Document Comments

Bulletin Board - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Comment Icon to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Digital Technology Conditions of Use Policy

Section 1 - Audience and Scope 

(1) This policy applies to all users and uses of the University's digital assets. Examples of the University's digital assets include but are not limited to: 

  1. computing and network infrastructure used to create, store, process, or transmit information assets or data; 
  2. network connectivity services providing access to the internet, resources on-campus, controlled entities, and partnering organisations; 
  3. data, metadata, information assets, and machine learning and artificial intelligence models; 
  4. computing hardware including computers and mobile devices, storage media, peripherals, and printers; 
  5. computer-mediated reality technology; 
  6. software provided or managed by the University
  7. communication and sharing platforms; 
  8. cloud services; and 
  9. digital control and surveillance systems. 
Top of Page

Section 2 - Purpose 

(2) The University provides digital technology solutions to enable teaching, learning, research and administration activities.  

(3) The University has a responsibility to govern the use of its digital technologies including data, to protect its organisation, information assets and users from risks that could arise from their misuse. 

(4) All users of the University's digital assets must be aware of this policy and are expected to: 

  1. recognise its importance and be familiar with its provisions; 
  2. understand and adhere to their responsibilities and obligations; and 
  3. comply with this Policy as a condition of using the University's digital technology. 

(5) Any user who is unsure of the meaning of any terms or statements in this policy should seek advice by contacting DTS. 

(6) This document should be read in conjunction with supporting policies which include, but are not limited to: 

  1. Information Security Policy
  2. Records Governance Policy
  3. Privacy Management Plan
  4. Privacy Policy
  5. Intellectual Property Policy
  6. Responsible Conduct of Research Policy
  7. Staff Code of Conduct
  8. Student Code of Conduct
  9. Outside Work Policy
  10. Information Security BYOD Policy
  11. Fraud and Corruption Framework
  12. Public Interest Disclosure Policy
  13. Managing Cyber Threats while travelling.

(7) Legislation relevant to this Policy includes but is not limited to: 

  1. Privacy and Personal Information Protection Act 1998 No 133;
  2. Health Records Information Privacy Act 2002 (NSW)
  3. Higher Education Support Act 2003
  4. Healthcare Identifiers Act 2010
  5. Privacy Act 1988 (Cth)
  6. Copyright Act 1968
  7. Workplace Surveillance Act 2005 (NSW)
  8. Spam Act 2003
  9. Industrial Relations Act 1996
  10. Government Information Public Access Act 2009
  11. Criminal Code 1995
  12. Online Safety Act 2021;
  13. Surveillance Devices Act 2007 (NSW).
Top of Page

Section 3 - General Principles 

(8) Digital asset support the achievement of the University's objectives. The use and access to digital assets is subject to relevant state and federal laws and all relevant University policies, procedures and codes of conduct. 

(9) The misuse of digital assets presents risks to the University and as such access is not provided unconditionally. 

(10) Subject to delegated authority where relevant, the University reserves the right to: 

  1. grant, limit or withdraw access to its digital assets
  2. control the introduction, deployment, and ongoing management of digital technologies within the University's campuses, controlled entities, and cloud environments;
  3. continuously monitor the use of digital technology within the University, controlled entities, and cloud environments; 
  4. view, modify, copy, move, delete or otherwise handle data and information assets where it is reasonably contemplated for the prevention of risk or authorised by law, irrespective of any ownership or other rights claimed over the data or information assets
  5. undertake actions as required by law, legislation, and regulation; and 
  6. carry out enforcement and consequence actions for any activity which contravenes this policy. 

(11) The University accepts no responsibility for unavailability, loss, or damage of data or information arising from the use of the University's digital assets

(12) All users must comply with this policy with respect to digital assets. A failure to comply with this policy may result in:  

  1. for employees, disciplinary action taken under the Staff Code of Conduct, enterprise agreement, University policy and/or employment contract; 
  2. for service providers, may result in termination of any relevant contract with the University
  3. for all users (including those categories above), restriction or cancellation of access to the University's digital assets; and 
  4. for all users, where a failure to comply could also amount to criminal conduct, referral to the relevant external authority. 
Top of Page

Section 4 - Conditions of Use 

(13) All users of the University's digital assets must: 

  1. only access digital technology and data once authorised either through a University-provided identity (includes guest), University-provided account, or approval from the University;  
  2. only use the University's digital assets for authorised work, study or research, and limited personal use, unless by exception from the Chief Digital & Information Officer (CDIO) or their nominee; 
  3. only use the approved level of access; 
  4. ensure minimal personal use, and ensure personal use complies with all conditions of this policy and: 
    1. does not interfere with University operations; 
    2. does not burden the University with additional costs; and 
    3. does not expose the University to intolerable risk
  5. exercise lawful, ethical, equitable, and appropriate behaviour while using digital assets
  6. exhibit care and due diligence to ensure the University's digital assets are protected from damage and cyber security threats; 
  7. ensure that the usage and characteristics of personal devices that interact with the University's digital assets meet all the applicable requirements of this Policy and all other relevant policies;
  8. take responsibility for all activities originating from their University-issued identity or account, including all information sent, requested, solicited or viewed; 
  9. abide by any instructions given by the CDIO or their nominee in relation to the University's digital technology. Such instructions may be issued by notices displayed in the vicinity of computing facilities, by letter, by electronic communication, in person or otherwise;
  10. immediately report actual or suspected breaches of this Policy to Digital Technology Solutions (DTS).  

(14) Access to University digital assets may be suspended or removed by the CDIO, System Owner or other authorised nominee based on a period of inactivity by the user of no less than 90 days.  

(15) Inappropriate and/or misuse use of the University's digital assets may be deemed misconduct and dealt with accordingly, including loss of access to digital assets

(16) Inappropriate and/or misuse of the University's digital assets includes but is not limited to: 

  1. Using digital assets:
    1. in a manner that is harassing, discriminatory, defamatory, vilifying, abusive, rude, insulting, threatening, or obscene;
    2. in such a way as to cause embarrassment or loss of reputation to the University;
    3. to impersonate or falsify information about other persons; 
    4. to create, access, store, process, or transmit pornographic or offensive material or any other content that is considered illegal or immoral; other than with specific written approval from an authorised University Officer for research related purposes. Where an approval is granted, users must exercise caution, including the use of a secure storage location to avoid undue circulation or access to files;  
    5. in a manner that constitutes an infringement of copyright or infringes a person's moral rights; 
    6. to collect, use, store or disclose personal information or health information in ways that breach the University's Privacy Management Plan
    7. for unauthorised profit making or commercial activities;
    8. to distribute unsolicited and/or unapproved advertising materials on behalf of the University or from organisations that have no connection with the University or involvement in its activities; 
    9. in a manner which is intended or likely to corrupt or damage data, software or hardware, either belonging to the University or to anyone else, whether inside or outside the University network; 
    10. to gain, or attempt to gain, unauthorised access to any computer service; 
    11. to exploit vulnerabilities in systems or use any technology designed to locate such vulnerabilities or circumvent security systems; 
    12. to perform or attempt to, create, install, or execute any form of malicious software; 
    13. for unauthorised cryptographic calculations, including crypto mining; 
    14. to eavesdrop or intercept the communication or transmission of data or information. 
  2. Facilitating or permitting unauthorised use of the University's digital assets
  3. Making unauthorised configuration changes to the University's digital assets
  4. Circumventing IT and cyber security controls, whether owned or managed by the University or any other party. 
  5. Uploading or submitting University data to unauthorised systems or organisations. Examples include but are not limited to cloud storage or archival services, personal email services; and artificial intelligence. 
  6. Avoiding surveillance of the use of the University's digital technology. This includes using virtual private networking (VPN), encryption, obfuscation, encapsulation, encoding, or any other means to avoid surveillance. 
  7. Using, deploying or otherwise introducing unauthorised applications, services, devices, network interconnectivity, or cloud services to the University's digital environment. This includes the use of applications and services listed in this Knowledge Base Article

(17) Users under 18 must have parental or guardian permission to access the internet with their University-issued user identity or account. 

(18) Users seeking to introduce or deploy digital technology within the University are required to seek authorisation from the CDIO or their nominee. 

Top of Page

Section 5 - Monitoring of Use 

(19) Any monitoring and audit activities performed will be subject to law or a legally binding agreement. 

(20) The University will conduct lawful surveillance of its digital assets on a continuous and ongoing basis. For the purposes of the Workplace Surveillance Act 2005 (Cth), this policy constitutes written notice of the University's computer surveillance of its employees. 

(21) The University may audit, whether directly or via independent third parties, its digital assets

  1. used under the context of a University user or device identity, whether issued or managed by the University
  2. used in the pursuit of University related business, research, or teaching activities; and 
  3. used within the geographic boundaries of University land, subterrain, and airspace. 

(22) Use of the University's digital assets deemed inconsistent with any terms specified in this Policy may be investigated by the University. Written approval by an authorised nominee is required for any investigation activity.  

(23) Computer surveillance may be carried out by the University by: 

  1. recording the detailed logs of all transactions and use by users of the University's digital assets
  2. accessing University email accounts, archives, backups or emails; even where the user has deleted an email, the University may still retain archived and/or backup copies of the email; 
  3. accessing files stored on network drives, computers or in cloud services to which the University has administrative access; even where the user has deleted a file, the University may still retain archived and/or backup copies of the file; 
  4. accessing University owned work computers, including computer security and event logs; 
  5. recording network traffic activity including internet usage (including sites and pages visited, files downloaded, video and audio files accessed and data input) and accessing these records; 
  6. accessing system and event logs and login activity relating to the University's digital assets
  7. monitoring on a continual basis, through manual analysis and automated correlation activities using the University's Security Information and Event Management (SIEM) solution; and 
  8. obtaining location data for users to validate identity when accessing the University's digital environment.  

(24) Subject to requirements under law, University users acknowledge that as a result of this computer surveillance, the University may prevent, or cause to be prevented, delivery of an email sent to or by, or access to an internet website by, the user. 

(25) As soon as reasonably practicable, the University will notify an employee where an email has not been delivered except where: 

  1. the email was a commercial electronic message within the meaning of the Spam Act 2003 (Cth)
  2. the content or any attachment to an email would or might result in an unauthorised interference with, damage to or operation of, a computer or computer network of the University or any program run by or data stored on such a computer or computer network; 
  3. the email or any attachment would be regarded by a reasonable person as being (in all circumstances) harassing, menacing or offensive; or 
  4. the University is not aware (or could not reasonably be expected to be aware) of the identity of the employee that sent the email or that the email was sent by an employee. 

(26) The University will not prevent the delivery of an email or access to a website merely because: 

  1. the email was sent by or on behalf of an industrial organisation of the employees or an officer of such an organisation; or 
  2. the website or email contains information relating to industrial matters (as defined in the Industrial Relations Act 1996 (NSW)

(27) Each user acknowledges that the University may be required to produce the records it has obtained (as a result of the monitoring it has undertaken in relation to its digital assets) as a result of a request authorised by law, for example, the Government Information (Public Access) Act 2009

Top of Page

Section 6 - Exceptions 

(28) Exceptions to this policy may be requested by a user in writing to the CDIO subject to any relevant delegation of authority. Exceptions will be assessed based on their risk and value to the University, and any compensating controls. 

Top of Page

Section 7 - Roles and Responsibilities 

(29) The CDIO is responsible for: 

  1. the development and maintenance of this policy; 
  2. ensuring that users are aware of this policy; 
  3. monitoring use of the University's digital assets
  4. compliance to this policy and related enforcement actions; 
  5. investigating and reporting on suspected breach of this policy. 

(30) The System Owner or Information Owner or their nominee is responsible for granting and managing authorisation to use a digital asset. 

(31) System Owners are responsible for assessing a user’s suitability for authorisation, and for granting and revoking authorisation within the bounds of the digital assets for which they are responsible.