- To establish accountability for records management and retention.
- To define certain terms relevant to records management and retention.
- To strengthen safeguards against the unauthorized or accidental disclosure of confidential records.
- To establish the length of time certain categories of records are required to be maintained and stored.
- To establish appropriate records destruction practices.
It is the policy of Saint Joseph’s University to comply with applicable laws and best business practices with regard to the records it maintains, and to apply those laws and practices consistently across University Departments.
“Confidential Record” – The following types of Records are considered confidential:
- "Education records” as defined by the Family Educational Rights and Privacy Act of 1974;
- Individual employment records, including records which concern hiring, appointment, promotion, tenure, salary, performance, termination or other circumstances of employment;
- Records that include "protected health information" as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
- Records the use of which has been restricted by contract;
- All administrative records of the University, with limited exceptions as defined by the General Counsel, including those which must be open in conformance with law; and
- Records which might expose the University to legal liability if treated as non-confidential.
“Duplicate Record” – A copy of a Record maintained by a University Department other than the Responsible Office.
“Electronic Record” – Any Record that is created, received, maintained and/or stored on University local workstations or central servers, regardless of the application used to create that Record. Examples of Electronic Records include, but are not limited to, electronic mail, word-processing documents, spreadsheets and databases.
“Paper Record”– Any Record maintained in a hard copy paper format, regardless of whether the Record was originally created on paper or as an Electronic Record.
“Records” – As used in this Policy, “Records” refer to Electronic and Paper Records, unless a particular format is specified.
“Required Retention Period"– The retention period set forth in the University’s Records Retention Schedule.
“Responsible Office” – The University Office responsible for ensuring that a particular Record is maintained for the Required Retention Period.
Unless otherwise specifically set forth in this Policy, maintenance and disposition of Electronic Records shall proceed on the same basis as Paper Records.
Safeguards Against Unauthorized or Accidental Disclosure
Until Records are properly disposed, each Department of the University is accountable for securing and maintaining its Records regardless of format or location. Each Department is accountable for ensuring that employees, and others, are only granted access to Confidential Records essential to the performance of their duties. Further, each Department must ensure that those granted access are trained and employ reasonable safeguards to protect the Confidential Records.
Records Retention Schedule
The Records Retention Schedule sets forth the length of time Records should be retained by the Responsible Office.
The General Counsel should be notified of any Records not encompassed within the Records Retention Schedule. The General Counsel will determine, in consultation with appropriate Department personnel, whether to destroy the Records in question or add those Records to the Records Retention Schedule.
Recognizing that the Responsible Office must maintain Records in accordance with the Records Retention Schedule, duplicate Records should be destroyed and disposed of as early as practical.
(To view a copy of the Records Retention Schedule click here.)Extended Retention Period
Records which are retained beyond the Required Retention Period should be destroyed and disposed of, in accordance with this Policy, as early as practical.Destruction Authorization
Destruction of Electronic Records will be a coordinated effort between the Responsible Office and the Office of Information Technology. When the Required Retention Period for Electronic Records expires, the Responsible Office will initiate the process for the Records’ destruction and disposal. The destruction of those Electronic Records will be authorized jointly by the senior officer in the Responsible Office and the Director of Information Technology. If those individuals are unable to agree, destruction will be stayed pending review and final determination by the Vice President of Administrative Services, in consultation with the General Counsel.
When the Required Retention Period for a Paper Record expires, the senior officer of the Responsible Office shall initiate the process for the Records’ destruction and disposal. The destruction of those Records shall be authorized by the senior officer of the Responsible Office. In the event of any dispute regarding the authorization of the destruction of documents by the senior officer of the Responsible Office, destruction will be stayed pending review and final determination by the Vice President of Administrative Services, in consultation with the General Counsel.Safe and Secure Disposal
All Paper Records covered by the Records Retention Schedule shall be destroyed by shredding. All Electronic Records covered by the Records Retention Schedule shall be destroyed by or under the supervision of the Office of Information Technology.
A destruction record is an inventory describing and documenting those Records, in all formats, authorized for destruction, as well as the date, agent, and method of destruction. The destruction record itself shall not contain confidential information. If a Paper Record is the subject of destruction, the destruction record shall be retained in the Responsible Office. If an Electronic Record is the subject of destruction, two copies of the destruction record shall be retained: one in the Responsible Office and in the Office of Information Technology. The destruction record may be retained in paper, digital, or other format.Suspension of Records Retention Schedule
When litigation involving the University or its employees is filed or threatened, the law imposes a duty upon the University to preserve all Records that pertain to the issues involved. Once aware that litigation exists or is likely to be filed, the University’s General Counsel will issue a litigation hold directive. The litigation hold directive overrides the Records Retention Schedule that may have otherwise called for the destruction of the relevant Records, until the hold has been lifted by the General Counsel. The suspension applies equally to Paper and Electronic Records, including duplicate copies. No University employee who has been notified by the General Counsel of a litigation hold may alter or destroy a Record that falls within the scope of that hold. Violation of the hold may subject the individual to disciplinary action, up to and including dismissal, as well as personal liability for civil and/or criminal sanctions.
Any University employee who becomes aware of litigation or threatened litigation prior to receiving a litigation hold shall inform the General Counsel immediately and shall suspend the Records Retention Schedule until a litigation hold, defining the scope of the suspension, is issued by the General Counsel.