Record Management Guidelines

Quick Links

Contact

University Record Management Officer RMO@binghamton.edu

Guidelines

Binghamton University records must be maintained in a manner that supports operational needs and internal controls, protects privacy, and meets federal, state, and regulatory requirements. The University is committed to effective and consistent record management (regardless of the format of the records) that:

  • maintains the privacy and security of institutional information;
  • ensures records are retained for the required duration;
  • preserves records of historical value;
  • requires disposal of outdated and unnecessary records in a manner appropriate for the format;
  • optimizes the use of space; and
  • minimizes the cost of record retention.

Managing University Records

The designated Office of Record is responsible for maintaining the official university record. The official documents must be retained for the required duration outlined in the applicable Record Retention Schedule and then disposed of in a manner appropriate for the record format.
Administrative areas that are not designated as an Office of Record must dispose of duplicate copies of University records in an appropriate manner when there is no longer an administrative need for them or if the required duration is met as outline in the applicable Record Retention Schedule. Retaining records when there is no operational or legal requirement to do so may place additional burdens on the University.

  • Records containing confidential data must be protected against theft. If such records are accessed inappropriately or lost, the University could be subjected to fines, penalties, cost to notify individuals whose records were breached, and loss of reputation.
  • In the event of a legal proceeding or audit, the administrative area(s) must provide all documentation that has been maintained regardless of the retention requirements. This can be a very time consuming and costly process.

Administrative areas that are not the Office of Record should refer to the Office of Record to provide them with the necessary access to the records.

Confidentiality

Many records contain confidential and/or regulated private data protected by federal, state, and local regulations such as the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act. In addition to the statutory requirements, confidential records and regulated private data must be handled in accordance with the University's privacy and information security policies.

Preservation of Records Relevant to Legal Matters

Disposal of records (regardless of format) relevant to pending or anticipated litigation, claim, audit, agency charge, investigation, or enforcement action must be suspended until final resolution of the matter. Employees, who are notified by the University's Associate Counsel that an investigation or legal proceeding has commenced or is anticipated, must preserve all records with potential relevance until formal notification by the Associate Counsel has been given that the hold has ended.

Electronic Records

An Office of Record that chooses to maintain documents electronically must establish a procedure to implement the use of electronic records in substitution for original paper records. The procedure must ensure the:

  • process maintains the integrity of the original records, is reliable and secure, and that authenticity can be validated;
  • image process preserves accurate images of original records, including signatures, worksheets, relevant notes, and other papers necessary to reconstruct and understand the original record;
  • system will not permit additions, deletions, or changes to the images without leaving a record of such additions, deletions, or changes;
  • index system provides secure, on-time, and convenient access and retrieval of imaged records so that each document is sufficiently identified to permit retrieval;
  • accessibility of electronic records is not lost because of changing technology, portability of the medium, or transfer to a different medium; and
  • metadata information that describes how, when, and by whom it was collected, as well as size and storage requirements, must be preserved with electronic records.

An effective electronic record security procedure must be established to:

    • allow only appropriate, authorized personnel access to electronic records and that such personnel are trained to protect sensitive, proprietary, or classified electronic records;
    • provide for the backup and recovery of electronic records as protection against information loss;
    • minimize the risk of unauthorized change or erasure of electronic records; and
    • retain the electronic record according to the retention schedule applicable to the original record.

Most records in the SUNY Schedule have been pre-authorized for replacement so that paper records that have been scanned or otherwise converted may be destroyed prior to the end of their retention period. If not pre-authorized, replacement or destruction of the paper records can only occur upon approval by the State Archives. This process will be coordinated through the University Records Management Officer.

Email

Generally, records transmitted through email systems have the same retention periods as records in other formats that are related to the same function or activity. It is recommended that users identify and purge all non-records in email, segregating official records from transitory information.

Records Retained by University Archives

Archival records are records that Binghamton University must keep permanently to meet their fiscal, legal, or operational/administrative needs or contain historically significant information. Records do not have to be old to be archival. University officials create and use archival records daily in their offices. What makes a record worthy of permanent retention and special management is the continuing importance of the information it contains such as, significant evidence of how the University functions and/or if it provides significant information about people, places, or events that involve the University.

Non-permanent records may have enduring historical or other research significance as well. Contact the University Archivist for assistance with identifying records for potential research or historical value before destroying them.

For questions, or to arrange for the transfer of records to University Archives, call 777-6459, Monday through Friday from 8:30 am to 3:30 pm

Record Disposal

Disposition of records should be carried out regularly, at least once a year and should not be deferred until records become a pressing storage problem.

Once it has been determined that it is appropriate to dispose of records, records may be recycled through the University's recycling program.

A destruction report is required to document disposal of all official records. This report identifies the type of record (s), the creation date of the record, and quantity of records being destroyed. Destruction reports throughout the academic year are to be provide to the Records Management Officer at rmo@binghamton.edu.

Definitions

Archival Record: Records that the University must keep permanently to meet fiscal, legal, or operational/administrative needs, or because they contain historically significant information. What makes a record worthy of permanent retention and special management is the continuing importance of the information it contains.

Confidential Record: Information that specifically identifies and/or describes an employee, student, or University affiliate; an employee or student's protected health information, or organization information, which if disclosed or released would result in negative financial, competitive, or productive loss, or other non-beneficial impacts. Specific examples of confidential information include, but are not limited to:

  • an employee's name when combined with birth date, race, gender, marital status, disability status, veteran status, citizenship, or social security number
  • an employee's home address or telephone number; relatives' names, addresses, or telephone numbers
  • individual employment records of living current or former employees, including records which concern hiring, appointment, promotion, tenure, salary, performance, termination, or other circumstances of employment unless the employee grants access in writing
  • individual education records of living students or living former students, as defined by FERPA, unless the student or former student grants access in writing
  • all regulated private data
  • records that have been restricted by contract
  • facilities management documentation, including security system information
  • auditing information, including internal audit reports and investigative records
  • organizational legal documents, including pending lawsuits and attorney-client communications.

Electronic record: Information recorded in a format that requires a computer or other electronic device to access it and that otherwise satisfies the definition of a record.

Office of Record: The office designated as having responsibility for retention and timely destruction of official university records. If you are designated to maintain the original document, you are considered the Office of Record and must maintain the document for the period outlined in the applicable record retention schedule.

Record: Any recorded information (regardless of format) generated in the course of conducting business, and which must be maintained to meet the fiscal, legal, historical or administrative needs of the organization. Records such as drafts, courtesy copies etc. may be considered non-records.

Record Coordinator: The primary resource in an office who interprets policies and retention requirements related to the specific records for which they have been assigned responsibility. In addition, the Record Coordinator is responsible for providing guidance to the office pertaining to the retention and destruction of these records.

Retention Period: The length of time for which the Office of Record is responsible for the maintenance of specific university records.

Responsibility

Record Management Officer

  • Ensures compliance with the SUNY records retention schedule at the University
  • Facilitating compliance with the Records Retention schedules and maintaining a campus inventory of records.
  • Facilitating requests for approval of 1) new records not identified on the retention schedules or 2) requests for shorter retention periods.
  • Report annually, by September 1 of each year, to the SUNY Administration RMO on disposition actions taken by such campus during the previous academic year.

Office of Record

  • Maintains official records in accordance with the appropriate Record Retention Schedule and the requirements of this policy.
  • Provide records when requested by internal or external entities when such requests are deemed appropriate and necessary.
  • Destroy and/or archive records in an appropriate manner.

Record Coordinators

  • Provides guidance to their assigned area pertaining to the retention and destruction of the specific record categories for which they are responsible.
  • Implement record management practices consistent with this policy.
  • Restrict access to confidential records.
  • Determine if the department is the Office of Record for any records. If necessary, consult with the Record Management Officer.
  • Preserve appropriate records with historical value.
  • Appropriately dispose of all records for which the department is not the Office of Record.
  • When the department maintains the official University record (Office of Record), consult the appropriate Record Retention Schedule and dispose of the records when the Schedule indicates they are no longer required.
  • Provide destruction report(s) for records being disposed of to the Records Management Officer for any disposition activities of Official Records throughout the academic year.
  • Work with supervisors and departing employees to ensure that records are properly transitioned and/or disposed of.

Last Updated: 8/17/16