Keep control of sensitive data
Environmental data can be commercially sensitive, culturally significant or politically contested. SEAF applies security controls that allow responsible use while preventing misuse.
Key principles include:
- Controls aligned to risk rather than uniform restriction
- Enforcement of data classification and licensing
- Clear separation between users, data and environments
- Continuous logging and monitoring
Rather than relying on perimeter security alone, SEAF security is implemented through a combination of identity management, access control, network isolation and governance rules that define what may occur within an environment and what may leave it.
Security is applied proportionally:
- Open data can be widely shared
- Sensitive data can be locked into restricted zones
- Highly sensitive data can be analysed using encryption-based techniques
Security controls are informed by recognised frameworks including the Five Safes approach and Australian cyber security guidance, operationalised through contractual and technical mechanisms that bind participants to agreed behaviour. The objective is to maximise governed use.
Privacy
Privacy protections are embedded through governance and contractual obligations.
Each SEAF spoke maintains a privacy notice aligned with its data handling practices. Users must acknowledge this before accessing any zone.
Participants must comply with applicable privacy laws, including the Privacy Act 1988 (Cth) and relevant state legislation.
Participants must:
- Minimise use of personal or sensitive information
- Implement appropriate technical and organisational safeguards
- Ensure lawful collection, use, and disclosure
Responsibility for personal information remains with the participant processing it.
