Policies and Standards

Business women looking at documents

Following is a master list of all Data Governance policies, procedures and guidelines. These are developed and maintained by Data and Information Governance office. You can contact the Data & Information Governance Office via email datagov@unsw.edu.au.

  • The UNSW Data Breach Policy and Procedure sets out the policy principles and procedures for identifying, assessing, managing and responding to a breach of data held by UNSW.

    It establishes responsibility and accountability for all steps in addressing information security incidents resulting in data breaches and describes clear roles and responsibilities. It also describes the principles and procedures relating to internal and external notification and communication of such data breaches.

    The Policy and Procedure has been drafted in response to amendments to the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) that came into effect on 28 November 2023. The principal amendment requires agencies to provide notifications to affected individuals and the Privacy Commissioner in the event of an ‘eligible data breach’ of their personal or health information by a NSW public sector agency subject to the PPIP Act (called the Mandatory Notification of Data Breach, or MNDB Scheme).

    The Data Breach Policy and Procedure applies to all UNSW staff, students, contractors, consultants, third-party vendors and agents of the University.

    Effective breach management assists UNSW in avoiding or reducing possible harm to both the affected individuals and UNSW and may prevent future breaches.

  • The UNSW Data Classification Standard is a framework for assessing data sensitivity, measured by the adverse business impact a breach of the data would have upon the University. This standard for the University community has been created to help effectively manage information in daily mission-related activities. 

    Determining how to protect and handle information depends on a consideration of the information’s type, importance, and usage. The standards outline the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled.

    The classification applies to University employees (faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in any form (paper, digital text, image, audio, video, microfilm, etc.) during the course of conducting University business (administrative, financial, education, research or service).

    Data Controllers and System Managers at UNSW are required to determine the data classification for the systems and data repositories for which they have responsibility. Such assessment should be done at least bi-annually. The data classification assessment will then determine how the UNSW Data Handling Guidelines apply to the system or data repository that has been classified. Following are the steps required to complete the data classification process for UNSW systems or data repositories. The process of data classification is governed by the UNSW Link to the Data Governance Policy or the Research Data Governance & Materials Handling Policy.

    Here is a link to the Data Classification Standard.

    More information regarding Data Classification is available on the Data & Information Governance intranet.

  • UNSW has had an institutional Data Governance Policy for several years now and has recently released a Research Data Governance & Materials Handling Policy. They weredeveloped in consultation with academic and professional staff, and have been subject to revision based upon staff feedback.

    The purpose of the Data Governance Policies is to:

    • Define the roles and responsibilities for different data creation and usage types, cases and/or situations, and to establish clear lines of accountability.
    • Develop best practices for effective data management and protection.
    • Protect the University’s data against internal and external threats (e.g. breach of privacy and confidentiality, or security breach)
    • Ensure that the University complies with applicable laws, regulations, exchange and standards
    • Ensure that a data trail is effectively documented within the processes associated with accessing, retrieving, exchanging, reporting, managing and storing of data.

    This policy applies to all institutional data used in the administration of the University and all of its Organisational Units. This policy covers, but is not limited to, institutional data in any form, including print, electronic, audio visual, backup and archived data. These policies apply to all UNSW staff, contractors and consultants.

    Link to the Data Governance Policy and the Research Data Governance & Materials Handling Policy.

  • This will outline the policies, standards, procedures and guidelines that govern any defence related research.

    Details TBC.

  • This outlines the requirements for the Handling of UNSW data as endorsed by the Data Governance Steering Committee and UNSW Data Governance Framework (DGF).

    This guidance should be used in conjunction with UNSW Policy, Standards and Procedures, the following of which are most applicable.

    • Data Governance Policy
    • Research Data Governance & Materials Handling Policy
    • Data Classification Standard
    • IT Security Policy – Information Security Management System (ISMS)
    • IT Security Standard - Secure Algorithm List (SAL)

    This guidance commensurate with Data Classification, determines, how to protect & handle information with a consideration of the information’s type, importance, and usage. The guidelines outline the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled.

    UNSW personnel can access the current data handling guideline.

  • The key legislative instruments governing Higher Education in Australia is as follows:

    • Higher Education Support (HESA) Act – also outlines TEQSA, Funding Act and associated guidelines
    • Education Services for Overseas Students (ESOS) Act
      The agreements between the Commonwealth Government, and Universities (and other higher education providers) are governed  by Mission Based Compacts which inform the funding agreements for each University.
    • Compacts
    • Funding Agreements
    • UNSW Acts
      UNSW is governed by its Act and By-Law under NSW legislation

    More information is available from UNSW Legal.

    • Legislation/ Guidelines Location
    • UNSW Privacy Management Plan
    • Health Records and Information Privacy Act 2002
      • Health Records and Information Privacy Code of Practice 2005
      • Health Records and Information Privacy Regulation 2012
    • Surveillance Devices Act 2007
    • UNSW Records and Archives Office
    • Australian Code for the Responsible Conduct of Research (2007)
    • State Records Act 1998 (NSW)
    • General retention and disposal authorities
      • GDA 8 - Video / Visual Surveillance Records
      • GDA 11 - Audio Visual Programs and Recordings
      • GDA 17 - Public Health Services: Patient/Client records
      • GDA 23 - University Records
      • GDA 28 - Administrative Records
      • GA 47 - Higher and further education records (latest)
      • GDA 23
      • GA 47
    • Defence Trade Controls Act 2012 - Under review for applicability
    • Children and Young Persons (Care and Protection) Act 1998 - Under review for applicability
    • Circuit Layouts Act 1989 - Under review for applicability
    • Customs Act 1901 - Under review for applicability
    • Designs Act 2003 - Under review for applicability
    • Environmentally Hazardous Chemicals Act 1985 - Under review for applicability
    • Higher Education Support Act 2003
    • Independent Commission Against Corruption act 1988 - Under review for applicability
    • National Greenhouse and Energy Reporting Act 2007 - Under review for applicability
    • National Health Security Act 2007 - Under review for applicability
    • Payroll Tax Act 2007 (NSW)
    • Payrol Tax Act 2011 (ACT) - Under review for applicability
    • Public Interest Disclosures Act 1994 (NSW) - Under review for applicability
    • Telecommunications (Interception and Acess) Act 1979 - Under review for applicability
    • Trustee Act 1925 - Under review for applicability
  • The Research Data Governance & Materials Handling Policy is now in force for all people working on research at UNSW.

    This policy outlines the requirements, roles and responsibilities associated with access, retrieval, storage, disposal and backup of UNSW research data and materials, as well as best practice measures to enable compliance with these requirements.

    Research data are a strategic asset of UNSW, which makes the appropriate governance regarding management and use of research data critical to the University's operations. Data governance involves creating and implementing rules to protect and get the most benefit from data. Lack of data governance could expose the University to unwanted risks and may lead to improper management of UNSW assets.

    Research data and materials allow research findings to be validated and have long-term value as a potential resource for future research and teaching. Good practice in research data governance and materials handling benefits the wider research community by enabling future researchers to publish, share, cite and reuse the research data and materials by reducing the risk of loss and corruption.

    ‘Good data management is good research’ is the principle upon which our approach to managing research data and materials at UNSW is founded. This Policy has been developed in response to the specific needs of the research community. Additionally, an overarching UNSW Research Data Governance Framework (RDGF) has been developed.

    Research data contacts

    For all research data management matters, please email RDM@unsw.edu.au or visit the Research Data Management webpage.