Part 4 – Records Management

1. What is a University Record?

A University record is evidence of work activity, capturing decisions made and actions taken, which exists in many formats (paper and digital information/data).

Brock’s Records Policy uses the following definition:

University Record means any record:

  • in the custody or under the control of the University,
  • created or received, and maintained as evidence of University decisions, transactions, and relationships; and,
  • relevant to the administration and operation of University activities.
  • The Freedom of Information and Protection of Privacy Act (FIPPA), Section 2, defines a record as “any record of information, however recorded”, and then gives many possible examples of types of records

What is NOT a University Record?

Research records created by faculty does not fall under the definition of a University Record. Records related to activities planned and implemented by student run groups also do not constitute University Records.  In addition, Non-Records and Transitory Records are records that are generated in the day-to-day work of staff.

Non-Records are documents that are generated or acquired that don’t have impact on University business.

Examples of non-records include:

  • Emails or photos of a personal nature
  • Documents relating to an employee’s personal life (medical information, financial information, etc)
  • Catalogues or magazines from third parties

Transitory records have a temporary utility and are not required for statutory, legal, fiscal, administrative, operational, or archival purposes.  Despite their short-term value they may contain sensitive and confidential or personal information and should be disposed of in a secure manner. 

Examples of transitory records include:

  • Convenience copies retained for reference (e.g., digital copies of the official record in paper form and filed as the official record; “cc,” “bcc,” or FYI copies;
  • Copies of records retained when the original or primary record has been sent to another unit;
  • Drafts of documents that have not been finalized yet;
  • Routine emails to schedule or confirm meetings or events; and
  • Announcements and notices of a general nature.

2. Record Lifecycle

Every record in the university has a “lifecycle” from the moment of its creation to its ultimate destruction.  There are 4 stages of the document lifecycle.

Create: An information life cycle begins when useful or relevant information arrives at or is created within an organization in a wide variety of formats using different equipment and technologies

Use: Information is transmitted to those who need it and, upon receipt, is used in the conduct of University business

Store: Information is filed or stored according to a classification scheme to permit quick retrieval, housed in a storage location or device, and protected and maintained to safeguard the integrity of the information over time.  During this stage, information is viewed as either active or inactive.

Destroy or preserve: When information reaches the end of its retention period and has no legal, fiscal, or administrative value, it is securely destroyed or preserved permanently in an archive for historical reference or research purposes.

3. Where to store records?

Paper Records

Paper records should be stored in a secure and lockable locations such as:

  • An office
  • Filing cabinets
  • Secure room with limited access
  • A secure storage facility

Brock has a responsibility under the Freedom of Information & Protection of Privacy Act to safeguard records and preserve them for as long as legally required.

  • The location should be dry, free from pests (rodents, insects), and not close to machinery that generates a lot of dust or particulates.
  • Paper records need to be kept in a secure location to ensure unauthorized personnel do not access sensitive materials.

Electronic Records

University Records should be stored in secure locations, such as:

  • Shared drive
  • SharePoint​
  • Other departmental applications (such as Workday, Brock DB, etc)

Records stored in temporary storage locations should be transferred to these secure locations as soon as possible. Temporary storage locations include:

  • Laptop hard drive
  • Removable media (USB sticks)
  • OneDrive (good intermediate step)
  • Microsoft Teams
  • Paper records

These locations are not suitable for the long-term keeping of records as they are not readily accessible to other employees who may have a legitimate need to access them. Additionally, there are no controls or safeguards to these documents.

4. Retention Schedules

Retention schedules are documents that outline different kinds of records.  They define what falls within the records series, who the records stewards are, and how long the record needs to be kept.

The length of time (retention) of records is determined by 3 factors: Applicable legislation or retention, the Records Stewards, and University best practices.  Retention is determined by any single or combination of those factors.

There are 10 categories of record types, each having subcategories.

  • Administration & Governance
  • Campus Services
  • Communications & External Relations
  • Finances
  • Human Resources
  • Information Management
  • Property, Facilities, & Equipment
  • Research
  • Students
  • Teaching & Learning

All combined, there are 145 different retention schedules covering all types of records that the University generates.  A complete library of the retention schedules can be found here:

Records Classification and Retention Schedule (sharepoint.com)

If you feel that your document is not covered in the retention schedules, please contact the Records Coordinator (recordsmgmt@brocku.ca)

5. Destruction

There are two circumstances in which documents can be destroyed (either secure shredding or deletion)

  • A document has reached the end of its lifecycle, and there is no pending litigation or governmental audits.
    • A disposition form needs to be filled out (for both physical and electronic records)
    • The form needs to be signed by the manager/director/VP of the department with the records and General Counsel before destruction can take place.
      • Note: it cannot be authorized by the same person preparing the documents for destruction, it must be a different person authorizing the destruction with a manager/director/VP role within the same department
    • Disposition Procedure and Forms (sharepoint.com)

Destruction processes need to be followed appropriately to ensure compliance with all applicable legislation.  It also serves as proof during litigation and audit to demonstrate why the records are no longer available

Key Points

  • Check the Records Classification & Retention Schedule for information on how long to keep records
  • Have reasonable measures in place to preserve records
  • Store final versions of documents in a University system (e.g., SharePoint)
  • Dispose of records securely

Learn More…

License

Icon for the Creative Commons Attribution 4.0 International License

FIPPA & Records Management @ Brock University Copyright © by Marion Hansen, Manager, Privacy & Records Management is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book