Handbook of Business Procedures
October 23, 2012
October 23, 2012
Records Management Services
20.7.1. MANAGING CONFIDENTIAL OR SENSITIVE RECORDS
Confidential and sensitive records at The University of Texas at Austin have security requirements, whether the records are hard copies or electronic.
1. Physical Security
Records containing confidential or sensitive information must be kept in locked cabinets for their entire life cycle. File cabinets containing these records must be kept in areas that are not accessible to unauthorized personnel. Records that have met retention requirements and are awaiting disposition must be marked "For confidential disposal" and kept in a locked cabinet or secure area.
2. Electronic Security
Electronic or imaged records that contain confidential or sensitive information must be securely maintained for their entire life cycle. These records must be password secured so that only authorized personnel can access them. If information is stored on a local hard drive, the computer must be locked when not in use. Hard drives must be wiped clean before disposal so that no information is recoverable. Contact the Information Security Office for support and information in developing secure departmental electronic records storage and retrieval systems. For credit card security requirements, refer to 6.4. Credit Card Collections.
B. Disposition of Confidential and Sensitive Records
Security requirements apply to the entire life cycle of all master records, convenience copies, and transitory information records that contain confidential or sensitive information, and departments must follow the guidelines in 20.7.2. Destruction Options for Confidential or Sensitive Records when destroying them.
- Master Records
Once master records that contain confidential or sensitive information have met retention requirements, they must be disposed of in a manner that preserves confidentiality throughout the entire disposal process, whether they are transferred to archives or destroyed. When records to be transferred to archives contain confidential or sensitive information, Records Management Services (RMS) notifies The University of Texas at Austin archivist. Master records that contain confidential or sensitive information and are approved for destruction by RMS must be protected and disposed of following the guidelines in 20.5.4. Destruction Procedures and Form.
- Convenience Copies
Convenience copies may be disposed at any time prior to the disposition of the corresponding master record, and no authorization is required.
- Transitory Information Records
Transitory information records may be disposed when they have served their purpose, as determined by the department, and no authorization is required.