Terms and Conditions for Data Access


Please read the following terms and conditions carefully. By requesting the data, you agree to comply with requirements 
and follow the guidelines as follows.

  1. The project owner endorses the data access request. He or she oversees the whole project utilizing the requested data and is also responsible for the usage and protection of the data. He or she should perform all practical steps to protect the data until the project is completed. If high-risk data is involved, the project owner also needs to follow the guidelines of Acceptable Practices for Handling High-risk Data at https://itsc.ust.hk/itpolicies-guidelines/acceptable-practices-for-handling-high-risk-data/
  2. The following procedures and requirements should be fulfilled during the lifecycle defined by the data owners. A typical lifecycle would involve Acquisition, Usage, Storage and Destruction stage.

    Lifecycle Management of Data Access

    Stages Procedures & Requirements
    Acquisition Before requesting the data
    • Elaborate the needs of the data access 
    • State what and how often data is accessed
    • Always mask high-risk data for protection
    • Define the duration of data access
    Usage When processing the data
    • Follow the usage and protection of the data as declared
    • Data should not be shared to other parties.
    • Must obtain consent from Data Owners when the usage of the data is changed.
    Storage When data is stored
    • State how the data is stored and protected
    Destruction When the project is completed or data is no longer needed
    • Destroy the data and its backup copies when it is no longer needed or the project is completed.
    • Request access again if data access needs to be extended.

  3. Project owner should have the consent from the data owner if the data is shared to other parties for processing.
  4. The retrieval and usage of data should comply with the Acceptable Use Policy of ITSC and the bandwidth and traffic requirements imposed by the respective services.



• HKUST Data Classification Guideline

• Acceptable Practice of Handling High-risk Data 

• Minimum Security Standards

• Protect My Data 

• ITSC Acceptable Use Policy