Skip to main contentData Migrators Documents

Information Governance Policy

This page describes Data Migrators’ policy on information governance.

Overview

Data Migrators is committed to managing Information as an organisational asset that is created, used and shared effectively while meeting legislative requirements.

Information governance provides the framework, strategic objectives, policies and standards to manage Information as an asset. This policy, supporting procedures and associated resources support effective Information governance to optimise the integrity, security, availability and quality of DM Information.

Purpose

This policy establishes the framework and principles for effective data and information (Information) governance which supports the functions and activities of DM.

Scope

This policy applies to all individuals who manage, handle or process DM Information, including DM staff, contractors, visitors and partners. This also includes third parties (suppliers) and agents of the organisation who are bound to DM policy where their contract of engagement with the organisation specifically provides for this.

This policy applies to the creation, storage, management, control, access, transfer and destruction of Information throughout its lifecycle in all its forms: both in digital and non-electronic formats.

Policy

Principles

Data Quality from creation - DM implements procedures and practices to ensure that Information is captured accurately and completely, and that the quality of Information is monitored, managed and continuously improved throughout its lifecycle.

Information is discoverable - DM Information classification is applied to enable appropriate management of Information, to ensure Information is easy to find and to promote its re-use.

DM supports openness and collaboration - DM Information is accessible and transparent. Access to Information should only be restricted when required by legislation, policy or contract.

Information is protected from unauthorised access, use and disclosure - DM Information is managed in accordance with procedures and resources established by this policy, the Privacy Policy, and the Information Technology and Security Policy.

Information is retained, managed and disposed of lawfully and ethically – DM Information collection, creation, use, re-use and exchange is performed according to ethical practices, applicable laws and with due consideration for individual privacy.

DM is a digital organisation - Information is created and retained in a digital format unless otherwise required by legislation.

A data-literate workforce - DM is committed to ensuring that staff have the knowledge, competencies and ability to interact with Information in their roles.

Information Governance Framework

The Information Governance Board provides advice and recommendations for strategy, policy and risk-related matters impacting DM’s Information.

Information Governance priorities are guided by the value of Information to DM, government and the community over time, considering the risks of improper management of Information.

DM is the custodian of all Information managed by DM. No individual function or group own any part of Information.

An individual assumes the role of Information Custodian when DM Information is in their possession.

Information Governance controls are defined in consultation with Information Stewards. The Information Stewards Group is established to provide operational support and recommendations to the Information Governance Board.

Responsibilities

All individuals who manage, handle or process DM Group Information as set out in the scope of this policy are responsible for:

  • ensuring that they understand and adhere to the framework and principles established by this policy
  • managing DM’s Information in accordance with procedures and resources under this policy, the Privacy Policy and Information Technology and Security Policy
  • supporting a culture that promotes good Information governance practices and reporting any identified compliance breaches or incidents.

Information Custodians are:

  • responsible for ensuring that appropriate controls and processes are in place for the protection of Information under their custodianship in accordance with all applicable policies, legislation and contractual agreements
  • accountable for decisions and implications of access to Information under their custodianship. This includes Information sharing and access, movement of Information, physical protection and integration between systems.

The Information Governance Board and its members are responsible for:

  • providing strategic direction and advocating for Information governance in the best interests of DM.

Information Trustees are:

  • accountable for Information governance decisions that impact how Information is managed in their Information Domain
  • responsible for nominating Information Stewards for their Information Domain.

Information Stewards are responsible for:

  • providing operational support to Information Trustees and relevant stakeholders for Information within their respective domains as set out in the Information Domain Register
  • taking steps to improve the quality and compliance of Information identified as high-priority to DM.

The Chief Data and Analytics Officer is responsible for:

  • overseeing Information governance at DM to ensure effectiveness and fitness for purpose
  • establishing an Information Governance Network comprised of Information Stewards and Information Trustees
  • promoting a data-driven culture and encouraging DM staff to develop capability, competency and knowledge to interact with Information in their roles.

The Chief Information Officer is responsible for:

  • providing Information Technology services for storage, processing, safekeeping and the integrity of Information in digital formats under the custodianship of DM
  • implementing appropriate safeguards without creating unjustified obstacles to the conduct of DM operations and the provision of services, as specified in the Information Technology and Security Policy.

The Chief Information Security Officer is responsible for:

  • implementing appropriate Information and Information security controls, processes and technologies to protect DM from cybersecurity threats monitoring and improving the effectiveness of security controls for Information in digital formats under the custodianship of DM.

The Privacy Office is the first point of contact for privacy matters within DM and is responsible for:

  • overseeing responsible handling of personal, sensitive and health information in all its forms, consistent with relevant legislation, as specified in the DM Privacy Policy.

Exceptions

Any exception to the policy must be approved by the DM directors in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

This policy is to be read in conjunction with existing University policy documents which include but are not limited to the following:

  • Research Policy
  • Privacy Policy
  • Information Technology and Security Policy
  • Intellectual Property Policy

Definitions and Terms

n/a