At work, we are subject to the Information Privacy Act 2009 (Qld), which sets out 11 principles that govern how we collect, store, access, use, and disclose personal information; which are embedded in the UQ Information Management Policy. However, our data at home isn’t subject to the same safeguards, so doing a privacy check-up is a great way to maintain security. What do you look out for?
1. Check what information is gathered by applications
In our digital lives we use a wide range of tools, including applications that require extensive access to our phones and computers. These tools gather data even when we’re not actively using them, including our interests, activities and location. If our personal information falls into the wrong hands this could lead to identify theft or financial losses.
Ensure your safety by periodically checking your applications, deleting ones you no longer use and disabling invasive permissions.
Extra tips:
-
Google has a Privacy Checkup you can complete, and Facebook provides information about their Privacy settings and tools.
-
Review application permissions on your Android device or iOS device.
2. Check the security of your storage
-
Any personal or sensitive information - like bank statements or tax information – should be stored in a secure location that carries a low risk for data breach (e.g. hard drive on a password-protected personal computer).
-
If you are storing files to the cloud, protect your online account with a unique password and enable MFA (multi-factor authentication). Ensure your personal email accounts are also protected by MFA.
Work documents should be saved on UQ-approved storage platforms so that UQ can ensure that appropriate safeguards are in place. In addition, it is important to:
-
Consider information security classifications when deciding on the appropriate storage location
-
Regularly review your sharing permissions
-
Update permissions on shared files (e.g. OneDrive) when no longer required.
-
Update your UQRDM project record to remove former research collaborators.
-
If a member of your team resigns, revoke access to network drives and systems.
Have you left the door open on your data? This month, close it.