ANU Privacy update
Privacy – it is all about you.
ANU recognises that privacy is very important.
The way we collect, use, disclose, secure, and dispose of personal information is governed by our compliance with, and obligations as an 'agency' under the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).
Are you creating University records?
In the course of university business, you will create and update official university records. These records are essential for documenting important decisions, agreements and approvals.
What are records?
If you are writing a report (including selection reports), sending an email to a colleagues (inside our outside the university) or students, you may well be creating a record. Go to this page for information about what is a record.
Your email, report or other document should be clear, concise and contain only the pertinent information relevant to the action, final decision or approval. To protect personal, sensitive and corporate information, is should contain only the essential information and be recorded in the appropriate system.
Recording information that does not form part of the record increases the risk that information could be lost or improperly disclosed.
For more assistance with understanding recordkeeping requirements, please visit the ANU Recordkeeping website.
Streamlining privacy assessments for surveys
The ANU Privacy Office is committed to reducing administrative loads, whilst maintaining best privacy practice.
To streamline the process of assessing privacy impacts for surveys, the Privacy Office has developed the non-standard survey privacy assessment. This short questionnaire will take 5-10 minutes to complete and identify if there are privacy risks with the survey process.
This allows the University to ensure we are taking the appropriate steps to protect the privacy of survey participants, but only requiring a full Privacy Impact Assessment (PIA) for surveys that pose privacy risks.
For more information, refer to the non-standard survey privacy guidance or contact the ANU Privacy Office on privacy@anu.edu.au
Don’t go phishing
Data breaches remain the number one privacy concern for Australians (OAIC) and phishing is one of the most common ways that scammers will attempt to gain access to personal information and account credentials.
Do you know how to spot a phishing attempt?
As we become more aware of phishing tactics, scammers are becoming more sophisticated and like to impersonate major Australian and global service providers.
ANU offers online training to help you identify and prevent phishing attacks, both at work, and in your personal online activities. Knowing how to identify a phishing attempt could save you, your family and the University from significant privacy and security breaches.
For more resources, check out ANU Cyber Sense and live safely online.
That’s a wrap – Privacy Awareness Week
Privacy Awareness week was held in May, and called on Australians to ‘power up your privacy’.
If you missed it, it’s not too late to make time to think about your personal privacy, both online and in the real world. With a few simple actions, you can make things safer for yourself and people close to you.
Here are some steps you can take to ensure you are up to date with current privacy protection practices:
- complete the ANU Privacy Awareness training in Pulse
- sign up to the Privacy@ANU SharePoint for the latest news and guidance
- take the quick quiz to test how powered up your privacy knowledge is
- complete the ANU CyberSense training in Pulse
- check your passwords are secure
- if you use social media, go to your account settings and check what information you have publicly visible.
OAIC launches legal action against Medibank
The Australian Information Commissioner has launched legal action against Australian insurer, Medibank Private, in relation to a 2022 cyber attack.
The Information Commissioner found that Medibank had breached the Australian Privacy Principles by failing to take reasonable steps to protect the personal information of more than 9 million Australians from misuse and unauthorised access.
This serves as a reminder to all ANU staff of the obligations we have to protect the personal and sensitive information we handle as part of University business. It is not enough to simply rely on the systems ANU has put in place. While information security plays a critical role in protecting personal information, all staff must ensure they are following University policy, procedures and training guidelines.
If you aren’t sure about your privacy obligations as a staff member, please ensure you complete the ANU Privacy Awareness Training module in Pulse.
We all have a part in protecting the privacy of students and staff and ensuring the University meets the expectations of our community.
Looking for more privacy advice?
For assistance with any privacy questions please visit the ANU Privacy website or reach out to the ANU Privacy team. They are here to support any privacy needs and can provide a customised information session for your local area.