Data and informationarevaluableassets.Informationprotection is important for many reasons, including:
protecting yourPersonallyIdentifiableInformation(PII)
protectingUQ’sinformation and decisions
protectingIntellectualProperty(IP)andresearchsecrets
toensurecompliance with legislation
toprotect thereputationofUQand researchers
and more.
UQ information that is leaked,manipulated or becomesunavailablemay lead toreputational, compliance, health and safety or financial damages.
Protecting your Personally Identifiable Information
The University collects confidential information and PII that can relateto:current staff and their partners or next of kin;business partners and clients; customers and other members of the public. This information needs to be protected in order to prevent that data being misused by third parties for fraud, such as phishing scams and identity theft.
Data protection is also crucial to help prevent cybercrimes by ensuring details(specifically banking)and contact information are protected to prevent fraud.
Confidential business decisions
Data breaches may lead to theunauthoriseddisclosureof anyUQ informationthat has been classified higher than ‘OFFICIAL - PUBLIC’.Thishas the potential to cause harm, serious harm or deformation to UQ, anotherorganisationor an individual.
Examples could include information on business decisions which could affect revenue,anorganisationalrestructure proposal,academic misconduct committee decisions, business cases,budgets, etc.
Legislation
There are many laws around data protection that University must comply with. Significant ones include:
Information Privacy Act 2009
Information Privacy Regulation 2009
Privacy Act 1988
University of Queensland Act 1998
Information Security Policy (IS18:2018)
Information Governance Policy.
In addition, there are myriad further Federal Acts, Queensland Acts, Federal Policies, Queensland Policies, Global Regulations (such as the GDPR), and evenresearch partnershipagreements may include further privacy stipulations.
Furthermore, the Australian Government’sNotifiable Data Breach Schemeimposes financial penalties for data breaches.
Protecting research data and Intellectual Property
UQ is a research institution, committed to ‘the pursuit of excellence’ and being at the forefront of many research endeavors. As such, the research data UQ researchers collect is valuable.
Intellectual property (IP) refers to creations or knowledge resulting from intellectual efforts. IP gives the owner the right to decide how others can use the creations.
In many situations, the research data or IP may beconfidential, hold research secrets, or even be collected in partnership with industry.
UQ commonly undertakesconfidentialresearch. For example: medicine, design, trade secrets,Aboriginal culture, or endangered species.
UQ has many agreements with funding bodies, hospitals, industry, governmentand other collaborators; these agreements contain obligations around confidentiality andIP.
In fact, nation state cyber threat actorscommonlytarget Universities and research institutions to obtainconfidentialresearch data.A data breach of research data collected for a research partnership with the Australian Defense Force (ADF) could put top-secret ADF information in the hands of an enemy state.
For more informationon IPsee theIntellectual Property for Staff, Students and Visitors - Policyor read the Library’sIntellectual Property and Copyrightmodule.
Protecting reputation
Organisationssuffer damage to their brand and reputation as the result of data breaches.The community maylose faith and trust in theorganisation, and its commitmentto privacy.
In addition, the leakage of confidential research data can impact a researcher, or research institution’s, reputation.