|This procedure was approved by the Vice-Chancellor on 20 April 2005 and incorporates all amendments to 14 March 2014.|
|This document is pursuant to the Information and Communications Technology Use Policy.|
Data: individual facts or items of content, including symbolic representations that may form the basis of information (e.g. a date, a name, a number).
Information: a collection of data in any form, which may be transmitted, manipulated, and stored, and to which a meaning has been attributed. Information may include, but is not limited to: a written document, an electronic document, a webpage, an email, a spreadsheet, a photograph, a database, a drawing, a plan, a video, an audio recording, a label or anything whatsoever on which is marked any words, figures, letters or symbols which are capable of carrying a definite meaning to anyone.
Information and Communication Technology (ICT) Facilities: as defined in the Information and Communications Technology Use Policy.
Information and Communication Technology (ICT) Services and Materials: as defined in the Information and Communications Technology Use Policy.
Information and Communication Technology (ICT) User: as defined in the Information and Communications Technology Use Policy.
Monitoring and Access
|1||Authorised staff members will undertake routine monitoring of Information and Communications Technology (ICT) facilities, services and materials in the normal course of their duties to facilitate efficient operation and management, including to:
- protect the integrity and security of the system
- check network traffic and detect intrusions
- audit the ICT assets of the University
- aggregate activity and usage patterns
- investigate and repair system malfunctions
|2||Authorised Deakin eSolutions staff members can action a request to repair or restore an individual ICT user’s own data, as long as appropriate identification is provided by the ICT user.|
|3||Authorised Deakin eSolutions staff members can action a request by an information owner, or nominee, to repair or restore corporate data managed by their business area.|
|4||Staff members may request monitoring or access that may involve inspection of another person’s personal information and identifying data, in accordance with clause 5, only in the following circumstances:
- where access is necessary to prevent the business of the University being obstructed or delayed by the unavailability of an ICT user, subject to clause 8
- to investigate a breach or suspected breach of legislation or Deakin University policy
|5||All requests to monitor or access another ICT user’s data must be made in writing to the Executive Director, Information Technology setting out the reason(s) for making the request.|
|5.1||Where the Executive Director, Information Technology endorses the request, he or she will authorise a staff member to action the request with or without notice to the ICT user whose data is to be monitored or accessed.|
|5.2||Where the Executive Director, Information Technology does not endorse the request, he or she will notify the requestor in writing specifying the reason for rejection.|
|6||Authorised staff members will only monitor or otherwise access an ICT user’s data in the above circumstances.|
|7||The Executive Director, Information Technology will provide the results from the monitoring or access request only to the person who made the request and these results will be used by that person only in connection with the reason(s) for the request.|
|Absence of Staff Members|
|8||During any foreseen absence from the University, all staff members must ensure that data and information required to conduct the business of the University are accessible and that notification facilities, such as telephone and email out-of-office messages, are in place. In the event of unplanned leave, if practical the staff member should put such notifications in place from home or by contacting the IT Service Desk.|
|9||Failure to act in accordance with clause 8 may result in the staff member’s manager making a request to put notification facilities in place or to access the staff member’s data, to prevent the business of the University being obstructed or delayed, using the following process.|
|9.1||The staff member’s manager will attempt to contact the staff member and reach agreement about reasonable alternative arrangements.|
|9.2||If the staff member is not able to be contacted and/or reasonable alternative arrangements cannot be agreed upon, the manager will advise the head of the relevant organisational area.|
|9.3||The head of the organisational area must first be satisfied that reasonable efforts have been made to agree upon alternative arrangements and that the business of the University will be obstructed or delayed by the lack of access to the staff member’s data. If satisfied, he or she will make a request for the accessing of the data, pursuant to clause 5.|
|9.4||The manager must access the data on a need-to-know basis only, and will access only that data necessary to conduct the business of the University. The manager must keep a record of all data accessed and provide this to the staff member as soon as possible.|
|10||All staff members will include an appropriate Deakin University email signature on electronic and online communications sent from a Deakin University email account. A Deakin University email signature consists of identification of the sender and a confidentiality notice and must include the sender's name, position, organisational unit (e.g. School and Faculty, or Administrative Unit), campus, contact details (telephone, email), Deakin University website homepage address and Deakin University CRICOS code. The sender may include their mobile phone number and workdays. A Deakin University email signature may include promotion of Deakin University-sponsored activities but must not include unauthorised information about external affiliations or activities, special interest groups, trades union information, or personal views. Any addition or variation to the content of the staff signature must be authorised by the Executive Director, Information Technology.|
|11||Staff members must not automatically forward the entire contents of their mailbox, voicemail or other communications accounts to another ICT user. However, automatic forwarding may be used for a generic user account (e.g, firstname.lastname@example.org) and for filtered email that contains no personal information.|
|12||ICT users must be aware that electronic communications sent by them may be manually forwarded on and should compose communications accordingly. ICT users who do forward others’ communications on should use their judgment as to what is appropriate in each circumstance.|
|13||The Executive Director, Information Technology may deny or restrict ICT users’ access to internet sites that he or she reasonably considers to contain inappropriate content.|
|14||ICT users must immediately report any suspected or perceived breach of the Information and Communications Technology Use Policy or legislation to the Executive Director, Information Technology.|
|15||The Executive Director, Information Technology may deny or restrict an ICT user’s access to the University’s ICT facilities, services and materials, and/or remove or disable access to potentially offensive material, as a result of violations of the Information and Communications Technology Use Policy, pending further investigation, disciplinary and/or judicial action.|
|15.1||In relation to electronic and online communication material, including email, ICT users may be subject to the laws of the jurisdiction in which the communication material is received or from which it is sent.|
|16||If the Executive Director, Information Technology is satisfied, based on investigations made pursuant to clause 4 point 2, that a violation of policy and/or law has occurred, the Executive Director, Information Technology will:
- deal with violations by students in accordance with Regulation 4.1(1) General Misconduct and in so doing will consult the student’s Pro Vice-Chancellor and the head of any organisational area whose services are involved
- deal with violations by staff members by either referring the violation to the Executive Director, Human Resources Division, who may deal with the matter under the University's Staff Discipline Policy, and/or require the staff member to reimburse or pay any costs associated with the staff member’s unauthorised use of any ICT facilities, services or materials
- deal with violations by other ICT users by referring the violation to the University Solicitor’s Office
|17||The Executive Director, Information Technology will inform the ICT user of the decision in writing within 5 working days of the decision being made.|
|Limitation of Liability|
|18||The University takes no responsibility for personal use of the University’s ICT facilities, services and materials.|
|19||The University takes no responsibility for non-delivery or loss of any electronic or online communication or any attachment and will not be liable for any loss, including indirect or consequential loss, as a result of the use of the University’s ICT facilities, services and materials.|
|20||While the University will endeavour to ensure the secure transmission of electronic or online communications, it does not guarantee the ability to deliver electronic or online communications to their ultimate destination.|
Code of Conduct
Discrimination or Sexual Harassment Complaints by Staff Members and Associates Procedure
Equity and Diversity Policy
Information and Records Management Policy
Information Technology Service Provision Policy
Information and Communications Technology Security Policy
Staff Discipline Policy
Workplace Bullying Policy
The Chief Digital Officer is responsible for the development, compliance monitoring and review of this procedure.
The Executive Director, Information Technology is responsible for the promulgation and implementation of this procedure throughout the University.