Data Governance. Policy FINAL (Approved)



Similar documents
Data Governance Policy. Version October 2015

RECORDS MANAGEMENT POLICY

Council Policy. Records & Information Management

Information Governance Strategy. Version No 2.0

Information Governance Strategy :

Information Governance Strategy. Version No 2.1

Scotland s Commissioner for Children and Young People Records Management Policy

OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:

Information Governance Strategy & Policy

Information Governance Policy

Information and Compliance Management Information Management Policy

Information Integrity & Data Management

Information Governance Policy

EA-ISP-001 Information Security Policy

Records Management Policy

Records Management - Department of Health

CORPORATE CREDIT CARD POLICY & GUIDELINES

Information Governance Policy (incorporating IM&T Security)

INFORMATION SECURITY POLICY

COUNCIL POLICY R180 RECORDS MANAGEMENT

STATE RECORDS COMMISSION. SRC Standard 6 OUTSOURCING. A Recordkeeping Standard for State Organizations

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Highland Council Information Security Policy

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

NHS Commissioning Board: Information governance policy

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

NSW Government. Cloud Services Policy and Guidelines

INFORMATION GOVERNANCE POLICY

Corporate Records Management Policy

Information Governance Strategy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Bring Your Own Device (BYOD) Policy

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Records Management Policy

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Strategy Includes Information risk & incident management methodology

NSW Government Digital Information Security Policy

Information Governance Framework. June 2015

Corporate Information Security Management Policy

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework

Records Management Security of University Records Procedures

Accounts Receivable. Policy Statement

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

INFORMATION GOVERNANCE POLICY

NSW Government Digital Information Security Policy

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

NSW Self Insurance Corporation Amendment (Home Warranty Insurance) Act 2010 No 30

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

Records Management. 1. Introduction. 2. Strategic Plan Desired Outcomes

Information and records management. Purpose. Scope. Policy

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

Privacy and Cloud Computing for Australian Government Agencies

Information Governance Policy

NHS Lanarkshire Information Governance Committee

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector

National Archives of Australia - Administrative Functions Disposal Authority March 2010

Policy. VBA Enterprise Risk Management. Governance Unit

INFORMATION TECHNOLOGY SECURITY STANDARDS

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Information Governance Policy

Information Management Strategy. July 2012

OFFICIAL. NCC Records Management and Disposal Policy

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

DATA PROTECTION AND DATA STORAGE POLICY

Policy (Board Approved)

What NHS staff need to know

HORIZON OIL LIMITED (ABN: )

4 NUMBER 004 Policy Data base Document Reference Number P

POLICY STATEMENT 5.17

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Information Management and Protection Policy

Statement of Business Ethics

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

Information Governance Policy

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES

Guidelines approved under Section 95A of the Privacy Act December 2001

INFORMATION GOVERNANCE STRATEGY NO.CG02

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

Newcastle University Information Security Procedures Version 3

Transcription:

Data Governance Policy FINAL (Approved) July 2010

DOCUMENT CONTROL Document Title: Data Governance Policy Summary: This document defines the policies of the Cancer Institute NSW regarding our data governance management system. TRIM Ref: E10/13359 Date of Issue: July 2010 Version: Version 1.0 (Approved) Contact Officer: Governance, Risk & Compliance / Chief Operating Officer Relevant NSW Health Policy Directives: References: Electronic Information Security Policy (PD2008_052). Privacy Management Plan (PD2005_554). Privacy Manual Version 2 (PD2005_593). Principles for Creation, Management, Storage and Disposal of Health Care Records. (PD2005_127). Charges for Health Records and Medical Reports (PD2005_235) Use and Retention of Human Tissue including Organ Donation, Post Mortem Examination and Coronial Matters (PD2005_341) Records Management Policy (PD2009_057) Disclosure of Unit Record Data Held for Research or Management of Health Services (PD2006_077) Process for Approval of New or Modified data collections (PD2005_155). Subpoenas (PD2005_405). Main Legislative Implications: NSW Government Mandates: NSW Premiers Circular No. 2001 46. NSW Premiers Circular No. 2004 06. General Disposal Authority (GDA 17) Public health services: Patient/Client Records. State Records Policy on Records Appraisal and the Identification of State Archives 2001 State Records Policy on Digital Records Preservation - 2007 State Records Policy on Electronic Messages as Records - 1998 State Records Policy on Electronic Record Keeping - 1998 State Records Procedure on Disposal Authorisation 2007 State Records Procedure on Making Access Directions 2005 State Records Procedure on Making Still In Use Determinations 1999 State Records Procedure on Transferring Custody of Records as State Archives 2004 Cancer Institute NSW Act Commonwealth Privacy Act Freedom of Information Act Health Administration Act Health Records & Information Privacy (HRIP) Act Health Records & Information Privacy Regulations

Healthcare Identifiers Bill 2010 Healthcare Identifiers (Subsequential Amendments) Bill 2010 Human Tissue Act Privacy & Personal Information Protection Act Public Health Act State Records Act Standards under the State Records Act Statutory Guidelines under the HRIP Act Related Cancer Data Governance Policy (this document) Institute NSW Data Governance Procedure Policy Information Security Policy Information Security Management System (ISMS) Policy Information Security Management System (ISMS) Procedure Business Continuity Management Policy Business Continuity Management Procedure Compliance Management Policy Compliance Management Procedure Records Management Policy Records Management Guidelines Code of Conduct and Ethics Change History Version Who What 0.1 Dr Stephen James 03/01/2010: Initial draft. 1.0 Stephen James 27/07/2010: Approved by COO.

CONTENTS 1.0 INTRODUCTION... 5 1.1 BACKGROUND... 5 1.2 INTENT... 5 1.3 OBJECTIVES... 5 1.4 SCOPE... 6 2.0 POLICY STATEMENTS... 7 3.0 RESPONSIBILITIES... 8 4.0 APPROVALS... 9 A.0 ANNEX... 10 A.1 INTEGRATED MANAGEMENT SYSTEM... 10 TRIM E10/13359 CINSW In Confidence Page 4 of 10

1.0 INTRODUCTION 1.1 Background Schedule 1 Part 2 of the Public Sector Employment and Management (NSW) Act 2002 defines the Cancer Institute NSW as a statutory corporation (i.e. a non public-service division of the Government Service) headed by the Director General of the Department of Health. The Institute is constituted by the Cancer Institute (NSW) Act 2003 and is governed by a Board appointed by the Minister for Health. The Act is jointly administered by the NSW Minister for Health and the Minister Assisting the Minister for Health (Cancer). The Institute forms part of the NSW public health system 1. As such, many of the policy directives of the NSW Department of Health apply to the Institute. This Procedure incorporates each of the requirements specified within applicable NSW Department of Health policy directives, as well as those stipulated by applicable legislative instruments, which pertain to data governance. This Policy and its associated Procedure incorporate each of the requirements specified within applicable NSW Department of Health policy directives, as well as those stipulated by applicable legislative instruments. 1.2 Intent The Institute recognises that data is a valuable asset for the purposes of its objectives as specified within its Act. The Institute is involved in the collection, processing, analysis and reporting of various forms of data and acknowledges that some of this data is of a sensitive nature in terms of privacy, integrity, availability, security and governance. The Institute shall therefore establish, implement, operate, monitor, review, maintain and improve a Data Governance framework to ensure that appropriate controls are applied to data, and that the data is collected, used and reported in line with its legislative and other compliance obligations. 1.3 Objectives The specific objectives of our data governance framework are to apply appropriate controls over: Data inventory and ownership Data collection Data use and disclosure 1 Page 10, NSW Department of Health Annual Report 2008/09 TRIM E10/13359 CINSW In Confidence Page 5 of 10

Data security Data privacy Data availability, retention and disposal Data integrity Data compliance 1.4 Scope This Policy applies to all Divisions, business units and controlled entities of the Cancer Institute NSW. It applies to all forms of data including those in electronic and non electronic form. Whilst data governance, and especially the elements listed above, apply to all types of data, this Policy (and its corresponding Procedure) is particularly concerned with: Identifiable personal information as defined by the Privacy and Personal Information Protection Act 1998; and Identifiable personal health information as defined by the Health Records and Information Privacy Act 2002 TRIM E10/13359 CINSW In Confidence Page 6 of 10

2.0 POLICY STATEMENTS a. Data Governance Policy. A Data Governance Policy (this document) shall be maintained by the Governance, Risk & Compliance adviser, approved by the Chief Operating Officer and published and communicated to all relevant employees and relevant external parties. This Policy shall be reviewed and updated as required. b. Data Governance Procedure. A Data Governance Procedure shall be documented and applied which defines the processes and procedures to be followed in order to meet these Policy statements. The Data Governance Procedure shall be reviewed and updated as required. c. Data Inventory & Ownership. All data assets shall be clearly identified and an inventory of all important assets shall be maintained. All data assets shall be assigned a dedicated owner and steward. This shall be achieved in accordance with Chapter 3 of the Institute s Data Governance Procedure. d. Data Collection. Data shall be collected in a lawful and appropriate manner in accordance with the requirements of applicable legislation, NSW government mandates and NSW Health and Institute policies. This shall be achieved in accordance with Chapter 4 of the Institute s Data Governance Procedure. e. Data Use and Disclosure. Data shall be used and disclosed in a lawful and appropriate manner in accordance with the requirements of applicable legislation, NSW government mandates and NSW Health and Institute policies. This shall be achieved in accordance with Chapter 5 of the Institute s Data Governance Procedure. f. Data Security. Data shall remain protected and secure in accordance with the requirements of applicable legislation, NSW government mandates and NSW Health and Institute policies. This shall be achieved in accordance with Chapter 6 of the Institute s Data Governance Procedure. g. Data Privacy. Data shall remain private and shall only be disclosed to authorised parties in accordance with the requirements of applicable legislation, NSW government mandates and NSW Health and Institute policies. Privacy Impact Assessments shall be conducted prior to the undertaking of any business initiative, project or act which has the potential to incur privacy risks. A formal privacy breach procedure shall be applied for all suspected and actual breaches to the privacy of data. These shall be achieved in accordance with Chapter 7 of the Institute s Data Governance Procedure. h. Data Availability, Retention and Disposal. Data shall be retained and disposed of in a lawful and appropriate manner. Appropriate controls shall be applied to ensure that data remains available to bona fide persons when TRIM E10/13359 CINSW In Confidence Page 7 of 10

required. This shall be achieved in accordance with Chapter 8 of the Institute s Data Governance Procedure. i. Data Integrity. Appropriate controls shall be applied to ensure that data remains complete and accurate. This shall be achieved in accordance with Chapter 9 of the Institute s Data Governance Procedure. j. Data Compliance. Data shall remain compliant with the Institute s various obligations including those specified within relevant legislation, NSW government mandates, NSW Health Policy Directives, Institute policies and procedures, as well as other obligations such as contractual requirements. This shall be achieved in accordance with Chapter 10 of the Institute s Data Governance Procedure. 3.0 RESPONSIBILITIES a) The Chief Operating Officer shall: review and approve the Data Governance Policy and the Data Governance Procedure; approve the necessary resources required to develop, implement, maintain, test and continually improve the data governance framework. b) The Governance, Risk & Compliance adviser shall: review and update the Data Governance Policy and Data Governance Procedure as required; manage the overall development, implementation, maintenance, review and continual improvement of the data governance framework; conduct internal IMS audits as required. c) Divisional Directors shall: Advocate the requirements of the Data Governance Policy and the Data Governance Procedure; make all staff aware of their roles and responsibilities as defined within the Policy and Procedure; approve the necessary resources required to implement and continually improve the data governance framework within their Division. d) All staff 2 shall: Apply all requirements as specified within the Data Governance Policy and the Data Governance Procedure. 2 This includes employees, contractors or agents of the Institute who access (including reading, entering, downloading, or updating) data or information addressed by this Policy. TRIM E10/13359 CINSW In Confidence Page 8 of 10

Actions contrary to the above will be considered misuse of Institute property. 4.0 APPROVALS This Policy was approved by the Chief Operating Officer on the 27 th July 2010. TRIM E10/13359 CINSW In Confidence Page 9 of 10

A.0 ANNEX A.1 Integrated Management System The Data Governance framework shall operate within the context of our overall Integrated Management System. Where there is an overlap or discrepancy between the IMS Procedures and the Data Governance framework, the latter must be applied. This is due to the unique nature of some of the requirements of data governance which are distinct from the requirements of other management systems. TRIM E10/13359 CINSW In Confidence Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information