Employees of Concordia University, St. Paul are expected to create and maintain many documents using computers. Electronic records must be managed similarly to traditional records in order to ensure compliance with state and federal regulations and to preserve the history of Concordia University, St. Paul. The purpose of this policy is to inform Concordia University employees and departmental management of the requirements and responsibilities for management and disposition of electronic records.
The electronic records retention policy set forth herein applies to all employees of the University and applies to all electronic records that are made or received in the transaction of University business.
The term “electronic record” means any record that is created, received, maintained or stored on University local workstations or central servers. Examples include, but are not limited to:
- electronic mail (e-mail)
- word processing documents and spreadsheets
The term “legal custodian” shall mean the originator of an e-mail message or the creator of an electronic document if that person is a University employee; otherwise it is the University employee to whom the message is addressed or to whom the electronic document is sent. If the record is transferred, by agreement or policy, to another person for archival purposes, then that person becomes the legal custodian.
“Official” records retention and disposition schedules are the general and departmental program schedules that have been approved by the University.
- Policy Statement
Maintenance and disposal of electronic records, as determined by the content, is the responsibility of the legal custodian and must be in accordance with guidelines established departmental management and also in compliance with State and University approved records retention and disposition schedules. Failure to properly maintain electronic records may expose the University and individuals to legal risks.
The department head of an office having public records is responsible for ensuring compliance with this Policy and with the Public Records Act. When an employee leaves a department or the University, the department head is responsible for designating a new custodian and ensuring that any public records in the separating employee’s possession are properly transferred to the new custodian. The department head is responsible for contacting Information Technology Services to arrange for the transfer of the electronic records to the new custodian before the accounts are scheduled to be deleted.
University e-mail addresses are given to employees for work purposes only. Work-related e-mail is a University record, and must be treated as such. E-mail users must take responsibility for sorting out personal messages from work-related messages and retaining University records as directed in official records retention and disposition schedules as determined by the department head. E-mail that does not meet the definition of a public record, e.g., personal e-mail, or junk e-mail, should be deleted immediately from the system. Concordia University’s e-mail servers are NOT intended for long-term record retention. E-mail messages and any associated attachment(s) with retention periods greater than three (3) years are to be printed and filed in similar fashion to paper records. It is important to note that the e-mail message should be kept with the attachment(s). The printed copy of the e-mail must contain the following header information:
- who sent message
- who message was sent to
- date and time message was sent
When e-mail is used as a transport mechanism for other record types, it is possible, based on the content, for the retention and disposition periods of the e-mail and the transported record(s) to differ. In this case, the longest retention period shall apply.
The University does not support the use of Instant Messaging (IM) for University business.
Information & Technology Backup Files
The Department of Information & Technology performs backups on a regular schedule of the e-mail and electronic files stored on central servers for disaster recovery. These backups are to be used for system restoration purposes only. These backups are kept by the department for a period of 4 weeks at which time the backups are erased. The IT system administrator is not the legal custodian of messages or records which may be included in such backups. The legal custodian of the documents or emails is personally responsible for ensure any retrievable backups.
When litigation against the University or its employees is filed or threatened, the law imposes a duty upon the University to preserve all documents and records that pertain to the issues. As soon as University Counsel is made aware of pending or threatened litigation, a litigation hold directive will be issued to the legal custodians. The litigation hold directive overrides any records retention schedule that may have otherwise called for the transfer, disposal or destruction of the relevant documents, until the hold has been cleared by University Counsel. E-mail and computer accounts of separated employees that have been placed on a litigation hold by University Counsel will be maintained by Information Technology Services until the hold is released. No employee who has been notified by University Counsel of a litigation hold may alter or delete an electronic record that falls within the scope of that hold. Violation of the hold may subject the individual to disciplinary action, up to and including dismissal, as well as personal liability for civil and/or criminal sanctions by the courts or law enforcement agencies.
Failure to comply with the Electronic Records Retention Policy and associated guidelines and procedures can result in disciplinary action and penalties applicable by law.
Last modified: January 25, 2018