Electronic Records Management Policy
Purpose:
To provide for the proper preservation, retention, and disposal of official University electronic records, including records that have enduring historical and research value.
Northern Michigan University is responsible for ensuring that its official records are retained to meet the administrative, fiscal, legal, and historical requirements of the University. The primary purpose of this policy statement is to provide NMU offices, departments, and programs, guidance in the creation, management, protection, and disposition of electronic records. The statement also provides guidance to ensure the authenticity and reliability of electronic records over time.
Policy:
This policy applies to all electronic records, including digital images, created by Northern Michigan University offices, programs, departments, and employees in the course of carrying out their official duties and/or functions. Such documents are official records of the University and therefore are considered public records.
Electronic records created by offices and staff of Northern Michigan University are public records and are subject to all applicable state and federal statutes. Failure to manage electronic records responsibly could result in costly lawsuits, court imposed sanctions, and/or fines.
Electronic records meet the definition of a legal public record but are created, generated, sent, communicated, received, or stored by electronic means in a digital form. These records may be scanned into a computer system from a hardcopy, paper original, or they may be “born digital”, meaning they were created using computer technology. Common types of digital records include word-processed documents, spreadsheets, multimedia presentations, e-mail, websites, and online transactions.
All electronic records created by offices and staff of Northern Michigan University must be managed and disposed of according to an approved records retention and disposition schedule. The Michigan Penal Code (MCL 750.491) establishes misdemeanor penalties for disposing of records without the authorization of an approved Retention and Disposal Schedule. Northern Michigan University administrators and supervisors are responsible for ensuring that relevant staff are aware of the provisions in the schedule and follow them. The University Archivist does not audit agencies and assess penalties. However, courts may penalize agencies for failing to follow an approved Retention and Disposal Schedule.
Policy Statement Regarding Management and Disposition of Electronic Mail
The University regards its e-mail system as a tool to facilitate daily communications of a transitory nature between employees and external parties relative to current business matters and not as a platform for the long-term preservation of official, mission-critical, or vital records. More specifically, the University’s e-mail system is not authorized for purposes of the retention of stored records. The University desires to retain only those records needed to provide historical documentation of official University actions and that comply with applicable laws. All other records, including e-mail, should be systematically disposed of. Accordingly, the University adopts the following retention requirements on e-mail.
- Legal Status, Content, and Rights of Access
The University declares that all e-mail messages and attached documents are the property of the University and are therefore subject to reasonable management controls. E-mail is not authorized for any purpose other than the conduct of official University business. Faculty and staff are advised that they can make no presumption of any right of privacy with respect to e-mail. The University declares that it retains the right to access all e-mail files, just as it retains right of access to any other official University record. Finally, faculty and staff are advised that from a legal point of view e-mail messages are discoverable in litigation to the same extent as any other University record.
All e-mail must be as formal and businesslike as the situation dictates. Employees should construct the content of every e-mail message with the same care as if it were a paper letter or memorandum. The inclusion of remarks of a derogatory nature are is strictly prohibited.
- E-mail Retention and Disposition Policy
Except as provided below, the maximum retention period for e-mail shall be 30 days after the message is opened and read by its recipient, but faculty and staff are encouraged to delete the messages DAILY, immediately after reading, replying, or taking other action concerning them. This policy applies to documents attached to e-mail messages as well as to the messages themselves.
- E-mail of Long-Term Value
If the content of an e-mail message (or a document(s) attached to said message) possesses value for longer than 30 days and relates to an established records series appearing in the Records Retention and Disposition Schedules, it should be made a part of that established file and retained appropriately as per the retention period in the schedules. In such cases, faculty and staff are required to:
A. Generate a hard copy printout and place it into the proper paper file for further retention in accordance with the Records Retention and Disposition Schedules; or
B. Migrate the message (and/or attached documents) from the e-mail system to another software program, if available, and save it for the retention period specified in the Records Retention and Disposition Schedules.
E-mail Related to Litigation or Government Investigation
If the content of an e-mail message is related to actual or potential litigation or a government investigation, it may not be destroyed without the expressed written approval of the University General Counsel. This restriction begins from the moment at which any employee gains knowledge that litigation or a government investigation is reasonably anticipated (even though the lawsuit or investigation has not yet officially commenced) and continues until removed by University General Counsel. The term “reasonably anticipated” is defined as the point in time at which a University employee initially gains knowledge that any particular record or document relates to an actual or potential lawsuit or government investigation.
REFERENCES
NMU Board of Trustees, Statement on Records Management (August 2, 1991)
NMU Electronic Records – Definitions, Authority, and Guidelines
M.C.L.A. 15.232 (1)
M.C.L.A. 18.1285 (2)
Records Reproduction Act (P.A. No. 116 of 1992)
INITIATING DEPARTMENT/DIVISION
Academic Affairs, 906-227-2920
Academic Information Services, 906-227-2117
For implementing instructions, please click here: Central Upper Peninsula and Northern Michigan University Archives
NMU ELECTRONIC RECORDS
DEFINITIONS, AUTHORITY, AND GUIDELINES
PURPOSE
To provide the definitions, legal authority, and guidelines in support of NMU’s Electronic Records Management policy.
A. Reasons for Electronic Records Management at Northern Michigan University
- Legal Liability
Electronic records created by offices and staff of Northern Michigan University are public records and are subject to all applicable state and federal statutes. Failure to manage electronic records responsibly could result in costly lawsuits, court imposed sanctions, and/or fines.
- Costs Associated with Storing Unnecessary Electronic Records
Retaining unnecessary electronic records over a long period of time is expensive and inefficient. Electronic data storage adds to overall office costs in the following ways:
· electronic records require periodic backups and restoration
· staff must regularly conduct quality and error checking
· electronic records may require relocation to nearline or offline systems
· staff must regularly conduct system performance evaluations
· meeting additional data protection demands overtime
- Retention of Electronic Records identified as having historical or “continuing” value
In general, the University Archivist has identified five to ten percent of Northern Michigan University’s official records as having historical value, meaning these records must be maintained permanently. Unfortunately, electronic media is not an acceptable method for the long term storage of permanent records because of rapid software and hardware obsolescence and the instability of magnetic or optical media. An electronic records management program allows for the identification of records with historical value and ensures their long term preservation.
B. Policy and Statutory Authorization for Electronic Records Management
1. Legal Public Records
a. What is a legal public record?
Michigan law defines a legal public record as those materials (regardless of physical form) created, received, and filed in an office supported by tax dollars.
"Record" or "records" means a document, paper, letter, or writing, including documents, papers, books, letters, or writings prepared by handwriting, typewriting, printing, photostatting, or photocopying; or a photograph, film, map, magnetic or paper tape, microform, magnetic or punch card, disc, drum, sound or video recording, electronic data processing material, or other recording medium, and includes individual letters, words, pictures, sounds, impulses, or symbols, or combinations thereof, regardless of physical form or characteristics. M.C.L.A. 18.1284(b) "Public record" means a writing prepared, owned, used, in the possession of, or retained by a public body in the performance of an official function, from the time it is created. M.C.L.A. 15.232 (c)
b. What is an electronic (or digital) record?
Electronic records meet the above definition but are created, generated, sent, communicated, received, or stored by electronic means in a digital form. These records may be scanned into a computer system from a hardcopy, paper original, or they may be “born digital”, meaning they were created using computer technology. Common types of digital records include word-processed documents, spreadsheets, multimedia presentations, email, websites, and online transactions.
c. What is an authentic electronic record?
Authentic electronic records are those records that include the following information:
· Content. Factual information in the record that documents University business
· Context. Information that shows how the record is related to the business of the office and/or department and other records
· Structure. Technical characteristics of the records, such as file format, data organization, page layout, hyperlinks, headers, and footnotes
A proper recordkeeping system is the best way to maintain content, context, and structure of a record.
2. Statutory and Policy Basis for Electronic Records Management at NMU
NMU Board of Trustee Policy (August 2, 1991), "Statement on Records Management," specifies that records of the official activities of the University officers and offices are the property of Northern Michigan University and that such property is not to be destroyed without the approval of the Archivist. See NMU Administrative Policies Manual at http://www.nmu.edu/www-sam/ humanres/AdminPoliciesMan/Archives.htm
The Records Media Act (116) of 1992 allows public agencies to officially reproduce public records by using one of four technologies: photocopying, photographing, microfilming, and digital imaging. All digital images must be stored on optical disks according to this law. The legislation also mandates the promulgation of Administrative Rules to regulate the use of digital imaging technology.
Michigan law also specifies agency obligations and responsibilities towards the maintenance and disposition of these records including the necessity for development of retention and disposal schedules for them. See M.C.L.A. 18.1285(2).
Michigan Freedom of Information laws also impact public record retention and disposition and speak to the need for public agencies and offices to have formally approved disposition and retention schedules. The Freedom of Information Act entitles all persons to full and complete information about the affairs of government and the official acts of its public officials and employees. Specific language is found in M.C.L.A. 15.231(2).
Upon an oral or written request which describes the public record sufficiently to enable the public body to find the public record, a person has a right to inspect, copy, or receive copies of a public record of a public body, except as otherwise expressly provided by section 13. M.C.L.A. 15.233(1)
C. Application of Records Retention and Disposition Schedules
All electronic records created by offices and staff of Northern Michigan University must be managed and disposed of according to an approved records retention and disposition schedule. The Michigan Penal Code (MCL 750.491) establishes misdemeanor penalties for disposing of records without the authorization of an approved Retention and Disposal Schedule. Northern Michigan University administrators and supervisors are responsible for ensuring that relevant staff are aware of the provisions in the schedule and follow them. The University Archivist does not audit agencies and assess penalties. However, courts may penalize agencies for failing to follow an approved Retention and Disposal Schedule.
The following is a typical records retention and disposition schedule at NMU:
Requirements for Electronic Records System Planning and Data Management
Safeguarding and protecting the University’s data is essential for maintaining business continuity. When seeking to create/maintain any form of electronic records, staff must consider several factors. The following data elements are required to ensure the reliability, accuracy, security, and accessibility of electronic records.
Metadata – Proper management of electronic records requires documentation of their creation, purpose, and retention. Metadata, or data about data, serves as a guide to assist in the daily administration of electronic data. The vendor or developer is required to provide accurate, up-to-date documentation.
Servers
- Person(s) responsible for servers are specifically identified
- Operating system security is maintained
- Operating system software is maintained and updated on a scheduled basis as available
- Sensitive data is protected by firewalls
- Servers are replaced on a timely basis
- Physical access is limited to appropriate personnel
Application Software
- Security to and within an application is maintained by designated person(s)
- Software is maintained and updated on a scheduled basis as available
- Test environment is required as appropriated to review and test upgrades/changes propr to placing upgrades/changes in production
- Established backup and recovery procedures are required to be maintained in writing under the responsibility of a designated person(s) and tested bi-annually.
Data Base Software
- Security to and within an application is maintained by designated person(s)
- Software is maintained and updated on a scheduled basis as available
- Test environment is required as appropriate to review and test upgrades/changes prior to placing upgrades/changes in production
- Established back up and recovery procedures are required to be maintained in writing under the responsibility of a designated person(s) and tested bi-annually
- Archiving of data is made only with a record retention schedule approved by the University Archivist, a written plan assuring data is readable during the retention period and identifying the person responsible for final data destruction
D. Electronic Mail (E-mail) Retention and Disposition Guidelines
Definition of Electronic Mail
Electronic mail (e-mail) is a means of exchanging messages and documents using computers. A complete e-mail message includes the contents of the communication, the transactional information (dates and times that messages were sent, received, opened, deleted, etc.; as well as aliases and members of groups), and any attachments. E-mail has become critical to business operations.
E-mail messages are public records when they are created and/or received by a University employee in the performance of his/her official duties. Thus, e-mail conforms to the definition of public records as stated above. Management and disposition of e-mail is subject to the same rules and regulations as those that govern the management of paper records.
Most e-mail should fall under University general and office specific records retention and disposition schedules. Transitory messages are records that have very limited administrative value and should be retained until they no longer serve a purpose. Transitory messages do not set policy, establish guidelines or procedures, document a transaction, or become a receipt. For instance, an e-mail message notifying employees of a meeting would only have value until the meeting is held.
Retention and Disposition of E-mail
No single retention and disposition schedule exists for e-mail. Each record’s informational content determines the value of e-mail. In general, office staff will retain non-transitory e-mail messages for the same length of time as the record was in hard copy format. The following guidelines will assist staff in the disposition of email:
- University offices, departments, and programs should contact the University Archivist when e-mail records fall outside University general or office specific retention schedules;
- E-mail records should be maintained in a useable format throughout the approved retention period. If the record is maintained in an electronic format, it should be migrated to new software and storage media as the upgrades occur. If office staff prints out and retains the record in paper form, it should be filed in the relevant record series;
- E-mail records should be deleted promptly as soon as the approved retention period has expired;
- Office staff should remember to apply retention periods for e-mail back-up tapes;
- In the case of committees, taskforces, or work groups, the project director and/or chair is responsible for the proper retention and disposition of official email.
The following categories of messages usually belong to a University general or office specific records retention and disposition schedule.
- Policy and Procedure Directives
- Correspondence or memoranda related to official university business
- Agendas and minutes of meetings
- Documents related to legal or audit issues
- Messages which document office actions, decisions, operations, and responsibilities
- Documents that initiate, authorize, or complete a business transaction
- Drafts of documents that are circulated for comment or approval
- Final reports or recommendations
- Appointment Calendars
Policy Statement Regarding Management and Disposition of Electronic Mail
The University regards its e-mail system as a tool to facilitate daily communications of a transitory nature between employees and external parties relative to current business matters and not as a platform for the long-term preservation of official, mission-critical, or vital records. More specifically, the University’s e-mail system is not authorized for purposes of the retention of stored records. The University desires to retain only those records needed to provide historical documentation of official University actions and that comply with applicable laws. All other records, including e-mail, should be systematically disposed of. Accordingly, the University adopts the following retention requirements on e-mail.
- Legal Status, Content, and Rights of Access
The University declares that all e-mail messages and attached documents are the property of the University and are therefore subject to reasonable management controls. E-mail is not authorized for any purpose other than the conduct of official University business. Faculty and staff are advised that they can make no presumption of any right of privacy with respect to e-mail. The University declares that it retains the right to access all e-mail files, just as it retains right of access to any other official University record. Finally, faculty and staff are advised that from a legal point of view e-mail messages are discoverable in litigation to the same extent as any other University record.
All e-mail must be as formal and businesslike as the situation dictates. Employees should construct the content of every e-mail message with the same care as if it were a paper letter or memorandum. The inclusion of remarks of a derogatory nature are is strictly prohibited.
- E-mail Retention and Disposition Policy
Except as provided below, the maximum retention period for e-mail shall be 30 days after the message is opened and read by its recipient, but faculty and staff are encouraged to delete the messages DAILY, immediately after reading, replying, or taking other action concerning them. This policy applies to documents attached to e-mail messages as well as to the messages themselves.
- E-mail of Long-Term Value
If the content of an e-mail message (or a document(s) attached to said message) possesses value for longer than 30 days and relates to an established records series appearing in the Records Retention and Disposition Schedules, it should be made a part of that established file and retained appropriately as per the retention period in the schedules. In such cases, faculty and staff are required to:
C. Generate a hard copy printout and place it into the proper paper file for further retention in accordance with the Records Retention and Disposition Schedules; or
D. Migrate the message (and/or attached documents) from the e-mail system to another software program, if available, and save it for the retention period specified in the Records Retention and Disposition Schedules.
E-mail Related to Litigation or Government Investigation
If the content of an e-mail message is related to actual or potential litigation or a government investigation, it may not be destroyed without the expressed written approval of the University General Counsel. This restriction begins from the moment at which any employee gains knowledge that litigation or a government investigation is reasonably anticipated (even though the lawsuit or investigation has not yet officially commenced) and continues until removed by University General Counsel. The term “reasonably anticipated” is defined as the point in time at which a University employee initially gains knowledge that any particular record or document relates to an actual or potential lawsuit or government investigation.
E. Areas of Responsibility for Electronic Records Management
Areas of Responsibility for Electronic Records Management
Functional Area Responsibilities
University Archivist |
Participate in planning for information systems and review their implementation to ensure conformance to policy and procedure Conduct records inventories and develop records retention and disposition schedules Review existing information systems to ensure that disposition of records in the system has been authorized Approve new or proposed information systems to ensure they comply with University policy Oversee implementation of disposition instructions |
Department heads, directors, and supervisors |
Determine what information is needed to support administrative functions Identify the purposes, informational content, of data applications supported by automated systems Work with the University Archivist to formulate retention schedules |
Information Systems Manager |
Identify all program and administrative activities that use or need digital records systems Ensure that information in electronic form is protected, preserved, and accessible for its full retention period Implement authorized disposition instructions for digital records that are maintained centrally |
REFERENCES
Best Practices for Reproducing Public Records
Best Practices for the Capture of Digital Images from Paper or Microfilm
Technical Standards for Capturing Digital Images from Paper or Microfilm
Date Approved: | 4-18-2007 |
Last Revision: | 6-5-2019 |
Last Reviewed: | 6-5-2019 |
Approved By: | President |
Oversight Unit: | RECORDS |