Processes
-
There are five key steps required in responding to a suspected or actual data breach:
- Contain the breach
- Evaluate the associated risks
- Recovery
- Consider notifying affected individuals and escalation to UNSW senior management
- Prevent a repeat.
For more information about how UNSW manages data breaches please refer to the Information Governance Policy.
More information for UNSW staff is available on the Information Governance SharePoint (internal access only).
-
It is a requirement for most users to obtain written permission from the relevant Data Custodian before accessing or using data from a UNSW information system.
If you are unable to ascertain who is the Data Custodian, please check the UNSW Information Asset Register.
More information for UNSW staff is available on the Information Governance SharePoint (internal access only).
-
Data classification applies to:
- all data created, collected, used, stored or processed at UNSW
- all University employees, affiliates, vendors, consultants/contractors, etc.
- handling of University data, information and records in any form (paper, digital text, image, audio, video, microfilm, etc.) during conducting University business (administrative, financial, education, research or service).
There are five levels of data classification at UNSW. These classifications reflect the level of damage done to the organisational interest and individuals from unauthorised disclosure, or compromise of the confidentiality, of UNSW data.
The five levels are: HIGHLY SENSITIVE, SENSITIVE, RESTRICTED, UNOFFICIAL and PUBLIC.
More information for UNSW staff is available in the Information Governance Instruction Manual (internal access only).