Appendix 2 Responsible Officers for Data Breach Notifications

Policy Procedures Appendix 2 Responsible Officers for Data Breach Notifications

Appendix 2 Responsible Officers for Data Breach Notifications

Print Friendly and PDFPrint Friendly

Appendix 2 Roles and Responsibilities

All staff

Only access personal information where this is necessary for work purposes. Personal information must be protected against loss, unauthorised access or modification, disclosure or misuse and managed in accordance with University policy and procedures. If a staff member becomes aware of a suspected data breach, they are to contact the Information Privacy Officer as soon as possible with as much information as is available.

Personal Information (PI) Custodian

Ensure the security and access controls of personal information in accordance with University Policy and Procedures.

Notifiable Data Breach Response Team

The Notifiable Data Breach Response Team comprises:

Critical Incident Coordinator

Chief of Staff

Vanessa Cannon

Leading the response team, assess the risks from the breach and appropriate response, and reporting to the University Executive and Council as appropriate

Information Privacy Officer

Deputy University Secretary

Ian Troupe

Undertake preliminary assessment of eligible data breach or not and to bring privacy expertise to the team

Information and Communication Technology

Director, ICT

Jonathan Churchill

To establish the cause and impact of a breach involving ICT systems.

To provide advice under the ICT Acceptable Use Policy and Procedures.

Information and Communication Technology (as required)

ICT Security and Risk Specialist

To assist in reviewing security and monitoring controls related to the breach (for example, access, authentication, encryption, audit logs) and to provide advice on recording the response to the data breach

Records Management expertise (if appropriate)

Manager, Records

Chezelle Boevink

To assist in reviewing security and monitoring controls related to the breach (for example, access, authentication, encryption, audit logs) and to provide advice on recording the response to the data breach

Legal Advisor

University General Counsel

Fiona Macdonald

To identify legal obligations and provide advice

Media

Head, Media and Communications

Richard Davis

to assist in communicating with affected individuals and dealing with the media and external stakeholders

Human Resources (if appropriate)

Director, Human Resources

To coordinate matters relating to breaches of policy and alleged misconduct or serious misconduct.