Data governance overview


The following framework outlines the principles and minimum standards that guide the University’s data and information governance activities. These apply to all UNSW staff, contractors, and service providers.

UNSW personnel can view the annual data and information governance work plans here for the period 2015 to the present date.

UNSW Data & Information Governance Policy Framework

The UNSW Data Governance policy framework consists of the following:

Governance and Ownership

UNSW, rather than any individual or Organisational Unit, is the overall owner of the organisational data.

The Data Governance Steering Committee is responsible for the overall management of the University’s Data & Information Governance program.

A Data Executive supported by a Data Owner has the responsibility for the management of data assigned within their portfolio.

Data Owners are Custodians, who are responsible for ensuring effective local protocols are in place to guide the appropriate use of their data asset. Access to, and use of, institutional data will generally be administered by the appropriate Data Owner.

Data Owner must ensure the process for the administration of data is in accordance with the Data Management Life Cycle.

Every data source must have a Data Steward, who is responsible for the quality and integrity, implementation and enforcement of data management within their Division.

The Data Steward will classify and approve the access based upon the appropriateness of the User’s role and the intended use. Where necessary, approval from the Data Executive/Data Owner may be required prior to authorisation of access.

Business Subject Matter Experts (SME’s) under Management and Operations category are IT/Business specialists who will be responsible for providing ongoing support to UNSW Operational systems.

Data Creators under Ownership and Responsibility category are people who will be responsible for Data Ownership of research data and primary materials. Original research data and primary materials generated in the conduct of research at the University is owned and retained by the University, subject to any contractual, statutory, ethical, or funding body requirements. Researchers are permitted to retain a copy of the research data and primary materials for future use, subject to any contractual, statutory, ethical or funding body requirements.

Quality and Integrity

Data Users must ensure appropriate procedures are followed to uphold the quality and integrity of the data they access.

Data records must be kept up-to-date throughout every stage of the business workflow (University operations) and in an auditable and traceable manner. Data should only be collected for legitimate uses and to add value to the University. Extraction, manipulation and reporting of data must be done only to perform University business.

Where appropriate, before any data (other than publicly available data) is used or shared outside the University, verification with the Data Steward is required to ensure the quality, integrity and security of data will not be compromised.

Data shall be retained and disposed of in an appropriate manner in accordance with the University’s Records Keeping and associated procedures under NSW State Records Act 1988.

Classification and Security

Appropriate data security measures (see Data Classification Standard and Data Handling Guideline of ISMS must be adhered to at all times to assure the safety, quality and integrity of University data.

Personal use of institutional data, including derived data, in any format and at any location, is prohibited.

Records stored in an electronic format must be protected by appropriate electronic safeguards and/or physical access controls that restrict access only to authorised user(s) Similarly, data in the University Data repository (Databases etc.) must also be stored in a manner that will restrict access only to authorised user(s).

The policy applies to records in all formats (paper, digital or audio-visual) whether registered files, working papers, electronic documents, emails, online transactions, data held in databases or on tape or disks, maps, plans, photographs, sound and video recordings, or microforms.

Terms and Definitions

The definition and terms used to describe different types of data should be defined consistently or referred to relevant Business Glossary* of the University.

* zID required for login