Records Management Policy

Table of Contents

  1. Basic Principles
  2. Records Creation and Maintenance
  3. Records Preservation and Security
  4. Strategic Governance

Definitions:

Data Classification Scheme:  the university’s schema for classifying data and information to ensure the level of information protection and privacy is commensurate with the sensitivity and value of that data.

FIPPA: the Freedom of Information and Protection of Privacy Act, Revised Statutes of Ontario 1990, chapter F.31.

Information Custodian: a Unit Head or individual assigned responsibility by the Information Steward for collecting, storing or enabling access to information, and for maintaining appropriate controls to guard against unauthorized access or modification, and inappropriate use or disclosure, whether intentional or unintended.

Information Steward: the university officer or employee having primary responsibility for establishing local policies and procedures, in alignment with university policies, relating to access, use, retention and destruction of information, and for ensuring that it is protected from unauthorized access or modification, and inappropriate use or disclosure, whether intentional or unintended.   

Non-University Records: records created or received as a result of personal activities and usually including such items as research and study notes, teaching materials, publications and personal communications of individual faculty, staff and students.  Non-university records include:

  • records placed in the University Archives by or on behalf of a person or organization other than the university;
  • a record respecting or associated with research conducted or proposed by an employee of the university or by a person associated with the university, subject to exceptions pursuant to FIPPA; and
  • a record of teaching materials collected, prepared or maintained by an employee or by a person associated with the university for use at the university, subject to exceptions pursuant to FIPPA.

Personal Information: recorded information about an identifiable individual. 

Records Management System: an information system that captures, manages and provides access to records through time.

Records Retention Schedule:  a document governing the life cycle of a record, or series of records, providing the length of time the record is to be retained and its final disposition—whether destruction or transfer to the University Archives. 

University Records: records, in any media or format, within the university’s custody or under its control that are created or received, and maintained as evidence or information in the administration and operation of the activities of the university.

Purpose/Reason for Policy:

The purpose of this policy is to:

  • ensure responsible management of university records as valuable resources and assets in support of effective decision-making, protection of rights and entitlements, and preservation of corporate memory
  • support the protection of personal information by ensuring university records are managed and disposed of in an appropriate fashion
  • protect the university from the risks associated with inadvertent or inappropriate destruction of information
  • support accountability, and promote operational efficiency and economy
  • ensure compliance with relevant legislation

Scope of this Policy:

This policy applies to all university records in all media and formats, including but not limited to paper, electronic documents and files, email, photographs, film, audio and video, and drawings. 

This policy applies to all university employees (including faculty, staff, and students employed by Queen’s), as well as members of the Board of Trustees, volunteers, service providers and agents engaged by a department or employee, with respect to the university records they create and/or receive, use, handle, retain, store, transfer and dispose of, whether on campus or remotely.

This policy does not apply to non-university records.

Policy Statement:

Queen’s University will provide for the efficient and effective management of the university’s records.

1. Basic Principles

1.1 All university records, regardless of their format or location, are the property of the university.

1.2 Good records management practice is essential in creating, capturing, using and disposing of the information required for an organization to fulfill its obligations and meet the expectations of its stakeholders.

1.3 Queen’s University’s records management policy, program and practice will be based on current professional standards and best practices.

2.  Records Creation and Maintenance

2.1 University records in all formats created and received as evidence of university activities will be captured as records and maintained in a records management system.

2.2 Responsibility for capturing and maintaining university records rests with the organization as a whole and with individuals within the organization.

2.3 The context and structure of university records will be managed in any records management system, in order to maintain record security, reliability and authenticity.

2.4 Retention of university records will be scheduled under authorized records retention schedules so that they are retained only for as long as they are needed.

3.  Records Preservation and Security

3.1 University records will be classified and managed in accordance with the Queen’s University data classification scheme to protect them from inappropriate access, use, disclosure, alteration and disposal.

3.2 University records of archival value will be preserved and access provided where restrictions do not apply.

3.3 University records, being the property of the university, may not be removed from its control or destroyed except under the authority of this policy.

3.4 Notwithstanding the authorized records retention schedules, university records pertaining to an ongoing or reasonably anticipated investigation, legal action or proceeding, freedom of information (FIPPA) request, audit or program review will be retained for as long as necessary.

4. Strategic Governance

4.1 The Director, University Records Management and Chief Privacy Officer shall establish an advisory committee (the committee) to make recommendations to the Director on institutional strategic direction and governance on records management policy and strategy.  The committee will be responsible for the evaluation and review of records management policies and procedures, including the review of all university records retention schedules before application/implementation.

4.2 The committee will consist of senior level employees (or their delegates) with appropriate subject-matter expertise, as well as key information stewards both in administrative units and faculties.

Responsibilities:

The Director, University Records Management and Chief Privacy Officer will:

  • provide leadership and strategic management of university records as valuable information assets
  • establish an advisory committee to make recommendations to the Director on institutional strategic direction and governance on records management policy and strategy
  • collaborate with the University Archives to design, create, implement and maintain a university-wide records management program
  • develop procedures and guidelines and other user-friendly tools to support implementation by university departments and units
  • provide training and advisory services to employees of university departments and units so that the policy and procedures are understood and applied
  • maintain a network of records management contacts across university departments and units for the purpose of information-sharing, feedback, and continuous program improvement

The University Archivist will:

  • preserve university records that are designated as being of archival value under an authorized records retention schedule

All Information Stewards will:

  • ensure that all university records under their responsibility are captured in a records management system
  • ensure that records retention schedules are prepared and followed for the university records under their responsibility, and that the disposal (either destruction or transfer to the University Archives) of university records is authorized and documented
  • notwithstanding the authorized records retention schedules, ensure that university records pertaining to an ongoing or reasonably anticipated investigation, legal action or proceeding, freedom of information (FIPPA) request, audit or program review are retained for as long as necessary
  • ensure that university records are classified and managed in accordance with the Queen’s University data classification scheme to ensure they are protected from unauthorized access or modification, and inappropriate use or disclosure, whether intentional or unintentional

All Information Custodians and Unit Heads will:

  • appoint a suitable staff member to serve as the point of contact for records management activities within the department or unit
  • ensure employees in their department or unit are aware of this policy and appropriately trained
  • ensure all other individuals to whom the policy applies who are engaged by, or work with, their department or unit are aware of this policy and appropriately trained

All university employees, members of the Board of Trustees, volunteers, contractors and agents will:

  • ensure the effective management of university records in accordance with this policy and any procedures made hereunder

 

Contact Officer: Director, University Records Management and Chief Privacy Officer

Date for Next Review: 2022/07/01

Related Policies, Procedures and Guidelines:

Electronic Information Security Policy Framework

Access to Information and Protection of Privacy Policy

 

 

Policies Superseded by This Policy: Records Management Policy (revision of May 2, 2016)