New Data Handling Procedure released

27 August 2020

In response to Information Security threats to UQ’s information assets, the Enterprise Data Governance Program has released a Data Handling Procedure which defines how to protect and handle data and information at UQ. The procedure outlines data handling requirements for data, information and records in digital/electronic format at UQ and provides clear direction and a more effective approach to securing and safeguarding valuable University digital information assets. The procedure is now available in the Policy and Procedures Library (PPL) and should be read in conjunction with the Information Management Policy and the Information Governance and Management Framework. The Data Handling Procedure applies to all University staff and students as well as any groups or individuals authorised by UQ to access University information.

The last decade has seen a sharp rise in cyber security attacks on organisations. According to The Office of the Australian Information Commissioner, between July and December 2019, there were 537 notified data breaches in Australia. To ensure our University information, systems and intellectual property remain safe, we must control and/or mitigate internal and external threats on our information assets.

The development of the Data Handling Procedure has been a collaborative effort, involving input and feedback from many UQ areas and subject matter experts, and was informed by a comprehensive threat analysis of data and information at UQ.

Although this is an enterprise-wide procedure, the audience is mainly the technical community. It is important to note that the Data Handling Procedure outlines the ‘ideal’ state for controls at UQ and may include capabilities that are not currently implemented or available. We appreciate that some of these controls may require an investment or impact user experience if enforced, and the usual exception procedure may apply.

If you have further questions, or are unsure of how the Data Handling Procedure impacts you or your work, please contact the Enterprise Data Governance Program for advice.