Records & Records Management
BPM-911 Electronic Records Administration
Revised November 6, 2012
The purpose of this policy is to inform University employees and department management of the requirements and responsibilities for managing, protecting and disposing of electronic records. It pertains to the legality, retention, safeguarding, backing up and future accessibility of electronic records.
Electronic records, including electronic messages may constitute a public record like other documents subject to disclosure under the Missouri Sunshine Law (RSMo 610) or other laws, or as a result of litigation.
Electronic messages may constitute University records subject to BPM 902: Records Management - General Policy. Records "Are any papers, e-mails, electronic records, electronic images, maps, photographs, original microfilm, or other documentary materials regardless of physical form or characteristics, made, produced, executed or received by any academic or administrative staff member in connection with the transaction of University business or maintained as evidence of the organization's functions, policies, decisions, procedures, operations, or other activities of a University department or business unit."
Historical records of the University are subject to CRR 180.010: Archival Program.
The Electronic Records Administration policy set forth herein applies to all employees of the University and applies to all electronic records that are made or received in the transaction of University business. Examples of electronic records include, but are not limited to: word processing documents, spreadsheets, databases, electronic calendars, electronic messages created using e-mail and other new or emerging communication technologies.
ELECTRONIC RECORDS POLICY
University departments should use approved electronic technologies to increase efficiency, reduce expenses or improve the methods to process, handle, retrieve, transmit and retain University records and information.
Maintenance and disposal of electronic records, as determined by their content is the responsibility of the creator and/or receiver of the record and must be in compliance with the University's approved records retention and disposition schedules in BPM 1001: Records Retention Guide. Failure to properly maintain electronic records may expose the University and individuals to legal risks.
The department head of an office is responsible for ensuring compliance with all University Records Management policies (BPM 900). When an employee leaves a department or the University, the department head is responsible for ensuring that the separating employee's records are properly transferred to a new individual.
Work-related e-mail is a record, and must be treated as such. For purposes of this policy, e-mail is meant to encompass all forms of electronic messaging including instant messaging and all other current and emerging communication technologies. Each e-mail that does not meet the definition of a record (e.g., personal e-mail, or junk e-mail, etc.) should be deleted immediately from the system.
All employees must use a University provided e-mail and calendaring system or service to conduct University business and to store e-mail and appointment records.
All e-mail and calendaring related to University business must be maintained on the central e-mail server.
E-mail records and any associated attachment(s) can either be retained in the user's mailbox or printed and filed. The printed copy of the e-mail must contain the following header information:
- Who sent message
- To whom the message was sent
- Date and time message was sent
When e-mail is used as a transport mechanism for other record types, such as word processing documents or spreadsheets, it is possible, based on content, for the retention and disposition periods of the e-mail and the transport record(s) to differ. In this case, the longest retention period shall apply.
Safeguarding/Accessibility of Electronic Records
Departments should have policies in place to safeguard all electronic records in order to mitigate individual actions to alter, erase or in any way change the content of the record for fraudulent purposes. In addition to safeguarding against deliberate tampering with records, departments should also guard against storage media deterioration and rapid technology changes that can leave electronic records inaccessible over a period of time because of hardware or software obsolescence.
To eliminate the possibility of creating a situation where information can no longer be retrieved, departments must make provision for future accessibility by: migrating all electronic records when there are major changes to the next generation of hardware or software; or migrating only current electronic records to new hardware or software, and converting records not migrated to "Human Readable Form."
All University electronic records that are considered vital records as defined by BPM 907: Vital Records, archival records (i.e., general correspondence), or any other information requiring retention must be retained in such a manner to insure availability to the University for as long as needed in future years.
Electronic Records Backup
Campus Information Technology (IT) departments perform backups on a regular schedule of the e-mail and electronic files stored on central servers. These backups are intended for system restoration purposes only. The IT system administrators are not responsible for the management, retention and disposition of messages or records which may be included in such backups.
To ensure the University always has the necessary electronic records available to conduct its academic and administrative business functions, University departments will backup all electronic records and databases not backed up by campus IT departments at appropriate time periods and in an appropriate manner to insure that electronic records and databases are always protected from accidental or deliberate loss.
Different backup media (CDs, DVDs, cassettes, optical disks, disk paks, etc.) retain information for different periods of time before deterioration of the information may begin. The longer the backup media will be retained without replacement of information, the more stable the backup media needs to be.
When litigation against the University or its employees is filed or threatened, the law imposes a duty upon the University to preserve all documents and records that pertain to the issue. As soon as University Counsel is made aware of pending or threatened litigation, a Litigation Hold directive will be issued to the applicable employees. The Litigation Hold directive overrides any records retention schedule that may have otherwise called for the transfer, disposal, or destruction of the relevant documents, until the hold has been lifted by University Counsel. E-mail and computer accounts of current and separated employees that have been placed on a Litigation Hold by University Counsel will be maintained by the campus IT department until the hold is released.
No employee who has been notified by University Counsel of a Litigation Hold may alter or delete an electronic record that falls within the scope of the hold. Violation of the Litigation Hold may subject the individual to disciplinary actions, up to and including dismissal, as well as personal liability for civil and/or criminal sanctions by the courts or law enforcement agencies.
NOTE: Electronic messages and their attachments are subject to discovery during litigation, governmental investigations, and audits, or if a FERPA request has been made. During litigation, electronic messages and their attachments are subject to discovery in the same way that paper, film, and other electronic information is subject to discovery or access.
Legality of Electronic Records
Application of Policies
All policies applied generally at the University are expressly applicable to the electronic environment.
The Secretary of State's Office has published Guidelines for Managing E-mail Records and makes the following statement: "If an e-mail correspondence is determined to be a record, then it must be maintained within a recordkeeping system. Agencies are strongly encouraged to implement an e-mail policy that covers usage, content, public access, privacy, and records retention."
Relevant institutional policies include, but are not limited to:
- CRR 110.005: Acceptable Use Policy (Use of Facilities & Equipment)
- CRR 110.010: Regulations (Use of Facilities & Equipment)
- CRR 180.010: Archival Program (Records Management)
- CRR 200.010: Standard of Conduct (Student Conduct)
- BPM 405: Use of University Equipment & Resources
- BPM 902: Records Management - General Policy
- BPM 907: Vital Records
- BPM 1201: Management, Access and Use of IT Resources
Relevant State of Missouri laws and guidelines include, but are not limited to: