I.T.

Master Data Management Policy

Policy Code: IM1972

Purpose

Federation University Australia is committed to the appropriate storage of information in support of its teaching, administrative and support functions. The University acknowledges its obligation to ensure appropriate security of personal data in relation to all relevant legislation while providing approved data storage solutions to accommodate the varying needs of the University community. University data is recognised as a valuable asset and will be efficiently managed and availed through development of a best practice approach to data management.

This policy mandates a range of associated University policies and procedures developed to ensure the integrity, authenticity, availability, access, confidentiality and security of data produced and/or utilised by the University through minimising duplication and fragmentation and introducing internal controls to mitigate identified risks.

Through its associated procedures the University will:

  • define the roles, responsibilities and accountability for different data usage
  • ensure best practice processes for effective data management including access, retrieval, reporting, managing and storing
  • protect the University’s data against internal and external threats.

The University is also required to produce evidence of its activities to external regulators, internal auditors, accreditation and funding bodies. Adherence to this policy will ensure the University is able to meet this requirement.

The University’s Research Data Management Policy and Research Data Management Procedure (in draft) governs responsibilities and processes for the ownership, storage, retention, accessibility for use and reuse and/or disposal of research data in accordance with the Australian Code for the Responsible Conduct of Research.

Scope

This policy applies to all University data produced, collected, stored and/or utilised by members of the University’s community.  It does not apply to data used for the purpose of academic research.

While partner provider organisations are supported through the use of specific University information technology systems, this policy does not apply to non-University related data created, managed or stored by these organisations.

Legislative Context

  • Federation University Australia Act 2010
  • The Higher Education Support Act 2003
  • The National Code of Practice for Registration Authorities and Providers of Education and Training to Overseas Students made under the Education Services for Overseas Students Act 2000 (ESOS)
  • Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
  • Information Privacy Act 2000 (Victoria)
  • Electronic Transactions Act 2000 (Victoria)
  • Public Record Act 1973 (Victoria)
  • Australian Copyright Act of 1968
  • Evidence Act 1958 (Victoria)
  • Australian Code for the Responsible Conduct of Research (2007)
  • OECD Principles and Guidelines for Access to Research Data from Public Funding (2007)
  • Australian Qualifications Framework (AQF) Second Edition January 2013
  • Australian Skills Quality Authority (ASQA)
  • Higher Education Standards Framework (Threshold Standards) 2011
  • Tertiary Education Quality and Standards Agency (TEQSA)
  • Higher Education and Skills Group (HESG)
    • 2014 – 2016 VET Funding Contract

Definitions

Term Definition
Authorised person An individual or group of people who have been authorised to use and/or store data on the University’s approved data storage system/s
Copyright Intellectual property right that protects a body of work, not for ideas or information, but for the form in which they are expressed, from unauthorised use and is applied automatically when a work is created without the need to register or comply with formalities
Data Data and records collected, created and/or maintained by the University including digital and non-digital information which can generally be assigned to one of the four data categories of public, general internal, protected or restricted
Data dictionary Centralised repository of information about data such as meaning, relationships to other data, origin, usage and format
Data management Defines the access rights, roles and responsibilities in relation to the management and protection of University data
Data integrity Data accuracy and consistency over its entire lifecycle
Data owner An individual or group of people accountable for specific data that is created, transmitted, used and stored on a system within the University
Data quality Data currency, validity and relevance
Faculty Federation University Australia has a number of Academic Organisational Units – click here for details
Intellectual property (IP)(including patents and trademarks)

IP is the application of the mind to develop something new or original, existing in various forms – a new invention, brand, design or artistic creation

A patent is a legally enforceable right that is granted for any device, substance, method or process that is new, inventive and useful

A registered trade mark is a legally enforceable right that is granted for a letter, number, work, phrase, sound, smell, shape, logo, picture and/or aspect of packaging

Metadata Describes information about data, such that data can be discovered, understood, re-used and integrated with other data; information described in a metadata record includes where and when the data was collected, created, organised, transmitted (where applicable) and last updated and who is responsible, allowing correct attribution to the creators of the work
Record Any record that is created or received by the University in the transaction of its business functions or resulting from research activities and retained as evidence of that activity which can include, but is not limited to, hard copy documents, electronic or digital records including email and information maintained as part of a database or business information system
Scholarly works Any article, book, musical composition, creative writing or like publication or any digital or electronic version of these works that contains material written by academic staff or student based on that person’s scholarship, learning or research but does not include work that is teaching material
Security Safety of University data in relation to access control, authentication, effective incident detection, reporting and solution, physical and virtual security, change management and version control
University data All data owned or licensed by the University
Users Persons who use information resources and have responsibility for ensuring that such data is used properly in compliance with this procedure

Policy Statement

This policy provides the following set of guiding principles to maximise the University’s data management capabilities to manage the needs of students, staff and other members of the University’s community who create, receive, store, access, transmit, use or dispose of data as part of their relationship to the University noting that both the types of data and requirements will differ:

Principle Demonstrated by:
Any record generated as a result of University activities is an official record under the Public Records Act 1973 (Victoria) and must be created, captured, stored and effectively managed within the University’s approved data storage and records management systems
  • utilising secure and reliable storage platform/s to manage data centrally – refer Data Storage Procedure; data stored on local PCs and laptops is the responsibility of the user and should be transferred to University’s sanctioned storage
  • capturing the activities and functions of the University to adequately represent institutional memory
The University’s data classification scheme standardises records’ structures and descriptions by contextualising the records within functions and activities
  • classifying data utilising the University’s information security classification so that it may be managed and secured in a manner appropriate with its sensitivity and importance - Refer Data Storage Procedure
  • categorising and using files consistently within the established classification scheme – refer Data Classification and Usage Procedure
The University protects the confidentiality of personal and health information it collects for both its own operations and the conduct of research
  • complying with the University’s Information Privacy Policy and Student Access, Progression and Wellbeing Policy
  • ensuring that all personal and health data is stored in accordance with the Australian Privacy Principles,  Ethical Conduct and other standards related to health records, as appropriate
  • storing completed participant consent forms required in the conduct of research projects, clinical trials or other approved University activities eg Open Days in accordance with National Guidelines and Standards
Ownership and rights associated with data created, collected and stored is clarified and managed appropriately
  • facilitating appropriate management of all data created or collected
  • determining inclusion of appropriate/sufficient details to ensure storage and access to records in accordance with any contractual agreements or sponsorship
  • ensuring that scholarly works and data created by staff or students is owned by their creator/s unless the status is otherwise altered giving intellectual property rights to the University
The legal context for the collection, management, storage and use of data is considered and addressed
  • identifying data which is likely to pose legal issues to ensure storage and access options are suitably managed
  • ensuring that any legal issues relevant to the collection, management and storage of data are addressed
Extensive metadata is built around the data to ensure quality information about its provenance, legal and technical framework, access rights, publication and disposal in line with relevant metadata standards
  • collecting and publishing metadata related to the data
  • keeping good records and contextual information to ensure data is easy to locate and accessible into the future
  • incorporating structured metadata eg properties which include title, author, subject, keywords, version control information, dates and additional comments within agreed standardised vocabularies and ontologies
Long term storage, archiving and disposal requirements are identified and implemented
  • managing appropriately the transition of data along the curation continuum eg private to public domain
  • considering and implementing solutions for storing and accessing ethnographic data, including language recordings
  • retaining data in compliance with minimum regulatory or funding retention periods eg five years to perpetuity and within legal and ethical requirements
  • disposing of data in an appropriate manner in accordance with the University’s Records Management Policy and Procedure
Data disaster recovery and activity continuity planning is in place
  • ensuring each organisational unit has created and continues to maintain a current business continuity plan
  • backing up on premise and cloud storage data in accordance with the defined schedules and server cloud agreements
  • ensuring adequate measures are in place to prepare for and manage in the event of a disaster or disruption to facilitate the resumption of University activities and minimise threats to the University’s information assets

Responsibility

  • Deputy Vice-Chancellor Student and Support Services is responsible for monitoring the implementation, outcomes and scheduled review of this policy and its accompanying procedure/s
  • Executive Director, Information Technology and Business Solutions is responsible for maintaining the content of this policy as delegated by the Deputy Vice-Chancellor Student and Support Services
  • Manager, Business Partnerships and Service Governance, Information Technology Services is responsible for the administration support for the maintenance of this policy as directed by the Executive Director, Information Technology and Business Solutions

Promulgation

The Master Data Management Policy will be communicated throughout the University community in the form of:

  • an Announcement Notice via FedNews and on the FedUni Policy Central’s Policy Library ‘Recently Approved Documents’ page to alert the University-wide community of the approved Policy;
  • notification to Organisational Units, Faculties, Directorates and other relevant parties
  • awareness raising sessions

Implementation

The Master Data Management Policy will be implemented throughout the University via:

  • an Announcement Notice via FedNews and on the FedUni Policy Central’s Policy Library ‘Recently Approved Documents’ page to alert the University-wide community of the approved Policy