Bulletin Board - Document Comments

Bulletin Board - Review and Comment

Step 1 of 3: Comment on Document

There are 3 steps in the submission process. You must complete all three steps in one session, otherwise your comments will be lost.

1. Use this Protected Document icon to open a comment box.

2. Type your feedback and then click the"Save Comment" button in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments, go to step 2 by clicking on the “Save and Continue” button at the very bottom of this page.

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity or if you close your browser or go to a different tab/window and try to come back.

To ensure that your comments are received:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time.

  3. DO NOT leave your submission unfinished. If you need to take a break, submit your current set of comments now and return later to make a further submission. You will receive a copy of your comments so that you can see what you have already said.

  4. DO NOT exit from the interface until you have completed all three steps of the submission process.  Simply saving a comment in the comment box does not mean it is submitted and if you exit the system, you will not be able to retrieve it later.

When you finalise your submission in step 3 your comments will be emailed to the Document Author with a copy to you, and to policy@mq.edu.au for record keeping purposes.

Access and Security Procedure

Section 1 - Purpose

(1) The purpose of this Procedure is to outline the responsibilities and actions associated with Access and security of Records and information at Macquarie University.

Scope

(2) This Procedure applies to all Macquarie University staff and all University Records.

(3) Records that are 20 years old or more are considered to be open to public access under the State Records Act 1998, except where Macquarie University has issued an access direction to close records for a longer timeframe.

Top of Page

Section 2 - Policy

(4) Refer to the Records and Information Management Policy.

Top of Page

Section 3 - Procedures

Responsibilities and Required Actions

Records and Information Access and Security Control

(5) Executive Deans/Heads of Offices/business system owners must ensure that enterprise business information systems and local recordkeeping systems for which they are responsible have access-control protocols and procedures that ensure:

  1. Records and information are stored with an appropriate level of security;
  2. all Records, including paper and digital Records, unstructured data, as well as corporate data must be allocated one of four information security classifications appropriate to the content as outlined in the Information Classification and Handling Procedure:
    1. Public
    2. Internal
    3. Confidential
    4. Highly sensitive;
  3. Records and information can only be accessed by staff for legitimate work purposes; with appropriate approvals where required; 
  4. Record and archival integrity is maintained;
  5. staff who access University Records and information are aware of their responsibilities for protecting privacy and confidentiality where relevant; and
  6. staff access to Records is provided in line with the information security classification applied.

(6) Access to Records requested under a subpoena, legal warrant or court order must be managed by the Office of General Counsel. Such requests must be directed to their attention immediately on receipt. 

(7) When responding to external requests, original versions of Records must not leave the University’s control. Only copies may be provided to external parties where approved (unless originals are required to be provided by law). 

Records and Information Access for Research Purposes

(8) This section applies to access to University Records and information by external parties, and by University staff for research purposes not directly related to their work.

(9) A person wishing to access University Records and information for research purposes must submit an Access request to ask.memory@mq.edu.au. Access to Records and information held in enterprise business systems will be redirected to the Records and Archives Manager.

(10) Requests for Records and information held by a budget division must be made in writing to the relevant Executive Dean/Dean/Head of Office and must detail the specific Records being requested.

(11) Before approval of Access, the relevant Executive Dean/Dean/Head of Office/business system owner holding the Records and information must ensure that advice is sought from:

  1. General Counsel if the requested Records and information contain content that may be commercially sensitive for the University or for a third party business that it engages with, or legal advice or opinion; or
  2. Privacy Officer (privacyofficer@mq.edu.au) in relation to any personal information contained in the Records.

(12) Before approval of Access to Records and information held by Archives and Records, staff of that area must consult with the area from which the Records and information originated if there is any doubt about releasing the Records and information.

(13) Where permission is given to access Records for research purposes, the area controlling the Records and information will provide access to them with appropriate security and protection of archival integrity.

Individuals Access to their Personal Information

(14) An individual who wishes to view or amend their own personal information held in University business systems must submit a written request to the relevant Executive Dean/Dean/Head of Office holding the Record or information (e.g. relevant Faculty for student files, Human Resources for employee files).

(15) The head of the area holding the Record or information, or their nominee, must contact the Privacy Officer for advice about the appropriate procedure.

Government Information Public Access (GIPA) Requests

(16) Individuals may apply for access to University Records and information under the provisions of the Government Information (Public Access) Act 2009.

(17) All formal requests for access to University Records and information under the provisions of the Government Information (Public Access) Act 2009 must be made in writing to the University’s Right to Information Officer (see Right to Information (GIPA)).

(18) The Records and Archives Manager is responsible for managing responses to Right to Information requests.

(19) If a staff member receives a request to Access Records and information under the provisions of the Government Information (Public Access) Act 2009, they must immediately forward the request to the Records and Archives Manager at: gipa.mq.edu.au.

Top of Page

Section 4 - Guidelines

(20) Nil.

Top of Page

Section 5 - Definitions

(21) The following definitions apply for the purposes of this Procedure:

  1. Access means the right, opportunity, means of finding, using or retrieving information. (AS ISO 15489 Part 1 Clause 3.1). The granting of permission to:
    1. use the reference facilities of Archives;
    2. examine and study individual Archives and/or collections held by Archives; and
    3. extract information from Archives and Records for research or publication.
  2. Records means information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business. (AS ISO 15489 Part 1 Clause 3.15). Any document or other source of information compiled, recorded or stored in written form or on film, or by electronic process, or in any other manner or by any other means (the State Records Act 1998).
  3. University Records means any document or other source of information that is compiled, recorded or stored, in written form, on film, by electronic process, or in any other format or through any other means (as defined under the State Records Act 1998). This includes but is not limited to data (including corporate data) and information held in fields in an information system, documents, emails, folders, messages, chat and posts.