CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose

Similar documents
Ashford Board of Education Ashford, Connecticut POLICY REGARDING RETENTION OF ELECTRONIC RECORDS AND INFORMATION

POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6

Southington Public Schools

19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.

University Policies and Procedures ELECTRONIC MAIL POLICY

Community Unit School District No. 1. School Board

SPRING-FORD AREA SCHOOL DISTRICT

Records Retention Policy

8/28/2017. What Is a Federal Record? What is Records Management?

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Policies & Regulations

5/6/2013. Creating and preserving records that contain adequate and proper documentation of the organization.

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

Management: A Guide For Harvard Administrators

4.2 Electronic Mail Policy

UTAH VALLEY UNIVERSITY Policies and Procedures

Records Management and Retention

WHEATON COLLEGE RETENTION POLICY May 16, 2013

SUBJECT: Effective Date: Policy Number: Florida Public Records Act: Scope and

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

Supersedes Policy previously approved by TBM

Cellular Site Simulator Usage and Privacy

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Employee Security Awareness Training Program

Records Information Management

Acceptable Use Policy

Subject: University Information Technology Resource Security Policy: OUTDATED

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

Version Date Author Revision(s)/Edit(s) V3.0 12/8/2010 Marland Webb V4.0 03/18/15 Marland Webb Update procedures and links

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Information Security Data Classification Procedure

Learning Management System - Privacy Policy

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Farmingdale State College Records Management Training PRESENTED BY DOROTHY HUGHES INTERNAL CONTROL OFFICER AND RECORDS MANAGEMENT OFFICER

Cleveland State University General Policy for University Information and Technology Resources

Information Security Management Criteria for Our Business Partners

Policy Summary: This guidance outlines ACAOM s policy and procedures for managing documents. Table of Contents

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

PRIVACY 102 TRAINING FOR SUPERVISORS. PRIVACY ACT OF U.S.C.552a

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections January 27, 2017

AAPA. Legal Issues and Record Retention. SML, Inc. Steve M. Lewis, President and CEO

Policy & Procedure HIPAA / PRIVACY DESTRUCTION

PSAB Supplement 21 Records Retention and Disposition

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

University of Wisconsin-Madison Policy and Procedure

RECORDS MANAGEMENT AND YOU

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

Records Retention Training

Frequently Asked Questions Related to The Arkansas General Records Retention Schedule

DATA PROCESSING AGREEMENT

SECURITY & PRIVACY DOCUMENTATION

DEPARTMENT OF HOMELAND SECURITY RECORDS MANAGEMENT HANDBOOK

Federal Rules of Civil Procedure IT Obligations For

Managing Your Record Retention Policy Safely

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Palo Alto Unified School District OCR Reference No

Privacy Policy on the Responsibilities of Third Party Service Providers

Enterprise Income Verification (EIV) System User Access Authorization Form

Refreshing Your Records Management. Tracy Rebstock, Southwest Regional Archivist

Virginia Commonwealth University School of Medicine Information Security Standard

Washington State Archives Public Records Management for Conservation Districts

Access Control Policy

UTAH VALLEY UNIVERSITY Policies and Procedures

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Privacy Shield Policy

CIP Cyber Security Information Protection

Policy and Procedure: SDM Guidance for HIPAA Business Associates

7.16 INFORMATION TECHNOLOGY SECURITY

Privacy Breach Policy

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

DATA STEWARDSHIP STANDARDS

TRICARE Operations Manual M, April 1, 2015 Records Management (RM) Chapter 9 Section 1

Florida Supervisor of Elections Conference May 22, 2018 Patricia R. Gleason Special Counsel for Open Government Attorney General Pam Bondi

ACCESSIBILITY POLICY. Adopted: [ ]

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Putting It All Together:

Wireless Communication Device Policy Policy No September 2, Standard. Practice

ELECTRONIC MAIL POLICY

Data Subject Access Request Form (GDPR)

FERPA & Student Data Communication Systems

Building Information Modeling and Digital Data Exhibit

Information Security Policy

OUTDATED. Policy and Procedures 1-12 : University Institutional Data Management Policy

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Policy. Act shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time.

Wireless Communication Stipend Effective Date: 9/1/2008

Department of Public Health O F S A N F R A N C I S C O

HIPAA For Assisted Living WALA iii

Data Protection Policy

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT

Schedule EHR Access Services

IAM Security & Privacy Policies Scott Bradner

USAGE HANDBOOK

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Management Case Study. Kapil Lohia

Transcription:

CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION I. Purpose To provide guidance to schools and administrative offices regarding the maintenance, retention, disclosure, and disposal of records and other Carroll County Public Schools (CCPS) documents. II. Background CCPS employees create, receive, maintain, and dispose of records in the normal course of business. CCPS records shall be managed in accordance with all applicable Maryland records management laws as incorporated into the Records Retention and Disposal Manual for Public School Systems of Maryland and the Maryland Student Records Manual. III. Guidelines A. Creation B. Custodianship Any document created by an employee in any format (including Email records) in the normal course of business shall be presumed by the employee to be a business record of CCPS unless otherwise excluded by these rules. Except as specifically provided, all such business records are exclusively owned by CCPS. The custodian of a record is the employee of CCPS who is responsible for keeping the public record, whether or not the employee has physical custody and control of the public record. i. In most cases, the CCPS employee who creates or receives a record will be considered the custodian of the record; ii. The custodian for internal CCPS communication that is sent to multiple CCPS employees shall be the originator of the record; iii. The custodian of CCPS records that are created or maintained by third-party vendors shall be the individual employee responsible for contract administration with the vendor. Administrative Regulation EHB Data/Records Retention Page 1 of 7

C. Maintenance and Storage i. CCPS records shall be maintained and stored in such a manner as to be accessible by those school district employees who have authority and the need to access them. No record shall be considered private or controlled by only one employee. All records should be accessible by more than one employee. Under no circumstances shall employees be authorized to maintain CCPS records off school district grounds unless expressly granted permission by the employee s supervisor, or unless the maintenance is both temporary and necessary for the conduct of CCPS business. ii. All original paper records shall be maintained according to the appropriate retention and disposition schedule, even if a scanned copy of the record has been created. In order to destroy original paper records and retain the scanned images in their place, this practice has to be specified in the appropriate records retention and disposition schedule. iii. Records that are created and intended to be accessed in an electronic format shall be maintained in an electronic recordkeeping system that adheres to the appropriate retention and disposition schedule. iv. CCPS records that are maintained by third-party vendors, including social media records, shall be maintained as specified in the appropriate retention and disposition schedule. 1. Each department and school is responsible for managing its third-party vendor and social media records. At a minimum, these responsibilities include the ability to identify and retrieve CCPS records. Departments and schools should be aware that these providers could discontinue their service or delete information. Additionally, departments or schools may stop using a platform at any time. In either situation, the department or school is not relieved of its records management and possible capture obligations. 2. The department or school must determine if the provider can export the complete record to CCPS. If the provider cannot export a complete record, the department or school is responsible for implementing capture procedures. If the provider can export a complete record, the Terms of Service agreement shall specify how and when this will Administrative Regulation EHB Data/Records Retention Page 2 of 7

D. Confidentiality and Inspection occur. This clause should state that export shall occur before the provider deletes or otherwise destroys the records that reside on their systems. It should include instructions for notification and export requirements if the provider goes out of business or is bought by another company. Employees shall treat all CCPS records as confidential and shall not reveal them unless: E. Retention Schedule i. The record is shared with other CCPS employees who have a need to know the information contained therein; ii. The record was created or maintained with the intention to share it with the general public; iii. The record was created or maintained with the intention to share it with a specific person or persons who are not employed by the Board, in which case the record may be shared with the intended recipient(s); iv. The record must be revealed by law, court order, or subpoena, as determined by the Superintendent or designee. This includes inspections required by the Maryland Public Information Act (MPIA) or by the Family Educational Rights and Privacy Act (FERPA); v. The record must be revealed through litigation or other legal complaint process, as determined by the Superintendent or designee; or vi. The record must be revealed as part of an internal or external audit, as determined by the Superintendent or designee. i. The Superintendent and each department head shall adopt a records retention schedule listing various types of records maintained by CCPS. For each type of record, the schedules shall include the retention period. ii. For records not expressly listed in the schedule, the retention period shall be three years, or until all audit requirements are met, whichever is later. Administrative Regulation EHB Data/Records Retention Page 3 of 7

F. Litigation Hold iii. The retention schedule shall be followed in all cases, unless a specific record is subject to a litigation hold as described below, unless the record has been subpoenaed, unless the record is the subject of a request made pursuant to the MPIA or to FERPA, or unless the record is otherwise specifically determined by an employee with authority over the record to be necessary for retention beyond the required retention period. iv. At a minimum, once a year, each department must purge files pursuant to their respective retention schedules. i. If retention of a record is not required, or disposal of the record is authorized under these rules, the employee shall not dispose of the record if he/she has reason to believe that the record may be subject to active or probable litigation. In such a case, the employee shall notify the Superintendent or designee. G. Records Disposal ii. The Superintendent or designee shall determine whether any record is required to be maintained beyond the required record retention period due to litigation. All such records shall be maintained in their original form, regardless of any other provisions in law, policy, regulations, or rules. The Superintendent or designee shall inform in writing all employees who have records subject to litigation that there shall be a litigation hold on the record until the employees are notified otherwise in writing by the Superintendent or designee. In the absence of a litigation hold, MPIA request, FERPA request, or subpoena (i) non-records may be destroyed or disposed of upon completion of their use and (ii) records may be destroyed upon the termination of the applicable mandatory retention period. The appropriate method of destruction depends on the record s physical form or medium and subject matter or content. Paper records are to be redacted, burned, pulverized, or shredded, and electronic records will be destroyed or erased. For student records and personnel records, the disposal of the record shall be in compliance with applicable state laws and regulations, and the record may only be disposed of in a manner specifically approved by the Superintendent or designee. These records should not be placed in unsecured trash or recycling receptacles unless first rendered unrecognizable. All records shall be disposed of in such a manner as to protect any legally confidential information that might be included in the record, or other Administrative Regulation EHB Data/Records Retention Page 4 of 7

information which the employee deems necessary not to make public for CCPS purposes. H. Electronic Mail (Email) i. A large portion of CCPS communication is conducted via Email. The purpose of Email is to communicate, not to permanently store electronic information. All business related communications will be conducted using CCPS technology systems; as such, internet Email services such as Yahoo! or Gmail are not to be utilized without express written permission from the Superintendent or designee. CCPS users must manage the size of their mailbox, regularly review messages, and take timely action on long-term retention needs. Unless subject to a litigation hold, subpoena, FERPA, or MPIA request, Email will be retained for a period of 90 days. If an Email is subject to multiple record retention requirements, it must be archived for the longest applicable period following the Record Retention Schedule. Any Email not filed in a longer-term archiving system within 90 days of it being sent or received will be automatically deleted. ii. Email messages created or received in the transaction of official Board and CCPS business can be categorized as public records based on the content of the message. The MPIA is designed to guarantee that the public has access to public records of government bodies at all levels. CCPS is required to produce all pertinent Email messages as part of the MPIA process, subject to certain enumerated exceptions. iii. Under the Federal Rules of Civil Procedure (FRCP), all Email messages are subject to legal discovery (i.e., ediscovery). Failure to produce such documents may lead to sanctions, including monetary fines and adverse court rulings in the underlying case. CCPS is required to produce all pertinent Email messages as part of the ediscovery process in all Federal lawsuits. Each CCPS user is individually responsible for maintaining the public accessibility and ediscovery accessibility of his/her own incoming and outgoing Email messages. iv. Email messages generally fall within two broad categories: 1. Non- Email record / Transitory (delete at will) This category of messages makes up the bulk of all Emails sent or received. These messages are created primarily for the communication of information. Transitory Administrative Regulation EHB Data/Records Retention Page 5 of 7

messages do not set policy, establish guidelines or procedures, certify a transaction, or become a receipt. These casual and/or routine communications do not have a specified retention requirement. Absent a litigation hold, a subpoena, or an MPIA request, non-email records do not require retention scheduling or destruction authorization or reporting. To control excessive accumulation, it is necessary to keep only current, useful materials and to destroy non-records immediately after needs have been satisfied. Avoid filing non-email record material with Records. Examples include: mailing list broadcast messages, thank you notes, replies to routine questions, invitations, etc. Employees sending or receiving such communications may delete them immediately or after any administrative value is lost absent a litigation hold, subpoena, or MPIA request. 2. Email record (retain as required) This category of messages has more significant administrative, legal and/or fiscal value than non-email record/transitory messages. Email records are those that contain a final opinion, official position of a department or that transmit a Record as defined in the policy. If these messages must be transferred from the Email system to another storage location. v. The CCPS Department of Technology Services retains backup files of the Email system for a limited time before the storage space is over-written. These point-in-time snapshot security backup procedures are not designed to meet records retention requirements. The backup process does not guarantee full recovery of users Email messages. vi. Upon an employee s separation of employment, the employee s Email account shall be terminated, and CCPS retains the right to access Email made or received by the employee using the CCPS Email Systems or which is otherwise made or received in the course of employment. An employee who separates from employment shall not remove, destroy, or copy any of the business-related Email entrusted to his/her care or created by him/her during employment, unless otherwise permitted in writing by CCPS. vii. Related Tools in the Email System 1. Calendars, just like Email, can be non-email Administrative Regulation EHB Data/Records Retention Page 6 of 7

records/transitory or Email records depending on whether the attachments contain a final opinion, official position of a department, or transmit a record. 2. Tasks, notes, and other related tools are non-email records/transitory and should be deleted at will unless subject to a litigation hold, subpoena or, MPIA request. IV. Procedures V. References CCPS Department of Research and Accountability is responsible for implementing a records management program consistent with the Records Retention and Disposal Manual for Public School Systems of Maryland and the Maryland Student Records Manual as well as applicable state and federal law. Related Policies and Administrative Regulations: BHD Open Communication IJND Telecommunications Policy JRC Family Educational Rights KDB Open Board Records Administrative Regulation EHB Data/Records Retention Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback