University Records Policies
The University of Denver creates, manages and uses a wide variety of records to conduct its affairs and support its educational mission. As a result, DU has instituted a records management program and a University Records Management Policy governing the handling of its records. The purpose of the records management program is to assist the University in complying with legal record-keeping requirements, managing risk, and preserving the history of the University.
Records Retention Schedule
The University Records Retention Schedule defines how long record types should be retained; the record type's owner (in other words, the office, division or department primarily responsible for a record type); and the ultimate disposition of the record when the retention period expires–destruction or permanent retention in an archival environment. Retention periods and dispositions are based on legal and regulatory requirements; best practices; and the administrative, fiscal, legal and historic value of the content. The records retention schedule applies to all record formats, including electronic records.
Litigation Hold Policy
As explained in the Litigation Hold Policy, the University has a legal obligation to preserve evidence and records, including electronic documents, which are relevant to a pending or potential lawsuit, government audit, or administrative proceeding. General Counsel will issue a Litigation Hold Notice when a lawsuit, government audit, or administrative proceeding dictates that certain records be retained until the matter is resolved. Any person receiving a Litigation Hold Notice is responsible for preserving and maintaining all relevant records.
Central Business Files Policy
Pursuant to the Central Business Files Policy, the Senior Vice Chancellor for Business & Financial Affairs maintains central business files as the official corporate records with a unified inventory of those records and documents. Records within the central business files are kept in a secure facility. Central business files include the business and financial records of the University and are housed in four locations: the vault in the Mary Reed Building, the Controller's fireproof cabinet, the safety deposit box and the Cashier's vault. Original files are kept for all property, notes, securities, deeds of trust, indentures, patents, intellectual property licenses, leases and other material as may be deemed appropriate.
Requirements for Secure Computing Policy
Information Technology's Requirements for Secure Computing Policy assures that protected information remains private. When storing data electronically, the Policy's Electronic Data Protection section imposes the following requirements:
- Protected information may be stored only in approved storage locations.
- Protected information stored on office computers, home computers and laptops must be encrypted. (See Software and Procedures Approved by Information Technology for an approved, easy-to-use encryption tool.)
- Before computers and rewritable storage media (e.g., hard disks, other magnetic media, and flash memory devices such as key chain storage devices) are transferred between University departments or to different employees within a department, all files that the recipients are not explicitly authorized to access must be deleted and free space must be erased. (See Software and Procedures Approved by Information Technology for an approved tool for erasing free space.)
- When computers and rewritable storage media are discarded or sold outside the University, rewritable storage media must be erased by overwriting with meaningless data. (See Electronic Equipment Disposal Guidelines and Software and Procedures Approved by Information Technology for additional information.)
- Media such as CDs and DVDs that are not rewritable must be physically destroyed before they are discarded.