Policy Documents

Business women looking at documents

The purpose of the Information Governance Policy is to provide a comprehensive set of principles and procedures for managing information held by the University.

The Information Governance Office is currently revamping its policies, procedures and guidelines. Please contact the Information Governance Office for further information.

  • The UNSW Data Breach Policy and Procedure sets out the policy principles and procedures for identifying, assessing, managing and responding to a breach of data held by UNSW.

    It establishes responsibility and accountability for all steps in addressing information security incidents resulting in data breaches and describes clear roles and responsibilities. It also describes the principles and procedures relating to internal and external notification and communication of such data breaches.

    The Policy and Procedure has been drafted in response to amendments to the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) that came into effect on 28 November 2023. The principal amendment requires agencies to provide notifications to affected individuals and the Privacy Commissioner in the event of an ‘eligible data breach’ of their personal or health information by a NSW public sector agency subject to the PPIP Act (called the Mandatory Notification of Data Breach, or MNDB Scheme).

    The Data Breach Policy and Procedure applies to all UNSW staff, students, contractors, consultants, third-party vendors and agents of the University.

    Effective breach management assists UNSW in avoiding or reducing possible harm to both the affected individuals and UNSW and may prevent future breaches.

  • The UNSW Data Classification Standard is a framework for assessing data sensitivity, measured by the adverse business impact a data breach would have on the University.

    Determining how to protect and handle information depends on a consideration of the information’s type, importance, and usage. The Standard outlines the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled.

    The classification applies to University employees (faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in any form (paper, digital text, image, audio, video, microfilm, etc.) during the course of conducting University business (administrative, financial, education, research or service).

    The process of data classification is governed by the Data Governance Policy and the Research Data Governance & Materials Handling Policy.

    More information regarding Data Classification is available on the Data & Information Governance intranet.

  • UNSW has a Data Governance Policy developed in consultation with academic and professional staff.

    The purpose of the Data Governance Policy is to:

    • Define the roles and responsibilities for different data creation and usage types, cases and/or situations, and to establish clear lines of accountability.
    • Develop best practices for effective data management and protection.
    • Protect the University’s data against internal and external threats (e.g. breach of privacy and confidentiality, or security breach)
    • Ensure that the University complies with applicable laws, regulations, exchange and standards
    • Ensure that a data trail is effectively documented within the processes associated with accessing, retrieving, exchanging, reporting, managing and storing of data.

    This policy applies to all UNSW staff, contractors and consultants.

    This policy applies to all institutional data used in the administration of the University and all of its Organisational Units.

    This policy covers, but is not limited to, institutional data in any form, including print, electronic, audio visual, backup and archived data.

  • The key legislative instruments governing Higher Education in Australia is as follows:

    • Higher Education Support (HESA) Act – also outlines TEQSA, Funding Act and associated guidelines
    • Education Services for Overseas Students (ESOS) Act
      The agreements between the Commonwealth Government, and Universities (and other higher education providers) are governed  by Mission Based Compacts which inform the funding agreements for each University.
    • Compacts
    • Funding Agreements
    • UNSW Acts
      UNSW is governed by its Act and By-Law under NSW legislation

    More information is available from UNSW Legal.

    • Legislation/ Guidelines Location
    • UNSW Privacy Management Plan
    • Health Records and Information Privacy Act 2002
      • Health Records and Information Privacy Code of Practice 2005
      • Health Records and Information Privacy Regulation 2012
    • Surveillance Devices Act 2007
    • UNSW Records and Archives Office
    • Australian Code for the Responsible Conduct of Research (2007)
    • State Records Act 1998 (NSW)
    • General retention and disposal authorities
      • GDA 8 - Video / Visual Surveillance Records
      • GDA 11 - Audio Visual Programs and Recordings
      • GDA 17 - Public Health Services: Patient/Client records
      • GDA 23 - University Records
      • GDA 28 - Administrative Records
      • GA 47 - Higher and further education records (latest)
      • GDA 23
      • GA 47
    • Defence Trade Controls Act 2012 - Under review for applicability
    • Children and Young Persons (Care and Protection) Act 1998 - Under review for applicability
    • Circuit Layouts Act 1989 - Under review for applicability
    • Customs Act 1901 - Under review for applicability
    • Designs Act 2003 - Under review for applicability
    • Environmentally Hazardous Chemicals Act 1985 - Under review for applicability
    • Higher Education Support Act 2003
    • Independent Commission Against Corruption act 1988 - Under review for applicability
    • National Greenhouse and Energy Reporting Act 2007 - Under review for applicability
    • National Health Security Act 2007 - Under review for applicability
    • Payroll Tax Act 2007 (NSW)
    • Payrol Tax Act 2011 (ACT) - Under review for applicability
    • Public Interest Disclosures Act 1994 (NSW) - Under review for applicability
    • Telecommunications (Interception and Acess) Act 1979 - Under review for applicability
    • Trustee Act 1925 - Under review for applicability
  • The Research Data Governance & Materials Handling Policy applies to all people working on research at UNSW.

    This policy outlines the requirements, roles and responsibilities associated with access, retrieval, storage, disposal and backup of UNSW research data and materials, as well as best practice measures to enable compliance with these requirements.

    Research data is a strategic asset of UNSW, which makes the appropriate governance regarding management and use of research data critical to the University's operations. Research data governance involves creating and implementing rules to protect and get the most benefit from data. Lack of research data governance could expose the University to unwanted risks and may lead to improper management of UNSW assets.

    Research data and materials allow research findings to be validated and have long-term value as a potential resource for future research and teaching. Good practice in research data governance and materials handling benefits the wider research community by enabling future researchers to publish, share, cite and reuse the research data and materials by reducing the risk of loss and corruption.

    ‘Good data management is good research’ is the principle upon which our approach to managing research data and materials at UNSW is founded. This Policy has been developed in response to the specific needs of the research community. Additionally, an overarching UNSW Research Data Governance Framework (RDGF) has been developed.

    Research data contacts

    For all research data management matters, please email RDM@unsw.edu.au or visit the Research Data Management webpage.