Ethics and privacy responsibilities

When planning activities involving human research data, it is important to consider both ethics and privacy issues as early as possible.  The way in which data is collected and managed and the consent approach used may affect how the research data can be used or disclosed in the future, including after the project has finished.

While there are areas of overlap between privacy law requirements and the requirements of the National Statement on Ethical Conduct in Human Research 2023 (National Statement), privacy law includes specific obligations about how individuals' information is collected, used, disclosed, secured and stored throughout its existence.  A particular activity may be acceptable from a privacy perspective but not from an ethics perspective.  For example, if personal, sensitive or health information is fully anonymised, privacy legislation will not apply.  However, ethical obligations, including the need for consent to use and disclosure of such anonymised information, will still apply to that information.

Office of Research Ethics and Integrity (OREI)

OREI facilitates the University's research objectives by ensuring that research activities are designed and conducted according to the relevant codes and legislation and that all appropriate clearances are granted before the research takes place.

OREI administers the Monash University Human Research Ethics Committee (MUHREC), which is registered with the National Health and Medical Research Council (NHMRC) and is constituted in accordance with the National Statement.

OREI is also responsible for ensuring the University meets its obligations under the Australian Code for the Responsible Conduct of Research (‘the Code’) and for investigating any Code breach allegations.

For more information, please visit Research Ethics and Integrity.

Data Protection and Privacy Office (DPPO)

Monash University values the privacy of every individual’s personal and health information and is committed to the protection of this information.

In addition to the requirements for handling personal, health and other sensitive information under the National Statement, such information must also be handled in accordance with the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and with other privacy laws as applicable.

The DPPO websites contains information on:

• reporting a data, privacy or cyber security incident;
• making a data or privacy complaint; and
• obtaining a Privacy Impact Assessment.

For more information on the DPPO, go to the DPPO website or contact the office by email at: dataprotectionofficer@monash.edu.