Document Feedback - Review and Comment
Step 1 of 4: Comment on Document
How to make a comment?
1. Use this to open a comment box for your chosen Section, Part, Heading or clause.
2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.
3. Do not open more than one comment box at the same time.
4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.
Important Information
During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:
-
DO NOT jump between web pages/applications while logging comments.
-
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
-
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
-
DO NOT exit from the interface until you have completed all three stages of the submission process.
(1) This Procedure is effective from 31 May 2022. (2) This Procedure includes the following schedule: (3) This Procedure governs the University’s approach to the management of privacy incidents and suspected or actual privacy breaches. (4) This Procedure applies to all staff and associates of the University. (5) This Procedure is pursuant to the Privacy policy. (6) A Privacy Breach is the unauthorised use, access, disclosure, modification or loss of personal information, whether deliberate or inadvertent. (7) Examples of Privacy Breaches include inadvertently sending personal information to the wrong email address, deliberate intrusion into University records or information and communication technology (ICT) systems by external parties, loss or theft of computers, portable devices or hard copy documents. (8) A Privacy Incident is an event that did not result in a Privacy Breach but had the potential to do so. A Privacy Incident may be caused by process, system or technology weaknesses. Staff are encouraged to report a Privacy Incident to their leader. Recurrent Privacy Incidents should be reported to the Privacy Officer. (9) Management of a Privacy Breach consists of four steps: (10) All staff and associates must promptly take all reasonable steps to contain a suspected or actual Privacy Breach to limit or prevent any further access to or distribution of the affected personal information. (11) Depending on the nature of the Privacy Breach those steps may include: (12) All available evidence relating to the Privacy Breach must be preserved. (13) All staff and associates must notify their leader or contractor officer as soon as possible after becoming aware of a suspected or actual Privacy Breach. (14) On receipt of notification, the leader or contractor officer must immediately: (15) On notification of a Privacy Breach the Privacy Officer will make a preliminary assessment of the Privacy Breach with reference to Schedule A: Privacy Breach Risk Matrix, and other relevant factors, and will notify the Executive Vice-President Futures and Chief Information and Digital Officer of the nature and scope of the Privacy Breach, including any mandatory breach notification obligations or contractual obligations to notify third parties. (16) In consultation with the Executive Vice-President Futures and Chief Information and Digital Officer, the General Counsel will notify the police if the Privacy Breach involves or may involve criminal activity. (17) The Executive Vice-President Futures and Chief Information and Digital Officer may direct that: (18) If the Critical Incident Management Team is convened, its direction will take priority over the balance of this Procedure. (19) If an investigation is required, it will be undertaken by the head of the relevant organisational unit, with the assistance of other subject matter experts as required and with the advice of the Privacy Officer. (20) If a head of organisational unit has or may be perceived to have a conflict of interest, they must not participate in the investigation other than to provide information at the request of the investigators. (22) The head of the relevant organisational unit (or investigator if the head is conflicted) will document the investigation in a report to the Privacy Officer. The report will cover the matters specified in clause 21 of this Procedure and have regard to the assessment and advice provided by the Privacy Officer. (23) The Privacy Officer may make additional recommendations to the head of the relevant organisational unit. (24) The head of the relevant organisational unit is responsible for implementing and monitoring corrective and/or preventative actions recommended in the report and by the Privacy Officer. (25) The Privacy Officer will: (26) For the purpose of this Procedure:Privacy Breach Management procedure
Section 1 - Preamble
Section 2 - Purpose
Section 3 - Scope
Section 4 - Policy
Section 5 - Procedure
Identification
Management
Containment and Preservation
Notification and Assessment
Investigation
Correction and Prevention
Reporting
Top of PageSection 6 - Definitions