View Current

Information and Records Management policy

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Preamble

(1) This Policy is effective from 19 July 2023.

(2) The law governing information and records management at Deakin University includes both the common law and legislation, including:

  1. Crimes Act 1958 (Vic)
  2. Deakin University Act 2009 (Vic)
  3. Education Services for Overseas Students Act 2000 (Cth)
  4. Financial Management Act 1994 (Vic)
  5. Freedom of Information Act 1982 (Vic)
  6. Health Records Act 2001 (Vic)
  7. Higher Education Support Act 2003 (Cth)
  8. Privacy and Data Protection Act 2014 (Vic)
  9. Public Records Act 1973 (Vic)
  10. Victorian Data Sharing Act 2017 (Vic).
Top of Page

Section 2 - Purpose

(3) This Policy documents requirements for the control of University data and information.

Top of Page

Section 3 - Scope

(4) This Policy applies to all University data, information and records, whether received, created, maintained, copied, disseminated or disposed of by the University in the course of its operations.

Top of Page

Section 4 - Policy

(5) The University will operate under the following principles developed by the Victorian Government for the Victorian public sector:

Principle 1 Information is valued and governed as an asset.
Principle 2 Information is created and managed digitally.
Principle 3 Information is fit for its intended purposes and is easy to find, access and use.
Principle 4 Information management capability is fostered and embedded into how the University does it work.
(See the Victorian Government’s Enterprise Solutions website or the University’s Information and Records Services website for further information.)

(6) All data and information held in the University and used by members of the University in their official capacities is considered to be a University asset, will be subject to University control and should be stored appropriately. Confidential, personal and proprietary data or information will be stored, to ensure, as far as is reasonably practicable, that it is protected from corruption, loss, unauthorised access and disclosure.

(7) All Relevant Documents will be classified according to the classification schema set out in the Information and Records Management procedure.

(8) The University will manage its information to ensure that it meets legislative requirements.

(9) All information held by the University, whether created or received, will have an Information Owner.

(10) No University information will be sold or have ownership transferred to a third party without the approval of the Vice-Chancellor or nominee.

(11) The University will manage its records throughout their lifecycle to ensure that they are a complete and accurate record of its business activities and that they remain the property of the University.

(12) The University Records Team will maintain an information and records management program that includes:

  1. Information Management Framework (as set out in clauses 5-7 of the Information and Records Management procedure), principles and guidelines, including requirements for information classification
  2. education and training activities
  3. a retention schedule, including instructions about the disposal and archiving requirements for records.

(13) To ensure that the confidentiality, integrity and availability of University information is protected, staff will only be provided with access to data and information in accordance with the requirements of their particular role. Staff authorised by the Vice-Chancellor or nominee may:

  1. monitor, audit or investigate the use and security of information (with the exception of electronic information, to which the process specified in the Information and Communications Technology Acceptable Use procedure applies)
  2. for the purpose of providing secure and reliable information and records management and ensuring compliance with the common law, legislation and University policy, view all information held by the University.

(14) The University Information Manager or nominee will receive and act on any notifications of alleged breaches of information and records management policy, procedures or guidelines.

(15) Information and records management is mandatory and required of all stakeholders including staff, contractors and volunteers.

(16) All Directors, Managers and Coordinator are responsible for monitoring staff under their supervision to ensure that they understand and comply with information and records management policies and procedures, fostering and supporting a culture within their workgroup that promotes good record management practices, assessing and monitoring compliance with this Policy and the Standards, and reporting any identified compliance breaches or incidents.

(17) All members of staff (including volunteers and those under contract) have a responsibility to create, capture and manage appropriately complete and accurate records of the University’s business, including records of decisions made, actions taken and transactions of daily business.

Top of Page

Section 5 - Procedure

(18) The Information and Records Management procedure documents how to comply with this Policy.

Top of Page

Section 6 - Definitions

(19) For the purpose of this Policy:

  1. data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
  2. information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which a meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.
  3. Information Owner: the person who is responsible and accountable for information and records management for an organisational unit of the University and who will ensure appropriate storage, access, use, distribution and disposal of the information and records.
  4. record: recorded information created, received, used or maintained by the University in the transaction of business which provides evidence of University activities. Records contain information which reflects what was communicated or decided or what action was taken and therefore constitutes the evidence of activities.
  5. Relevant Documents: any document or file produced by an employee of Deakin University in the course of their duties containing personal or commercially sensitive information.