View Current

Information and Records Management policy

This is the current version of this document. To view historic versions or versions that have not yet come into effect, click on the Historic or Future version links in the navigation bar.

Section 1 - Preamble

(1) This Policy was approved by the Vice-Chancellor on 4 June 2010 and incorporates all amendments to 27 October 2014.

(2) This Policy is pursuant to the Public Records Act 1973.

Governing Law

(3) The law governing information and records management at Deakin University includes both the common law and legislation, in particular:

  1. Crimes Act 1958 (Vic)
  2. Deakin University Act 2009 (Vic)
  3. Education Services for Overseas Students Act 2000 (Cth)
  4. Financial Management Act 1994 (Vic)
  5. Freedom of Information Act 1982 (Vic)
  6. Health Records Act 2001 (Vic)
  7. Higher Education Support Act 2003 (Cth)
  8. Information Privacy Act 2000 (Vic)
  9. Public Records Act 1973 (Vic)
Top of Page

Section 2 - Purpose

(4) This Policy documents requirements for the control of university data and information.

Top of Page

Section 3 - Scope

(5) This Policy applies to all University data, information and records, whether received, created, maintained, copied, disseminated or disposed of by the University in the course of its operations.

Top of Page

Section 4 - Policy

(6) All data and information held in the University and used by members of the University in their official capacities is considered to be a University asset, will be subject to University control and should be stored appropriately. Confidential, personal and proprietary data or information will be stored, to ensure, as far as is reasonably practicable, that it is protected from corruption, loss, unauthorised access and disclosure.

(7) The University will manage its information to ensure that it meets legislative requirements.

(8) All information held by the University, whether created or received, will have an Information Owner.

(9) No University information will be sold or have ownership transferred to a third party without the approval of the Vice-Chancellor.

(10) The University will manage its records throughout their lifecycle to ensure that they are a complete and accurate record of its business activities and that they remain the property of the University.

(11) The Records Unit will maintain an information and records management program that includes:

  1. guidelines, including requirements for information classification
  2. education and training activities
  3. a retention schedule, including instructions about the disposal and archiving requirements for records.

(12) To ensure that the confidentiality, integrity and availability of University Information is protected, staff members will only be provided with access to data and information in accordance with the requirements of their particular roles. Staff members authorised by the Vice-Chancellor or nominee may:

  1. monitor, audit or investigate the use and security of information (with the exception of electronic information, to which the process specified in the Information and Communications Technology Use procedure applies)
  2. for the purpose of providing secure and reliable information and records management and ensuring compliance with the common law, legislation and University policy, view all information held by the University.

(13) The Director, Corporate Governance, Risk and Compliance Services or nominee will receive and act on any notifications of alleged breaches of information and records management policy, procedures or guidelines.

Top of Page

Section 5 - Procedure

(14) Refer to the Information and Records Management procedure.

Top of Page

Section 6 - Definitions

(15) For the purpose of this Policy:

  1. Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
  2. Information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which a meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.
  3. Information Owner: the person who is responsible and accountable for information and records management for an organisational area of the University and who will ensure appropriate storage, access, use, distribution and disposal of the information and records.
  4. Record: recorded information created, received, used or maintained by the University in the transaction of business which provides evidence of University activities. Records contain information which reflects what was communicated or decided or what action was taken and therefore constitutes the evidence of activities.