Guide: ISO / Document retention and destruction

Miami University guideline provides protection of documents and records containing confidential information from unauthorized access or disclosure

Objective

• To provide Miami University faculty and staff with a guide to secure document/record retention and destruction 

User

• Miami University faculty and staff

Environment

• IT Services Security, Compliance, and Risk Management

Guidelines 

• Documents that include confidential information need to be secured during printing, transmission (including faxing), storage and disposal to protect from unauthorized access or disclosure
• Store paper documents that contain confidential information in locked file cabinets
• Do not leave paper documents containing confidential information unattended; these documents need to be protected from the view of passers-by or office visitors
• Immediately retrieve confidential documents that are printed on copy machines, fax machines and printers
• When printing reports, include only necessary information and do not include confidential data you do not want accidentally disclosed if it is not absolutely necessary
• Double check fax messages containing confidential information and be sure to recheck the recipient's number before you hit start
• Never dispose of paper documents containing confidential data in unsecured recycle bins or in wastebaskets
• Shred confidential paper documents that are no longer needed and secure such documents until shredding occurs. Some records created by University offices warrant permanent retention and access and must be retained in accordance with the University's Retention Manual. Before shredding University records, you must receive authorization from the Office of the University Secretary prior to disposal. The University's Retention Manual and supporting documentation — including the form you must use to request disposal of records — can be found on the University General Counsel page on Records and Retention
• Email (or any electronic correspondence) may be considered a record and therefore would need to be retained. This does not apply to junk mail, spam, or personal e-mail. To determine if an e-mail meets the definition of a record, review our Guide: Determine qualification of email (or any electronic correspondence) as a retainable record 
• Questions on records retention can be directed to Aimee Smart via email in the Office of General Counsel

 

---

Revision History

• 25 May 2017: links added, updated, and corrected
• 08 June 2017: related document added
• 14 January 2019: links added, updated, and corrected

 

Related Document

• Miami University Policy Library: Records Retention, Electronic Records, and Signatures (MUPIM 16.10/OAC 3339-16-10)