Retention of University Records Policy
Table of Contents
The University of Rochester requires that some specific types of records be retained for specific periods of time and in designated official repositories. The schedules attached to this policy list these records, the time of required retention and the designated repository.
Other records, documents or correspondence (those records not required to be retained or those that are in the possession of individuals or departments other than the official repository for the record) should be disposed of when they are no longer needed for active use by those who possess them.
Records, documents, email and correspondence of all kinds must be managed according to the procedures that are outlined in this document. This policy applies to records in any form (including paper or electronic) and to records however or by whomever created that belong to the University or were created by University employees, including faculty, as part of their work for the University.
Reason for Policy
The University is committed to effective records retention to preserve its history, conduct the best business practices, meet legal standards, optimize the use of space, minimize the cost of record retention, and ensure that outdated and unnecessary records are destroyed.
Application of Policy
- The policy applies to the University of Rochester and all its divisions and departments.
- It applies to all employees, staff and faculty.
This policy is the University’s only record retention policy. Certain departments and divisions may have specific retention schedules for unique records, which are attached to this policy and incorporated into it by reference. Any new specific retention schedules or changes to existing ones should be communicated promptly to the Office of Counsel.
Direct any questions about this policy to your department’s administrator. Or, if you have questions about the following specific issues, you may call the following offices:
|Electronic Media Storage||University Information Technology/Information Services Division||(585) 275-2000; (585) 784-6138|
|Micrographic Preservation||University Archives (Rush Rhees Library)||(585) 275-9335|
|Permanent Storage of Inactive Records||University Archives||(585) 275-9337|
|Policy Clarification or Exceptions||University Office of Counsel||(585) 275-6649; (585) 758-7600|
The following definitions apply to terms used in this policy:
An active record is a record with current use for the unit or individual that generated or possesses it. Records remain active for varying numbers of years, depending on the purpose for which they were created and are used. Users determine whether a record is an Active Record by determining whether they have a current or foreseeable future need to use the record.
An archival record is a record that is non-current and inactive; not required to be retained in the office in which it originated or was received; and has historic value. Archival records are retained and preserved indefinitely in the University Archives.
Each Official Repository decides whether a record has historical value. Care must be taken not to over-include records in this category. It is intended to apply only to exceptional documents for which long-term retention is in the best interest of the University because the records may be of particular value to future University personnel.
Historical Value is incapable of a precise definition. The following general principles should be considered to decide if the record has historical value:
- Whether it describes a transaction of decision having lasting impact upon University facilities or programs
- Whether it would serve as a necessary reference to future personnel in strategic planning
The University archivist in Rush Rhees library is available to assist in deciding whether records have historical value.
Confidential information is personally identifiable information, material the University is obligated by contract to keep confidential, or records that could reasonably be used to the detriment of the University or individuals if read by others.
The official repository is the unit designated as having responsibility for retention and timely destruction of particular official university records. Such responsibility is assigned to the unit’s administrator or a designee. Official repositories of University records are named in the attached tables.
A university record is the original or official copy of any record. Official repositories for these records are identified in Tables attached to this document.
Record Retention of University Records and Archival Records
The tables that follow list the Official Repositories for University Records and Archival Records as well as how long these records must be retained.
Record retention periods may change due to changes in the law, government order, contract, litigation or audit requirements. Such changes supersede the requirements listed in this policy. Those responsible for managing official repositories must do their best to stay abreast of changing requirements.
Departments, units and individuals that are not Official Repositories but who possess copies of one or more University Records are not responsible for retaining the records for the retention period and should dispose of the records when the records are no longer in active use by the department or unit.
No document list can be exhaustive. Questions regarding the retention period for any specific document or class of documents not included in these tables should be addressed to the Office of Counsel.
The administrative manager (or designee) of each Official Repository must:
- Educate staff in sound record management practices and enforce the provisions of this policy;
- Preserve Archival Records; and
- Limit access to Confidential Records.
Record Retention of All Other Records
Records, documents or correspondence other than University Records and Archival Records should be disposed of when they are no longer needed for active use by those who possess them.
Departments, units and individuals that are not Official Repositories but who possess copies of one or more University Records are not responsible for retaining the records for the retention period and should dispose of the records when the records are no longer in active use.
Suspension of Record Destruction
If the Office of Counsel communicates the need to suspend record destruction, destruction must be suspended immediately. Destruction or alteration of any record, in whatever form, that relates to pending or threatened litigation or government investigation, or that relates to any matter about which litigation or investigation is reasonably foreseeable, is prohibited by this policy and can result in termination, civil and/or criminal liability.
Electronic Records and Email
This policy applies equally to records that exist in electronic or paper form. It is the content and function of an email message or electronic record that determines its retention period. Users should retain or dispose of electronic records according to the requirements of the applicable retention schedule attached to this policy just as they would paper records.
University Records kept in electronic form must be stored on University network servers, or with external services approved by or under contract with the University, but not on individual computers or other devices. Consistent with the University’s Information Technology Policy, each University Record should be stored in a manner that is accessible by more than one authorized user of the Record, so that the Record remains accessible in the absence of one of those users.
Generally, University records should not be kept in email. The University’s email system is not intended for record keeping or storage purposes, and backup tapes are overwritten periodically – generally every 30 days. If an email or attachment to an email contains a document that must be retained under this policy, the user must assure that the record is kept in the file or database in which records of the same type generally are kept (for example, material in an email that should be part of a student record must be kept where the school keeps student records, not in individual users’ email boxes).
Any email whose function or content does not require retention for any period under this policy and that is not important to ongoing university business should be routinely disposed of as soon as possible after it is read. This includes, but is not limited to, transitory communications to set up meetings, notices or correspondence concerning a subject not identified on the retention schedule and emails about personal matters.
This policy applies to all electronic documents and email that is pertains to the business of the University created by University employees. Work-related email should be received and sent through each employee’s official University email account. Employees who forward email that might constitute a University Record to non-University databases or email accounts must set up forwarding in a way that does not result in the automatic deletion of email from the University-based system. Exclusive use of outside email services to conduct University business that does not involve routing email through University systems is prohibited.
When records are no longer required to be retained under this policy and are no longer in active use, they should be destroyed or discard.
- Discard all non-confidential paper records, preferably in recycle bins.
- Shred or otherwise render unreadable confidential paper records.
- Non-confidential electronic records may be deleted with simple file or email delete commands. Confidential records stored in University Data Centers also may be disposed of in this manner.
- Confidential electronic records that have been stored outside of University Data Centers, for example, on departmental file servers or desktop computers or CDs must be securely disposed of. This is typically done by overwriting the record or by physically destroying the media on which the record is stored. Contact University IT or Information Systems Division for additional information on secure disposal methods for electronic data.
Email Management Guidelines
The following email management guidelines should be followed:
- Consider alternatives to attaching files to email, such as sharing files by putting them on a shared data site (access-restricted where appropriate). They will be just as available for most people and the files can be any size or type.
- Limit use of “reply all” to those who really need to be involved in the continued discussion
- Disk Space is generally limited … use it wisely
- Clean out your inbox frequently. Delete messages or move them to folders after you open them. Messages in the inbox count against disk space quotas.
- Don’t save messages with attachments. A few large attachments quickly take up available disk space. Save the attachment in an appropriate format and storage area for future use and reference.
- Organize your messages in appropriately named folders. Such a practice simplifies knowing when to safely delete messages and folders.
- Sent Messages. By default, copies of email messages sent to other people are usually kept in a folder for sent items. These files should be reviewed periodically, with records stored according to the records retention policy and non-business records deleted. Some email systems allow automatic deletion of sent messages, which option should be activated.
- Be considerate of disk space. Avoid sending very large files to people by email. Delete the string of reply emails when you reply.
- Clear out copies of deleted messages periodically. In many email systems, when a message is removed from the inbox, sent mail folder or other folder, it is not deleted completely from the system. If possible, set your email system to automatically delete deleted items daily.
- Use spam filtering to reduce unnecessary email.
Frequently consult UIT and ISD web pages for updated information on best practices for using and managing email and electronic records.
Document Classification, Storage and Destruction
For the rules that apply to the use, storage and destruction of electronic documents and Legally Restricted Information, Confidential and Internal University Use Only Information, please refer to the IT Policies webpage.
New Financial System Implementation
Updates, training, and other resources on the financial systems replacement project.