Approved by: Board of Trustees
History: Issued             --
Revised           --
Last Reviewed -- July 31, 2019
Related Policies: Information Security and Assurance Policy
Additional References: University Archives; Suggested Record Management Guidelines for University Offices and Departments
Responsible Official Chief Ethics and Compliance Officer tel. (202) 319-6170


I. Introduction

 

The Catholic University of America requires that different types of records be retained for specific periods of time, and that records be destroyed in an appropriate time and manner.

The Catholic University of America is committed to effective record retention to meet legal standards, minimize the cost of record retention, optimize the use of space, and ensure that outdated and useless records are destroyed. This policy applies to all records, whether maintained in hard (paper) copy, electronically, or in some other fashion. These guidelines pertain to all records generated by employees and staff of The Catholic University of America.

II. Definitions

 

A. Record means information that has been recorded in some fashion and can be retrieved. It provides permanent evidence of a business transaction, administrative function, or activity.

B. University Record means the original or a copy of any Record that was generated by administrative and academic offices in the conduct of University business. These can be either electronic or paper, an artifact, or audiovisual material.

III. Policy

 

This policy serves as a framework for the University's record retention program. Each office should consult this policy as a guideline while implementing a record retention program that addresses the specific needs of their office.

A. Retention and Maintenance of Records

 

The Catholic University of America requires that different types of records be retained for specific periods of time in accordance with Federal, State, and District of Columbia record retention mandates. Since the appropriate time periods for record retention are subject to ongoing statutory and regulatory changes, each office should develop its own records management program in cooperation with the Chief Ethics and Compliance Officer and the Office of General Counsel.

An effective record retention program needs to specify:

  • What to save;
  • Who will save it;
  • Where to save it;
  • How long to save it; and
  • How to destroy it.

Adherence to these guidelines allows the University to:

  1. meet legal standards for protection, storage, and retrieval;
  2. optimize space;
  3. minimize cost;
  4. protect the privacy of faculty, staff, and students; and
  5. preserve the University's history.

Any record that is relevant to pending to anticipated litigation, or that pertains to a claim, audit, agency charge, investigation or enforcement action, shall be retained at least until final resolution of the action. If faced with litigation, or anticipated or threatened litigation, an office's normal document destruction policy needs to be able to be temporarily suspended.

B. Confidentiality Requirement

 

Many records subject to record retention requirements contain confidential information (e.g., dates of birth, Social Security Numbers, and financial aid). These records are protected by federal, state and local statutes, including the Health Insurance Portability and Accountability Act (HIPPA), the Family Educational Rights and Privacy Act (FERPA), and the Gramm-Leach-Bliley (GLB) Act. It is essential that the retention policy of confidential records is consistent with the University's Information Security and Assurance Policy.

IV. Disposal and Destruction of Records

 

Documents should be retained as long as they are needed for business reasons and for the full duration of the legal retention period. If, after consulting with the Chief Ethics and Compliance Officer and the Office of General Counsel, it is appropriate to dispose of any records, they should be destroyed by:

  • Shredding or otherwise destroying in a manner that will prevent access to confidential paper information;
  • Erasing or destroying electronically stored data; or
  • Recycling non-confidential paper records.

If you have any questions about your responsibilities or the legal retention period, please contact the Chief Ethics and Compliance Officer (tel. 202-319-6170, CUA-COMPLIANCE@CUA.EDU) or the Office of General Counsel (tel. 202-319-5142, CUA-OGC@CUA.EDU). 

V. Electronic Record Procedures

 

Electronic records, including emails, are just as much a record as any traditional paper record and must be treated in the same way. Retention and disposition of electronic records depends on the function and content of the individual record.

University e-mail is considered a University record, except for personal e-mail. E-mails may be kept in either a printed or electronic format; the e-mail may be deleted if printed.

Individuals who keep electronic records in a paper format may send them to the University Archives according to the office's records retention schedules. It would be good practice to print out the most important electronic records and keep them along with the other records in a specific records series. Individuals who keep records in an electronic format must maintain those records in their office in a University approved format which can be transferred to the Archives in accord with the records management program for the individual's office. The University has a contract with an outside entity for preservation of the University's central data repositories, which includes PeopleSoft Financial, Student Administration, and other electronic files. All offsite arrangements for record retention must by approved by the Office of General Counsel, University Archives, and Technology Services.

VI. University Archives

 

All University records designated as having significant value to the University and having a retention period of "permanent" are eligible to be transferred to the University Archives.