What is personal information?
'Personal information' is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The most common examples are an individual's name or signature. Personal information can also be a person's address, image, description, numerical identifier, telephone number, date of birth, medical records, bank account details, employment details, or commentary or opinion about them, depending on the circumstances.
How can I make a complaint about privacy?
All complaints and concerns should be communicated to the ANU Privacy Officer by email at email@example.com
The Office of the Australian Information Commissioner advises "If you think an organisation or agency has mishandled your personal information, you need to complain to them first before you complain to us". Thus complaints should be made to OAIC after complaints have been made to the University and a response has been received from the relevant ANU officer.
How can I find out what personal information ANU holds about me?
Privacy law (APP 12.1) provides you with a right of access to the personal information we hold about you.
You can request access to your personal information by contacting us at firstname.lastname@example.org or FOI@anu.edu.au.
We usually process requests for access to or correction of personal information under the Freedom of Information Act 1982 (Cth).
Can I have ANU delete my records from the ANU systems?
Only if the records can be deleted consistent with our legislative requirements. The University is required to retain information in compliance with other legislative schemes or until the information can be disposed of in accordance with the National Archives legislation. In the meantime, you can request that the information is corrected if it is incorrect.
Is my data collected when I use the ANU website?
When you visit The Australian National University (ANU) website our server makes a record of your visit and logs the following information:
- your browser's internet address
- the date and time of your visit to the site
- the pages you accessed and documents downloaded
- the previous site visited
- the type of browser you are using n
- the username entered if accessing a restricted site.
The University uses this information for statistical purposes and for system administration tasks to maintain this service. We do not attempt to identify individuals of our regular business practices however in the unlikely event of an investigation, the University, a law enforcement agency or other government agency may exercise its legal authority to inspect our server's logs.
External sites that are linked to or from the University site are generally not under our control or responsibility and you are advised to review their privacy statement.
Can my image be put up on an ANU website?
A photograph that includes you is considered personal information if you can be reasonably identified.
If you will be reasonably identifiable in an image, Privacy law gives you a right to be informed that your photo is being taken, how the photo will be used and where it will be published. All reasonable efforts should be made to obtain your explicit consent before taking your photo. Where it is impracticable to obtain consent (such as at large events), reasonable notification should be given (such as signs or announcements) so that you are aware that images are being recorded or photos are being taken and how they will be used. You then have a choice whether to be in the area where photos/images are being taken or not.
What does ANU do to protect data?
The University takes significant protection measures to strengthen our systems against data attacks. We do this in collaboration with Australian government security agencies and our industry security partners such as Microsoft.
We will continue to invest in our IT security. We are unable to publicly provide specific details about the exact measures taken so as to ensure the integrity of those safety mechanisms.
How can I keep my information secure?
Below are a range of steps you can take to help stay safe.
Passwords are the most commonly used form of online credentials so they remain a key target. These simple precautions can help you secure your passwords and identity:
- If you have not reset your ANU password since November 2018, it is highly advised that you do so immediately. Accounts whose passwords have not been reset since November 2018 will automatically require a password change on 12 June 2019.
- If you tend to reuse your ANU password, or very similar passwords, on other services (within or external to ANU) it is highly recommended that you reset these as soon as possible and use more distinct passwords for each service.
- Where available two factor authentication (phone app, token) should be used for any online services you are registered with.
- Use strong but memorable passwords. There are many secure password generators online and also consider the use of a password manager.
Phishing and scam emails are still the most common way to steal personal information or gain unauthorised access.
- Make sure emails are from a trusted source. Some email clients don't automatically show the full email address, so take the time to expand and validate email addresses.
- Do not click on links or open attachments from unknown senders or emails which purport to be from someone you know but seem out of character.
- If the email appears to be from a known sender but seems unusual or asks you to do something you would not normally do, find a way to validate this information with the sender.
- Never give any sensitive or personal details over email no matter how legitimate or authoritative the source may seem.
- Don't click on email attachments with unusual file extensions or names unless you are expecting the email.
- If you can't tell whether an email is legitimate, or you think your account has been compromised, please contact email@example.com
- Maintain a watchful eye on your devices and keep them close to you. If you can avoid it, don't leave your device in a hotel room or room safe.
- When using public Wi-Fi (at home or abroad) always make sure you use a Virtual Private Network (VPN) service. Hotel and airport lounge Wi-Fi are not secure.
- Consider using disk encryption. This one of the most useful data loss prevention measures.
- Do not accept USB devices from promotions or untrusted sources. Recommend to your friends and colleagues to use secure cloud based file transfers where possible.
General device maintenance and configuration
Just like our vehicles require regular maintenance to stay road-worthy so to do our digital devices, so that they remain able to resist increasingly sophisticated attacks.
- Use a current and supported operating system. Older systems are more vulnerable particularly if security patches are no longer being released for them.
- Ensure all operating systems and applications on your device are fully updated to the most recent patch level and are still being supported by the vendor.
- It is highly recommended that you use a security product on your device and that you keep it up-to-date.
- Some operating systems give you a local administrator account by default, consider making a second account on your device with less privileges for everyday use.
- Microsoft Office macros can be very useful but are also a very common method of enabling malware. Strongly consider turning off macros unless you have a specific need.
- Don't download and run software from untrusted or unknown sources; and always make sure you scan any downloads with a reputable security product.
- Always make sure your important information is backed up regularly and consider having a mix of backup solutions e.g. cloud and removable disk.
Protecting your friends and colleagues
Criminals may use your identity to trick your friends and colleagues. If you think your contact list has been compromised, let your friends and colleagues know so they can take steps to protect themselves.
ANU IT Services maintains a website with up-to-date IT security information. You can access that website through our homepage, and we recommend bookmarking it and checking back regularly.
Privacy and Zoom meetings
How do I keep my Zoom meeting secure?
When using Zoom, it is important to remember how to ensure your meetings are secure.
ANU staff should familiarise themselves with the information contained in Message on Zoom Security and setting up a public meeting Zoom for Meeting Hosts.
These documents provide important information on:
- using passwords;
- using waiting rooms for non-ANU people;
- only allowing the host to do screen sharing; and
- ensuring that anyone removed from a meeting is not allowed back in.
You can find more information in the Zoom Cyber Security Checklist, including the importance of not sharing your Zoom meeting details and passwords, publically via social media or in public forums.
What should I do if my Zoom meeting is breached?
If your Zoom meeting is breached by unauthorised attendees:
- Report users to Zoom, that way they can trace and disable accounts if appropriate;
- Remove them from the meeting and don't let them come back in;
- If necessary, stop the meeting and send all legitimate participants a new password that will enable them to re-join the meeting; and
- Report the breach to Privacy@anu.edu.au and IT.Security@anu.edu.au for appropriate privacy and security assessments.
Please visit the Zoom Updates article on the Service Desk Portal to check for this and other important updates.