Third-party accessing of data

Purpose

This policy describes the collection, use and disclosure of information MIMR collects when you use our services, including those hosted by Microsoft.

Scope

This policy is intended for third parties who may be granted guest access to MIMR data or services, including but not limited to: files hosted in SharePoint Online/OneDrive, Microsoft Teams meetings and files. 

Policy

Your name and email address are required to assign guest access rights. Usage information is also logged and regularly audited by the MIMR IT team to prevent unauthorised access to our services.

What you need to do

  • Requests for guest access to services need to be submitted to the IT department by a MIMR staff member and demonstrate genuine business need. For access to files or a Team, the internal ‘owner’ of that data must approve the request.
  • When access is no longer required, the IT team must be informed to revoke access.
  • Teams meetings do not require specific guest rights, however your name will be logged when you join the meeting.
  • You may request that the Malaghan Institute delete your name/email at any time. This will revoke any existing access to the Malaghan Institute data and services. 

What the Malaghan Institute does

  • The IT team will enable guest access for a specific email address.
  • To assign access to specific files/Teams etc, your Malaghan Institute contact will need to request permission
  • The IT team may use your usage information to develop, maintain and improve services, and access will be monitored for security purposes. Usage information is regularly audited, and inactive users will be removed to mitigate the possibility of data leakage.
  • Usage information is retained for 30 days before deletion
  • Usage information may be used by third parties for information assurance purposes.