9 Things you had wished you had known about compliance…(student data focus) Today’s Program 1. Opening & Welcome - Chris Penman - Vice-Principal and General Counsel 2. Records Services - Catherine Nicholls and Lucinda Davies - Disposal & Student Data 3. Copyright Office - Helen Thomson - Using Examples of Student Work 4. Internal Audit - Louise Fastuca - Preparing material for examinations and other issues including travel diaries 5. Legal Services - Mina Freeman - Privacy Policy issues 6. Closing - Catherine Nicholls
9 Things you had wished you had known about compliance…(student data focus) Disposal & Student Data Records Services - Catherine Nicholls and Lucinda Davies
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services Introduction to Disposal What is disposal? Disposal is a ‘jargon’ word we recordkeepers like to use…essentially it’s the practice of determining what records can be kept (and for how long) and what records can be turfed (and when can they be turfed).
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services What does “Disposal” mean for you? Our disposal schedules are available here CONTACT: LUCINDA DAVIES – or xt for help on
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services PART ONE - FACULTY STUDENT FILES ENTRYCLASS/ACTIVITYDISPOSAL ACTIONCUSTODY/ TRANSFER 1.1.FACULTY STUDENT FILES [1] [1] 1.2 Postgraduate Student Files: Masters by Research/ Coursework/Postgraduate Diplomas or equivalent. Includes records relating to: admission, enrolment, cancellation, discontinuation, candidature, scholarships, examinations, progress reports, thesis, travel. Discipline cases leading to termination under Statute 13.1 Student Discipline Exclusion for Health Reasons under Statute 11.4 Destroy 3 years after completion or termination Retain Permanently Faculty Office / Graduate Studies Faculty Office / Graduate Studies then transfer to Records Services 1.3 PhD StudentsRetain PermanentlyGraduate Studies then transfer to Records Services [1] [1] In cases where obligations to students for example the provision of academic transcripts, cannot be met via MERLIN (as may be the case with records created by amalgamated and affiliated institutions pre amalgamation / affiliation) it is likely that the student files will be of continuing value. In these instances Records Services should be contacted for further advice.
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services These are the sentences for postgrad files! However, we realise that other variations or situations may arise with their management, and we are always happy to hear from you about how you are managing your postgrad files and if you have questions.
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services There could be a range of possibilities like: Duplicate files No routine disposal (for applicable files) Files that have been stored away but then misplaced during a major move or restructure Incorrect disposal (for applicable files) Files being retained long after their disposal date
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services Areas of potential confusion/FAQs: Who is responsible for managing the Masters files? The department or the Faculty? Or is it the Melbourne School of Graduate Research? ANSWER: In many instances it’s the Faculty Office, but some Faculties have in the past had MSGR take them. The schedules permit either location.
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services Areas of potential confusion/FAQs: How will the implementation of the Melbourne Model effect the management of postgrad files? ANSWER: Possibly not greatly, but we will be reviewing all of our schedules, particularly those relating to student records, in light of the Melbourne Model next year.
Disposal of Postgraduate files Catherine Nicholls & Lucinda DaviesRecords Services Things to keep in mind If you have a question about managing postgrad files, please speak to me, Lucinda Davies – Remember that all student files contain confidential information so keep them safe and secure. If you can destroy a student file, remember to make a list and destroy them confidentially.
9 Things you had wished you had known about compliance… Using Examples of Student Work Copyright Office - Helen Thomson
Student works are protected by copyright as literary works Will be unpublished manuscripts – Copyright will last indefinitely Students will own copyright in their entries on blogs & wikis Students will own copyright in their own work unless there is a legal agreement to the contrary Exclusive rights regarding the reproduction, communicating online, publication and performance of their work. No automatic licence to use student works for teaching purposes Governed by the University IP Statute University has no claim to to IP created by students in their scholarly works Must ask permission to use student works Copyright Protects Student Works
Things to consider: Details of the work Details of the intended use Research, teaching and educational purposes Promotional purposes, either for the subject, faculty or University Commercial use, e.g. a publication or licenced teaching material Who will own the material, including who will own copyright Will the student be paid royalties or other fees Who will the audience be? Restricted to University only, e.g. placed on the LMS Widely available to the general public, e.g. on an open access website The right to remove or stop using the material Asking Permission
Student work may also include third party copyright material Student can not authorise the use of this material, will need permission from the original copyright owner. May be able to use third party material for educational purposes under the Statutory Licences Must abide by the conditions and requirements If using student works for other purposes, will need permission from the original copyright owner Some limited exceptions apply under fair dealing for research & study, criticism & review or parody & satire Must always acknowledge the student’s work Other Considerations
9 Things you had wished you had known about compliance… Internal Audit - Louise Fastuca
Topics/Tips for today –Student Exam Paper Preparation –Early Student Results Spreadsheets –Fraud & Corruption –Travel & FBT Requirements –Motor Vehicle Log Books & FBT Requirements Louise Fastuca Compliance & Internal Audit
Student Exam Paper Preparation – questions to ask? Where do Academic staff store their draft exam paper files? Is it a networked drive? Is it secure from external/student access? Is it on a laptop that could potentially be physically removed from an office? Is their office locked when unattended? Louise Fastuca Compliance & Internal Audit
Exam Papers continued: Where do staff print out the exam papers whilst in draft? Is the printer in an open office accessible to a shared hallway? Does your Department/Faculty have adequate security for printing of the finalised papers? Do they get to the selected printer securely? Louise Fastuca Compliance & Internal Audit
Student Results Processing Is the original Excel file utilised by the Academic to store early results kept securely prior to upload to the Student System? Where is that file stored? Is it on a secured network drive? Louise Fastuca Compliance & Internal Audit
Fraud & Corruption Internal Audit web site; – provides fraud brochurehttp:// Have you considered the potential for staff accepting inducements to mark a student’s assessment more favourably? Do a Self Assessment for your work area – be proactive Risk Template v5.xls, provides a self assessment document. Risk Template v5.xls Louise Fastuca Compliance & Internal Audit
Travel & FBT requirements Itinerary & Diary Compliance with ATO EHS Risk Assessment Need a checklist for the traveller Central retention of diaries for 5 years. Do ALL staff attend training sessions? for specifics on travel diary requirements Louise Fastuca Compliance & Internal Audit – how does it fit?
Motor Vehicles & FBT requirements All trips to be accounted for If there is a driver change, complete an entry for that portion of the trip Ensure all kilometres are accounted for “Purpose of Journey” - needs to be more than just the destination, the actual business purpose needs to be stated clearly. Louise Fastuca Compliance & Internal Audit
Thank you! Contact details: Louise Fastuca Compliance & Internal Audit
9 Things you had wished you had known about compliance… Privacy Policy issues Legal Services - Mina Freeman
Mina Freeman Privacy Compliance Legal Services Legislative Framework Information Privacy Act 2000 (Vic) Health Records Act 2001 (Vic) Privacy Act 1988 (Cth) – in limited circumstances (generally only applies to Commonwealth agencies and private sector organisations that are of a certain size and above)
Mina Freeman Privacy Compliance Legal Services What is protected? “Personal Information” Information or opinion that is recorded (whether true or not) about a readily identifiable individual “Sensitive Information” Personal Information which is also considered to be “Sensitive Information” for example, information or opinion about an individual’s ethnic or racial origin, sexual preference, political opinions, criminal record etc.
Mina Freeman Privacy Compliance Legal Services “Health Information” Information or opinion about: –The physical, mental or psychological health of an individual; –The disability of an individual; –An individual’s expressed wishes about the future provision of health services to him or her; or –A health service provided, or to be provided to an individual … which is also Personal Information
Mina Freeman Privacy Compliance Legal Services Information Privacy Principles (Schedule 1 of the Information Privacy Act 2000 (Vic)) There are 10 Information Privacy Principles to be aware of: Collection Use & Disclosure Data Quality Data Security Openness Access and Correction Unique Identifiers Anonymity (where possible) Transfer of personal information outside Victoria Dealing with Sensitive Information
Mina Freeman Privacy Compliance Legal Services Collection of personal information only when necessary for the organisation’s functions or activities collected by lawful and fair means; not in an unreasonably intrusive way inform the individual concerned of - who is collecting - reason for collection - the purpose for which the information will be used - how he or she may access the information - whether there is any law requiring the collection where reasonable & practicable, only collected from the individual concerned and not from someone else
Mina Freeman Privacy Compliance Legal Services Use & Disclosure of personal information a)For the primary purpose; OR b)Where a secondary purpose if related to the primary purpose of collection AND the individual would reasonably expect the organisation to use or disclose the information for that secondary purpose; OR c)With the individual’s consent. In the case of Sensitive Information the secondary purpose must be directly related to the primary purpose of collection Other exceptions may apply in certain circumstances for example, law enforcement, where there is a serious threat to public health and safety, or otherwise required by law (seek advice)
Mina Freeman Privacy Compliance Legal Services Management of personal information – installing systems in order to maintain accuracy & data security – openness, access & correction – in the University context access is usually managed via FOI Unique Identifiers (e.g. Student numbers/ driver’s license number) –Must not be assigned (or adopted) unless necessary for the organisation to carry out its functions efficiently (e.g. Staff and student numbers at the University) Anonymity ( where possible) –Provide an individual with the option of transacting on an anonymous basis where possible
Mina Freeman Privacy Compliance Legal Services Sensitive Information Limited circumstances in which Sensitive Information can be collected: Individual has consented; OR Required by law; OR Necessary for research or the compilation or analysis of statistics relevant to government funded targeted welfare or educational services and impractical to get consent … some other limited circumstances Transfer of personal information outside Victoria Some relevant factors: Is the recipient of the information subject to a law or binding scheme relating to information privacy which is similar to ours? Can we place a condition in the contract requiring the external party to comply with our privacy law? …Seek Advice
Mina Freeman Privacy Compliance Legal Services References : University Privacy Policy & Privacy Officer Legal Services (Compliance) Office of the Victorian Privacy Commissioner
© Copyright The University of Melbourne 2007