Handbook of Business Procedures
October 23, 2012
October 23, 2012
Records Management Services
20.7. RECORDS THAT CONTAIN CONFIDENTIAL OR SENSITIVE INFORMATION – GENERAL INFORMATION
Departments at The University of Texas at Austin have a shared responsibility with Records Management Services (RMS) to systematically control the records of the university from their creation to their final disposition, whether that is destruction of the record or transfer of the record to archives. This includes protecting confidential and sensitive information.
Any record can contain confidential or sensitive information, whether it is a master record, a convenience copy, or transitory information. The Public Information Act, Texas Government Code Chapter 552 defines confidential information in regard to the records of Texas public universities and state agencies. Other information, while not technically confidential, is considered sensitive and must be protected in the same manner as confidential information. Master records that contain confidential or sensitive information and are approved for destruction by RMS must be protected and disposed of following the guidelines in:
- 20.5.4. Destruction Procedures and Form
- 20.7.2. Destruction Options for Confidential or Sensitive Records
B. Records Containing Confidential Information
Records are considered confidential if the university is not required to produce them in response to a public information request. Texas Government Code, Chapter 552. Public Information, Subchapter C. Information Excepted from Required Disclosure specifies exceptions to the requirement to produce records in order to protect people’s privacy and safety and to ensure fair trade. These and other exceptions enacted through federal laws (such as FERPA and HIPAA), state laws, court decisions, and the Texas Attorney General’s opinions are considered to be confidential by law, and their confidentiality must be protected from creation through final disposition. For more information, refer to 20.7.1. Managing Confidential or Sensitive Records.
Confidential records include the following:
- Employment information, including personal benefits, insurance information, and building access codes
- Student records, including test scores, assignments, projects, class grades, and copies of transcripts
- Documents containing personal information, including Social Security numbers, driver’s license numbers, birthdates
- Personal medical files, including prescription information
- Birth and death certificates
C. Records Containing Sensitive Information
The information in some records may not legally be considered confidential, but may disclose information that would not be made available in the normal course of business. While such a record would be produced for a public information request, it must still be protected during its life cycle. Sensitive records include salary information and payment vouchers.
Note: Confidential or sensitive information should never be placed in the trash, in blue recycling bins, or in any covered recycling bins provided by Facilities Services.
For more information about university requirements for protecting confidential and sensitive information, refer to Extended List of Category-I Data. However, this list is not all-inclusive. Each department is responsible for exercising good judgment in determining whether a record contains confidential or sensitive information. If in doubt, the document must be treated as confidential.