UNSW has developed a Data Breach Policy which describes the principles for responding to a breach of UNSW held data including managing a data breach and notification of persons whose privacy may be affected by the breach.
Effective breach management assists UNSW in avoiding or reducing possible harm to both the affected individuals and UNSW and may prevent future breaches. The policy also describes the principles relating to documentation, appropriate reporting internally and externally, and communication so that organisational learning occurs. It establishes responsibility and accountability for all steps in the process of addressing information security incidents that result in data breaches and describes clear roles and responsibilities with the aim of ensuring a comprehensive and well-managed privacy and information governance program.
Having a data breach response plan is part of establishing robust and effective privacy and information governance procedures, at UNSW this is included in the Data Breach Management Procedure. And having clear roles and responsibilities is the foundation to a comprehensive and well-managed privacy and information governance program.
The UNSW Data Breach Policy assists with:
- Meeting UNSW’s obligations under the Privacy Act 1988 (Cth).
- Protection of an important business asset — the personal information of UNSW’s constituents, including but not limited to staff, students, alumni, research subjects — as well as UNSW’s reputation.
- Dealing with adverse media or stakeholder attention from a breach or suspected breach.
- Instilling public confidence by responding to a breach systematically and effectively, with the aim of meeting UNSW obligations and protecting business and personal assets.
To enhance robust and effective privacy and Information Governance procedures, a Data Breach Management Procedure has also been developed.
You can access the policy here.