View Document

Access and Security Procedure

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) To outline the responsibilities and actions associated with access and security of records and information at Macquarie University.

Scope

(2) This Procedure applies to all Macquarie University staff and all University Records.

Top of Page

Section 2 - Policy

(3) Refer to the Records and Information Management Policy.

Top of Page

Section 3 - Procedures

Part A - Responsibilities and Required Actions

Records and Information Access and Security Control

(4) Executive Deans / Heads of Offices / business system owners must ensure that enterprise business information systems and local recordkeeping systems for which they are responsible have access-control protocols and procedures that ensure:

  1. records and information are stored with an appropriate level of security;
  2. records and information can only be accessed by staff for legitimate work purposes;
  3. record and archival integrity is maintained; and
  4. staff who access University records and information are aware of their responsibilities for protecting privacy and confidentiality where relevant.

Records and Information Access for Research Purposes

(5) This section applies to access to University records and information by external parties, and by University staff for research purposes not directly related to their work.

(6) A person wishing to access University records and information for research purposes must submit an access request to ask.memory@mq.edu.au. Access to records and information held in enterprise business systems will be redirected to the Director, Strategic Planning and Information.

(7) Requests for records and information held by a budget division must be made in writing to the relevant Executive Dean / Dean / Head of Office and must detail the specific records being requested.

(8) Before approval of access, the relevant Executive Dean / Dean / Head of Office / business system owner holding the records and information must ensure that advice is sought from:

  1. General Counsel if the requested records and information contain content that may be commercially sensitive for the University or for a third party business that it engages with, or legal advice or opinion; or
  2. Privacy Officer (privacyofficer@mq.edu.au) in relation to any personal information contained in the records.

(9) Before approval of access to records and information held by Archives and Records, staff of that area must consult with the area from which the records and information originated if there is any doubt about releasing the records and information.

(10) Where permission is given to access records for research purposes, the area controlling the records and information will provide access to them with appropriate security and protection of archival integrity.

Individuals’ Access to Their Personal Information

(11) An individual who wishes to view or amend their own personal information held in University business systems must submit a written request to the relevant Executive Dean / Dean / Head of Office holding the record or information (e.g. relevant Faculty for student files, Human Resources for employee files).

(12) The head of the area holding the record or information, or their nominee, must contact the Privacy Officer for advice about the appropriate procedure.

Freedom of Information Requests

(13) Individuals may apply for access to University records and information under the provisions of the Government Information (Public Access) Act 2009.

(14) All formal requests for access to University records and information under the provisions of the Government Information (Public Access) Act 2009 must be made in writing to the University’s Right to Information Officer (see Right to Information (GIPA)).

(15) The Director, Strategic Planning and Information is responsible for managing responses to Right to Information requests.

(16) If a staff member receives a request to access records and information under the provisions of the Government Information (Public Access) Act 2009, they must immediately forward the request to the Director, Strategic Planning and Information.

Top of Page

Section 4 - Guidelines

(17) Nil.

Top of Page

Section 5 - Definitions

(18) Commonly defined terms are located in the University Glossary. Definitions specific to this Procedure are contained in the Records and Information Management Policy.