Information Retention Policy | Albright College

Information Retention Policy

Policy Name
Information Retention Policy

Policy Category
Information Security

Policy Sub-Category
Data

Responsible Department
Administrative & Financial Services /Digital Strategies and Infrastructure

Policy to be Approved By
Cabinet

Responsible VP
VP of Administrative & Financial Services/VP for Digital Strategies and Infrastructure

Responsible AVP or Director
Director of Business Process and Applications/Administrative Assistant to VP of Administrative & Financial Services

Original Policy Date: N/A
Last Known Revision Date: N/A

Date of Policy Review: 12/19/2017
Policy Applies To: Entire Campus

Policy Effective Date: 1/1/2018
Recommended Policy Review Date: 6/1/2021

Additional Authority/References: N/A
_

Purpose

The College is committed to effective record retention to preserve its history, meet legal standards, optimize the use of space and computer storage, optimize the cost of record retention, and ensure that outdated and useless records are destroyed.

Applicability

This policy applies to all faculty, staff members, student employees or volunteers, as well as all any third party service provider supplying services to the College, who create, use or otherwise access or interact with any College records.

Definitions and Policy Development Process

‘Information’ for the purpose of this document, is any tangible (paper, electronic, photographic, etc.) or intangible (digital records in applications, cloud storage, shared drives etc.) records reflecting College educational and business transactions regardless of format (paper, electronic, photographic, etc.). This includes student, administrative, financial, and legal as well as other types of information collected, stored and used by the College. Unless otherwise specifically set forth in this Policy, long-term maintenance and disposition of electronic and digital records shall proceed on the same schedule as paper records.

Albright College has established that records can contain three different classes of data: Public, Restricted, and Highly Sensitive. The Administrative Data Management and Access Policy details these classifications, data stewardship, guidelines and the College’s data classification standard along with a complete list of Data Stewards.

This policy is based on information retention policies at University of Maryland, University of Iowa, University of Massachusetts, and Cornell University. Albright has also researched EDUCAUSE resources to determine best practices where they exist.

POLICY

Storage of Archived, Paper Records

All active and permanent paper records should be archived in the respective areas of operation. All existing security protocols with regards to storing and safeguarding official Albright records should be strictly adhered to. Specifically, archived, paper records should be stored in an appropriate file storage box (e.g. Bankers Box or paper box; click here for other examples) within a locked room or within a locked filing cabinet for the timeframes specified in this policy. The storage box or cabinet drawer should be clearly labeled with a short description of the records and the timeframe covered by the records, e.g. “Accounts payable records 2017-18.” Paper records should not be retained in plastic bags. A log of all stored records should be provided to the Data Trustee on an annual basis including any additions or removals via proper destruction.

Destruction and Disposal Process

When the required retention period expires, the responsible office will initiate the process for the record’s destruction and disposal. The destruction of records shall be authorized by the Data Trustee in the responsible office. All electronic records shall be destroyed in consultation with Information Technology Services and in accordance with the established data removal procedure. All paper records constituting Restricted or Highly Sensitive data records shall be destroyed by high quality shredding in consultation with the Data Trustee and Facilities Services & Operations.

Litigation Hold on Records

Information pertaining to any investigation, legal action or proceeding, litigation, audit, or program review in progress should not be destroyed even if the retention period or disposition date specified for the records has expired. In the event that litigation or an administrative agency claim is reasonably likely to occur, Albright College shall take all appropriate steps to initiate a litigation hold on all relevant records so that this information can be preserved. If you believe that an event has occurred that is reasonably likely to lead to litigation/other claim, please notify the appropriate Data Trustee and Data Steward immediately to ensure all relevant records can be preserved. Please also contact the Vice President for Administrative and Financial Services so that legal counsel can be consulted. Records that are subject to a litigation hold shall not be destroyed in accordance with the procedures discussed in this policy. As such, upon initiation of a litigation hold, these records must be immediately segregated from other records so they are protected from any routine record purges. This is especially critical for emails or other electronic documents.

Enforcement

Where identified, Data Stewards from each area, in consultation with the Data Trustee are responsible for ensuring the compliance of this policy. When Data Stewards are not identified by the Data Access Policy referenced above, the appropriate office is identified by the Information Retention Policy.

Albright College employees are responsible for understanding and complying with all College policies and procedures, including but not limited to the Administrative Data Management and Access Policy. These policies include requirements for protecting and preserving the quality, integrity and confidentiality of administrative data records, as well as logical access controls to administrative data and other Albright technology resources. Data Classification standards, as documented in the Administrative Data Management and Access Policy, must be strictly adhered to.

Information Retention/Destruction/Archival Schedule:

Financial Data (Controller’s Office)

Type of Records Recommended Retention
Annual Audit Reports and Financial Statements Permanent
Annual Audit Records 7 years
Budget Information, including Projections 7 years
Accounts Receivable including Invoices 7 years
Accounts Payable including Invoices 7 years
Student Accounts Billing Records and Correspondence 7 years
Bank Statements, Bank Reconciliations, and Deposit and Check Information 7 years
General Ledgers including Journal Entries and Supporting Documentation 7 years
Endowment Agreements and Related Donor Documentation Permanent
Investment Transaction Records 7 years
Business Correspondence Retain 3 years, then review for need

Payroll Data

Type of Records Recommended Retention
W-2, W-4 and 1099 forms 7 years after termination
Time Sheets 7 years
Employee Deduction Authorizations 7 years after termination
Payroll Deductions 7 years after termination
Labor Distribution Cost Records 7 years
Payroll Registers 7 years

Human Resource Data

Type of Records Recommended Retention
Personnel At least 3 years and up to 7 years following termination of employment or until final disposition of a charge or action (if applicable)
Applications, Resumes, Selection, and Hiring At least 1 year after creation/receipt of the document or the employment decision
Termination 7 years
Time Cards 3 years
Collective Bargaining Agreements 7 Years
Form I-9 3 years after date of hire or 1 year after date of termination, whichever is later
Employee Background Checks 6 years from the date of the background check
Unemployment Insurance (PA) 4 years
Wage and Hour Records Recommended retention period is duration of employment plus 5 years
Employee Handbooks Permanent
Employee Benefit Plans Permanent
ERISA Plan Documents 6 years
FMLA Records 3 years
COBRA Recommended 6 years from date of the record
Tax At least 4 years from the date tax is due or paid
OSHA 300 Log (Log, annual summary, OSHA Incident Report forms) 5 years following end of corresponding calendar year

Student, Academic Data

Type of Records Recommended Retention
Academic Actions (dismissal, etc.) 5 years from graduation or date of last attendance
Academic integrity code violation: (and related case files) Permanent
Academic records (including narrative Evaluations, competency assessment, etc.) Permanent
Change of Course documentation (Cont. Ed., Summer, Extramural Studies) 5 years from date of enrollment
Change of Grade documentation Permanent
Change to Student ID Number Permanent
Class Lists (original) Permanent Consent to Release Personally Identifiable
Information (or non-disclosure requests) Kept until next academic year
Course Offerings Permanent
Curriculum Change Authorizations 5 years from graduation or date of last attendance
Disciplinary Records (findings of violation and related case files) Permanent where penalty imposed is probation, suspension, or expulsion
Enrollment Verifications 1 year from enrollment date
Grade Sheets Permanent
Graduation Lists Permanent
Hold or encumbrance authorization Until released
Name Changes Permanent
Original Grade Sheets Permanent
Student Class Schedules 1 Year from graduation or date of last attendance
Student Registration forms 1 year from registration
Term Reports 5-7 years depending on School
Transcripts Permanen
Transcript Requests 1 year from submission date
Transfer Credit Evaluations 5 years from graduation
Veteran Administration Certifications 5 years from graduation or date of last attendance
Withdrawal Authorizations/Leaves of Absence 2 years
Admissions documents for Applicants who do not enroll 2 years from date of start of application term
Advanced Placement Records 5 years from date of graduation or date of last attendance
Letters of Recommendation Until date of admission
Recruitment Materials Until date of enrollment
Residency Certificates Until date of enrollment
Residency Change Documents (non- Resident to Resident) 5 years from graduation or date of last attendance
Student Waivers for Right of Access Until graduation or date of last attendance
Transcripts (high school and other college) 5 years from graduation or date of attendance
International Student Forms (visa documentation, eta.) 5 years
Degree, grade, enrollment, racial/ethnic stats Permanent
Schedule of Classes (institutional) Permanent
State Reports Permanent
Catalogs Permanent
Commencement Programs Permanent
Student Counseling Records 7 Years
Health Center Records 7 Years

Student Financial Aid Data

Type of Records Recommended Retention
Financial Aid Records (for applicants who Do not enroll) 3 years from application date
Financial Aid Records (applicants who Enroll) 5 years from graduation date

Academic Personnel (Office of the Provost)

Type of Records Recommended Retention
Academic Search Records Same as HR
Annual Conflict of Interest Disclosure Statements 3 years
Grievances No cause findings: 3 years from determination; cause findings: Permanent
Personnel files, appointment letters, forms Same as HR
Tenure or promotion dossiers If approved, 3 years. If tenure denied, 3 years from end of term appointment
Trustee decisions regarding academic matters Permanent

Advancement /Alumni Data

Type of Records Recommended Retention
Alumni Records Permanent
Gift and Endowment Records Permanent for electronic records
Gifts of Art Permanent
Original Gift Letter Agreements (signed By President and donor) Permanent
Original gift letter (all others) Permanent
Planned gifts (trusts, life income, Agreements, annuities) real estate gifts Permanent

Contracts/ Leases

Type of Records Recommended Retention
Contracts, leases, and related documents 7 years

Grant Data (Academic Affairs, Advancement and Controller’s Office)

Type of Records Recommended Retention
Original Grant Proposal Permanent
Grant Agreement and Subsequent Modifications 7 years after close of grant
All Formal Correspondence including Requested IRS-Grantee Correspondence 7 years after close of grant
Final Grant Reports, both Financial and Narrative 7 years after close of grant
All Matching Support Documentation 7 years after close of grant

Facilities and Property Records

Type of Records Recommended Retention
Construction
As-built drawings Life of building plus 10 years
Contracts and agreements 7 years after expiration
Environmental Health & Safety
Employee chemical or biological exposure records Duration of employment plus 30 years
Employee medical records other than health insurance claim records and first aid records Duration of employment plus 30 years
Material Safety Data Sheets and/or Chemical Inventory List 30 years
Employee respirator medical evaluations Duration of employment plus 30 years
OSHA safety training records 3 years from date of training
Evacuation drill records 5 years
Fire protection systems records 5 years
Fume hood testing records 3 years
Hazardous waste disposal manifests/reports 3 years
Portable extinguisher training records 3 years
Radiation dose reports Permanent
Radiation safety training records 3 years
Radioactive materials license & Safety Committee reports Permanent
Radioactive material receiving/inventory records 3 years
Real Property
Documents for leases, licenses, construction Contracts, other temporary contracts <$50K 6 years after expiration of leases or contract term
Property deeds, easements, licenses, rights of Way, leases, rights of first refusal, Remainder Interests, mortgages Permanent
Title Insurance Policies 10 years after disposal of property

Corporate Records

Type of Records Recommended Retention
Accreditation Records Permanent
Articles of Incorporation Permanent
Minutes of the Board and Governing Committees Permanent
Bylaws Permanent
Tax Exempt Status/ IRS Determination Letter Permanent
Annual Corporate Filings Permanent
Certificate of Incorporation/ Corporate Records to the State Permanent

Patent and Trademarks

Type of Records Recommended Retention
Original executed invention disclosure forms Permanent
Original executed United State Patent and Trademark Office assignment forms Permanent
Original Letters, Patents Permanent
U.S. patent/application correspondence papers Permanent
U.S. patent/application filing papers 1 year after issuance of abandonment
Foreign patent/application-related work papers Permanent
Original registered Trademarks Permanent
Trademark-related work papers Permanent
Original executed licensing agreements Permanent
Licensing agreement-related work papers 7 years from expiration or termination of agreement
Royalty Records Life of technology/patent or trademark plus 7 years

Insurance Policies, Claim Information, and other Risk Management Data

Type of Records Recommended Retention
All Insurance Policies (liability, property, et al.) Permanent
Certification of insurance, Indemnification Agreements, Hold-harmless agreements, Contracts 7 years after expiration of agreement
Incident reports – injury / assault Permanent
Incident reports – all other reports 7 years after report date, unless claim develops
Claim Information Permanent

Public Safety Data

Type of Records Recommended Retention
Accident Reports 7 years
Crime Reports 7 years
Property Damage Reports 7 years
Releases and Waivers 7 years
Driver Credentialing Employees = 7 years; students = 7 years from date of graduation or withdrawal date
When the required retention period expires, the responsible office will initiate the process for the record’s destruction and disposal. The destruction of records shall be authorized by the Data Trustee in the responsible Office. All electronic records shall be destroyed in consultation with Information Technology Services. All paper records constituting Restricted or Highly Sensitive data records shall be destroyed by high quality shredding.

Information pertaining to any investigation, legal action or proceeding, litigation, audit, or program review in progress should not be destroyed even if the retention period or disposition date specified for the records has expired.

All active and permanent paper records should be archived in the respective areas of operation. All existing security protocols with regards to storing and safeguarding official Albright records should be strictly adhered to.

Enforcement

Where identified, Data Stewards from each area, in consultation with the Data Trustee are responsible for ensuring the compliance of this policy. When Data Stewards are not identified by the Data Access Policy referenced above, the appropriate office is identified by the Information Retention Policy.

Albright College employees are responsible for understanding and complying with all College policies and procedures, including but not limited to the Administrative Data Management and Access Policy. These policies include requirements for protecting and preserving the quality, integrity and confidentiality of administrative data records, as well as logical access controls to administrative data and other Albright technology resources. Data Classification standards, as documented in the Administrative Data Management and Access Policy, must be strictly adhered to.

Policy Purpose

Albright College is committed to effective information retention to preserve its history, meet legal standards, optimize the use of space and computer storage, optimize the cost of information retention, and ensure that outdated and useless records are destroyed.

APPROVALS AND REVISIONS

Approved by Cabinet, December 2017
 
For a printable copy of this policy, click here.