To operate and deliver services to staff, students and the community, UQ collects and manages information. Although our IT systems help to protect this information, the UQ community plays a key role in ensuring sensitive information is kept safe. Below we will outline your responsibilities in terms of data privacy and ethics.
Data privacy
Data privacy relates to how a piece of information or data should be protected from unauthorised access, use and disclosure based on its confidentiality, integrity and availability needs.
As a UQ employee, you have certain responsibilities in terms of data privacy. These include:
- You must access, share and store information appropriately.
- Be aware of what constitutes Personally identifiable information (PII) and handle it responsibly.
- Understand UQ’s Information Security Classification Procedure, and handle data as per its information security classification. Guidance is available via the ‘Procedures’ tab in the Information Management Policy.
- If you accidentally share information to an unintended recipient, alert IT Support.
You may also like to consider your data privacy at home, for example,
- Know what you are sharing online. Guard your personal information such as your date of birth, telephone number and address.
- Keep your work and personal presences separate.
- Review your privacy settings on social media accounts.
Data ethics
Data ethics is concerned with the moral standards applied and assessments made when working with data. It involves a range of considerations for which you use your discretion. Another way to frame data ethics is around the following question; “Just because I can, should I?”
If you use UQ data, or data in general, as part of your role (e.g. creating reports or dashboards), you should incorporate data ethics into decision making when using data. Some considerations include:
- Privacy: reasonable effort needs to be made to preserve privacy, especially if others are accessing this data. Do you have PII you need to de-identify?
- Consent: do you require consent or a Data Sharing Agreement to use the data?
- How is the data you are working with being used/interpreted by others (for example downstream uses)?
- Always follow the law and UQ’s policies, but understand that this is just a minimum expectation.
- Be wary of collecting data just for the sake of having data.
- Use practices that incorporate transparency, configurability, accountability and auditability.
More information
- The Information Management Policy outlines expectations and requirements for the governance and management of information at UQ.
- The Information Governance and Management Framework outlines your roles and responsibilities in relation to creating, using, sharing and managing UQ’s data.
- Contact the ITS Data Strategy and Governance Team for more information or training.