Security & Confidentiality

Security and confidentiality of information held by the University is of great concern not only to the University itself but also to its clients, staff, students and other people and organisations with which it has contact or conducts business. The University holds a great deal of information which contains personal details, is confidential or otherwise sensitive in nature.

Areas of the University creating records that:

  • are commercial-in-confidence;
  • are client-in-confidence;
  • are personnel-in-confidence; or
  • contain information whose compromise would cause damage to the University, commercial entities, students or members of the public

should ensure that appropriate measures are taken to ensure that records containing sensitive information are appropriately managed.

Measures to consider include ensuring that:

  • records containing sensitive information are identified;
  • access to such records is restricted to those with a legitimate business requirement;and
  • access to such records is restricted for the full life of the record, from creation to disposal, or until the information is no longer deemed sensitive.

What is sensitive information?

Sensitive information includes:

  • personal information;
  • financial or commercially sensitive information;
  • information given in confidence;
  • information relating to an investigation; and
  • information posing a security risk.

Security Guidelines

Records in all formats should be stored securely to prevent unauthorised access, destruction, alteration or removal. File locations should be kept up-to-date in TRIM to ensure that there is a history of all employees who have had access to a particular file.

If you are unable to guarantee secure storage, sensitive records should be returned to RAMS for secure storage.

Below are some guidelines on maintaining records security.

  • Access to records should be strictly controlled and restricted to those who have an identified ongoing need.
  • Caution should be exercised when using email to convey confidential or commercially sensitive information.
  • Security of records should be maintained for the entire life of the record or for as long as the information contained in the record remains sensitive.
  • Files containing sensitive or confidential information should be labelled appropriately.
  • The following are some situations containing potential risks where you should be conscious of records security:
    • When taking files out of the office – once files are out of the office it is much more difficult to maintain appropriate security measures.
    • Leaving files in the boot of your car.
    • Sensitive documents maintained on your laptop (laptop theft is common and is one of the high risk areas for unauthorised access to sensitive information).
    • Leaving your computer unattended while you are logged on.
    • Poor password management of University systems.
    • Making copies of documents that contain sensitive information (the more copies around the greater the risk of a breach in security).
    • Destruction of records – this is where security often breaks down. You should ensure that destruction of records is managed only by those who would normally have access to the files (excluding destruction contractors and RAMS staff).
  • The following questions can help when considering whether you have adequate security for your confidential or sensitive records:
    • Who has access to the area?
    • Can the records be locked away when the room is unattended?
    • Who has access to computerised data/documents?
    • What is the security in the buildings? Are there alarms, keycard access, after hours access?
  • Use lockable file shelving for sensitive/confidential records.
  • Legal documents (such as contracts, agreements, memoranda of understanding (MOU), etc) should be sent to RAMS. RAMS will scan the document, the image is saved to a restricted area in TRIM and the originals stored in a fire resistant safe.