Identifies record retention periods established by New York State and provides guidance on safeguarding and disposal of financial, health legal and student records.
I. POLICY, PURPOSE and SCOPE
It is the policy of the SUNY Old Westbury (College) to adhere to the record retention and disposition guidelines set forth by the State University of New York (SUNY) and of the State of New York. This policy seeks to promote compliance with state and other legal requirements for record retention and improve operational efficiencies within the College. It does not apply to records of the Auxiliary Service Corporation, the Old Westbury College Foundation or the Campus Research Foundation Office. Such records may be subject to additional record retention obligations.
Each Vice President and Department Head is responsible for implementing control procedures, securing confidential and sensitive records, and monitoring adherence to this policy for organizational units in their division or department.
The Records Coordinator (appointed by each area Vice President or Department Head), serves as liaison between the organizational units and the Record Management Officer. The Records Coordinator provides guidance to the units in implementing the College's record keeping policies, procedures, and assists in preparing the required reports shown in Exhibits 1 and 2.
The Records Management Officer is responsible for coordinating record management activities campus wide, maintaining the campus’ inventory of records and reporting to SUNY. The Record Management Officer serves as a liaison to the Record Coordinators and SUNY’s Records Management Officer/Director of Compliance. The Record Management Officer annually reports to SUNY any disposition actions taken by the campus during the previous academic year.
The College’s Internal Control Officer will periodically perform control reviews to determine compliance with this policy and applicable College standards and procedures.
- A Vice President, for the purpose of this policy, is any member of the President’s Cabinet.
- A Department Head, for the purpose of this policy, is the Chief of University Police or the Chief Information Officer.
- The Internal Control Officer is the College official responsible for reviewing and reporting on the College’s program of internal controls, including policies and procedures, in accordance with the NYS Governmental Accountability, Audit and Internal Control Act.
- An Organizational Unit is an essential function within the division or department that aids in the accomplishment of the division’s mission. These include academic and administrative departments and offices.
- College Standards and Procedures are those policies that represent the College’s official position with respect to significant issues that affect the entire College. Included are standards and procedures that currently exist, those that may be adopted in the future and those that may be modified, amended or supplemented.
- A Record, as presently defined, may include any book, paper, microform, computer-readable tape, disc or other media, map, photograph, film, video and sound recording, or other documentary material, regardless of physical form or characteristics, made or received by the College in pursuance of law or in connection with the transaction of College business. It is retained by the College as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities.
- Active Records are records needed to support the current business activity of a division, department or administrative office.
- Inactive Records are records for which the active period has passed, and which are being held for the remainder of the specified retention period.
- Vital Records are records that are essential to resume business or continue the College’s operations; the records necessary to recreate the financial or legal position of the College, or to preserve the rights of the university, employees or students.
- Record Convenience Copies are copies of a record that are created for convenience, reference, or research. Convenience copies may be in any medium (e.g., voice mail, fax, email, hard copy). These copies can be disposed of at any time they outlive their usefulness.
- E-Mail Messages are the incoming and outgoing e-mail communications, including attachments, used to distribute information and documents, announce or schedule meetings, and conduct formal and informal communications.
- The Retention Period is the minimum required length of time for which an organizational unit is responsible for the maintenance of records according to NY State guidelines.
The Division VPs, Department Heads, Record Coordinators and the Record Management Officer must ensure that:
Active Records: All active files should be maintained within the unit’s workspace for two years, in correctly labeled file cabinets or storage shelves and that such files are stored in a secure location.
Inactive Records: All inactive files should be stored in the unit’s designated storage facility in correctly labeled storage boxes. Each box should be labeled with the unit name, contents, date of contents and destruction date. The retention period generally varies from one to ten years but there are some records that are to be stored permanently. See Section V- SUNY and NEW YORK STATE RETENTION SCHEDULES for specific periods.
Legal Hold: Division VPs and Department Heads are responsible for coordinating with the College’s Human Resources Office to ensure records associated with a Legal Hold are properly collected and stored. Records that have a hold status will be retained and exempted from retention schedule, shall be isolated and access will be limited to only necessary individuals to protect the confidentiality, integrity and availability of these records.
Inventory of Records Kept: Record Coordinators, in consultation with the Record Management Officer, should maintain an inventory of items stored in their storage facility, to be updated and periodically reported to the Internal Control Officer (ICO). A Sample Records Management Schedule, which can be used to monitor and report critical records data, is included in Exhibit 1. The report to the ICO should include a full inventory as well as information on what records have been destroyed, discarded or added during the quarter. A Sample Records Management Certificate of Destruction document is included in Exhibit 2. Regardless of where inactive records are stored, the originating unit is responsible for maintaining files or logs describing the contents of stored records, and for retrieving records upon official request. All records should be indexed in a systematic manner, by subject matter, regardless of the storage medium or location.
Security and Safeguarding: Record Coordinators, in consultation with the Record Management Officer, must ensure that all confidential and sensitive records are properly secured and destroyed. The storage location must provide appropriate confidentiality and protection from unauthorized inspection, theft or physical damage due to a fire, flood or natural disaster. At the end of the appropriate retention period, inactive records shall be discarded or destroyed according to the applicable schedule. Records containing personal and confidential information must be shredded. For bulk shredding, contact the Facilities Department’s Manager of Institutional Services. The disposal process should preserve the confidentiality of documents through the final point of disposition. Non-confidential paper records may be put into recyclable containers and discarded.
V. SUNY and NEW YORK STATE RETENTION SCHEDULES
SUNY State-Operated Campuses use the SUNY Policy Retention Schedules and the NYS General Retention Schedule, together, for the minimum retention period for their records. The two records schedule policies must be used together, but in a particular order.
SUNY Campuses should first look to the SUNY Records Retention and Disposition Schedules. If the SUNY schedules do not have an item that corresponds to a record, the campus should then look to the General Retention and Disposition Schedule for New York State Government Records.
As a general rule, the SUNY records schedules outline education records and other records specific to higher education. The General Record Retention and Disposition Schedule for New York State Government Records contains guidelines for complying with legal, fiscal, and administrative requirements for records retention and provides advice on cost-effective management of records commonly found in all State agencies. The schedules provide legal authorization to dispose of common records on a regularly scheduled basis.
SUNY Records Retention and Disposition Schedules are available on-line at: https://www.suny.edu/sunypp/documents.cfm?doc_id=650
General Record Retention and Disposition Schedule guidelines are available on-line at:
The SUNY Records schedules appear in the appendices section of the SUNY Records Retention Policy Doc. No. 6609 and below (click on the desired link). The schedules are classified by subject matter with corresponding sub-categories.
SUNY’s Records Retention and Disposition Schedules indicate the minimum length of time that campus and University officials must retain the records covered by this schedule before the records may be disposed of legally.
- ACADEMIC AFFAIRS AND INSTRUCTION
- ALUMNI & DEVELOPMENT
- STUDENT COUNSELING AND CAREER SERVICES
- ENVIRONMENTAL HEALTH AND SAFETY
- EMAIL, SUNY EMAIL RETENTION GUIDANCE
- EXECUTIVE RECORDS
- FINANCIAL AID
- HEALTH INFORMATION
- INTERNATIONAL RECORDS RETENTION INFORMATION
- STUDENT AND STAFF HOUSING
- MUSEUMS AND ART GALLERIES
- PUBLIC SAFETY AND SECURITY
- STUDENT ACCOUNTS
- STUDENT RECORDS
- UNIVERSITY AUDIT
The following authoritative documents were used in the preparation of this policy:
- New York State- Disposal of Personal Records Law.
- New York State - Archives Retention and Disposition Schedules.
- State University of New York Document 6609 – Records Retention and Disposition.
- National Institute of Standards & Technology Special Publication 800-88 (NIST SP 800-88).
This policy was prepared by the Division of Business & Finance in consultation with the Information Security Officer and the Internal Control Officer. It was reviewed by the President’s Cabinet prior to approval by the President.