Policy Feedback
Step 1 of 4: Enter your comments on individual clauses
In step 1 provide your comments on specific content. Select (comment icon ) to open a comment box to type your feedback then click "save comment" to close the comment box. In step 2 you will provide general comments.
Important tips to avoid losing your comments or corrupting your entries:
- AVOID jump between web pages or applications while commenting – open a new browser window if you need to to switch
- ONLY log comments for one policy at a time.
- DON'T leave your submission half way through. If you need to take a break, submit your current set of comments. You can go back in and start a new comments , just jump to where you left off.
(1) This Policy supports the UNE Governance Framework’s Information Governance functions and assist the University of New England in preparing for and responding to (2) The objective of this Policy is to describe UNE’s approach to reducing the risks associated with data breaches. The approach includes the immediate containment and mitigation of harm, evidentiary and reporting requirements, and future strategies to improve the management of personal information reducing the likelihood of breach reoccurrence. (4) The Data Breach Policy applies to: (5) A data breach occurs when there is a failure that has caused or has the potential to cause, unauthorised access to, disclosure of, or loss of, UNE physical or digital data containing personal information. (6) Data breaches are serious and can potentially harm individuals and organisations. (7) Protect (8) Provide access to (9) Report data breaches immediately. (10) Respond to data breaches within the required legislative and UNE timeframes. (11) Comply with voluntary and compulsory reporting schemes. (12) UNE keeps an up-to-date Data Breach Response Plan that defines: (13) The Data Breach Response Plan outlines the processes and roles and responsibilities for managing data breaches at UNE and should be read in conjunction with the Information Security Policy, Emergency Management Plan, Privacy Management Rule, and the IT Service Continuity and Disaster Recovery Plan. (14) A suspected data breach is any event that may have involved unauthorised access to, unauthorised disclosure of, or loss of data involving (15) All (16) Assessment of all reported suspected data breaches is completed by the UNE UNE Privacy Officer. (17) Data breach are assessed for harm, impact and risk defined in the UNE Data Breach Response Plan. (18) Roles and responsibilities for responding to data breaches and escalation points are defined in the Data Breach Response Plan. (19) This Data Breach Policy is made by the Vice-Chancellor and Chief Executive Officer consistent with section 29 of the University of New England Act 1993 (NSW). (20) The Custodian of this Policy and Rule, the Director Governance and University Secretary, is authorised to make minor administrative updates to this Policy, and to publish as associated documents any tool that will assist with compliance. (21) The Data Breach Response Plan is the responsibility of the Director Governance and University Secretary and approved by Information Technology Governance Committee (VC Approved). (22) (23) This Policy is consistent with the: (24) This Policy operates as and from the (25) Previous policies relating to Data Breach Policies are replaced and have no further operation from the (26) This Policy should be read in conjunction with the Privacy Management Rule. (27) Quality Assurance regarding the effective implementation of the Data Breach Policy will be supported by: (28) Data breach - is the unauthorised access to, unauthorised disclosure of, or loss or personal information. (29) Unauthorised access – is access of personal information occurs when personal information that UNE holds is accessed by someone who is not permitted to have access. (30) Unauthorised disclosure – is making personal information accessible or visible to others outside UNE, or in specific circumstances to unauthorised parties within UNE in a way that is not permitted by the Privacy and Personal Information Protection Act 1998 and/or Health Records and Information Privacy Act 2002. This may be done intentionally or unintentionally. (31) Data loss – is the accidental or inadvertent loss of personal information held by UNE and is likely to result in unauthorised access or unauthorised disclosure.Privacy Management Rule - Annexure 1 - Data Breach Policy
Section 1 - Overview and Scope
Part A - What is a Data Breach
UNE and University Representatives responsibilities
UNE Data Breach Response Plan
Part B - Suspected data breach
Reporting a suspected data breach
Part C - UNE’s approach to responding to a data breach
Table 1 – Suspected data breach
Table 2 – Responding to a data breach
Section 2 - Authority and Compliance
Section 3 - Quality Assurance
Top of PageSection 4 - Definitions (specific to this Policy)