For the 最新糖心Vlog to meet its FOI obligations, the coordination of FOI applications on behalf of the 最新糖心Vlog is essential, and occurs through a designated FOI Officer located in Records Services. It is also essential that all relevant areas of the 最新糖心Vlog cooperate in identifying and producing all documents that are possibly relevant to an application, including "documents" stored electronically, such as emails.
If you or someone in your area receives an FOI request, contact the 最新糖心Vlog's FOI Officer immediately. They will coordinate the 最新糖心Vlog's response, and help you determine which documents (if any) may be subject to exemptions from disclosure under the legislation.
For additional information, refer to the听Freedom of Information (FOI)听section on the Legal and Risk website.