Information Management Policy
Related Procedures
Consultation Draft
PROCEDURE FOR USING RETENTION AND DISPOSAL SCHEDULES
The designated Information Management and Protection Lead is responsible for ensuring that Retention and
Disposal schedules are established for the Unit. The Retention and Disposal Schedule prescribes retention
periods and requirements for the legal disposal of Official University Records. It provides direction to
ensure that Official University Records are retained for as long as necessary based on their
operational, fiscal, legal and historical value. It also prescribes the appropriate disposition of Official
University Records – either destruction or archival preservation.
The OCIO shall provide advice and support to Units in establishing and using Retention and Disposal
Schedules. A Unit must contact the OCIO (im@mun.ca) to initiate the process of creating and
implementing a Retention and Disposal Sschedule.
Once the Retention and Disposal Schedule is established, the Unit is responsible for adhering to it by
maintaining the records for their entire retention period and disposing of them when required.
PROCEDURE FOR DECLARING AN ELECTRONIC RECORD THE OFFICIAL UNIVERSITY RECORD
Before declaring an electronic record the Official University Record, the Unit must consult the Office of
the Chief Information Officer (im@mun.ca) and the Office of General Counsel to ensure matters
including the following have been properly addressed:
-
Do the records need to remain in paper format for legal, regulatory or contractual reasons?
-
Are the appropriate scanning standards, quality assurance, system audit, and compliance
monitoring measures in place to ensure the electronic records are admissible as documentary
evidence?
-
Are the Unit’s processes and practices compliant with Section 4.1 of the Management of
Information Act?
The OCIO will assist the Unit in determining a best practice approach.
PROCEDURE FOR DISPOSAL OF TRANSITORY UNIVERSITY RECORDS
Units must develop and document a process for the identification and disposal of Transitory University
Records as part of their Unit’s overall information management operations. Unlike Official University
Records, the destruction of Transitory University Records does not require creation and application of a
Records Disposal Schedule.
Upon notice of an audit, legal inquiry or Access to Information and Protection of Privacy (ATIPP) request,
disposal of Transitory University Records must cease and they are treated no different than Official
University Records in that they may have to be produced.
1
A copy of an Official University Record is usually transitory. Such a copy should not be retained longer
than the approved retention period for the Official University Record of which it is a copy.
Transitory University Records may contain personal or confidential information. In such cases, secure
destruction practices must be followed by Units when disposing of Transitory University Records. At the
St. John’s campus, see the Procedure for Shredding and Disposal of Confidential Materials – St. John’s
Campus.
PROCEDURE FOR MANAGING UNIVERSITY RECORDS OF EXITING EMPLOYEES
Units must develop a process to ensure that University Records always remain in the custody and
control of the University, and that access to University Records is managed when employees change
positions or transition from one Unit to another. When an employee leaves the University, changes
positions within the University, or transitions from one Unit to another within the University the
following questions should be answered by the exiting employee:
What University Records in paper format are under your control?

desktop and desk drawers

filing cabinets, both in the individual's workspace and shared space

records temporarily in the possession of a colleague or another Unit

commercial records storage
What University Records in electronic format are under your control?

local hard drive (e.g. C: drive)

personal drive (e.g. folder on a shared drive only accessible to the individual)

cloud storage (e.g. Dropbox, OneDrive, Google Drive)

social media sites (e.g. Twitter, Facebook) managed by the individual on behalf of the University

email accounts (both official University email and personal email accounts if applicable)

calendar accounts

removable media (USB drives, external hard drives, , CDs, etc.)

devices such as laptops or mobile electronic devices, whether University or personally owned
Once the questions above have been answered and an inventory of University Records has been
established, the Unit must ensure that if any University Records are currently not accessible by the
University (e.g. on personal DropBox account) they are moved to an accessible location such as a shared
drive.
What types of University access do you have?

University systems such as Banner, MIMS, etc.

Cloud solutions used for the delivery of University services

Social media sites (e.g. Twitter, Facebook) managed by the individual on behalf of the University
2

Voicemail

Keys/swipe cards to University facilities
Information Technology Services (709-864-4595 or help@mun.ca) must be notified immediately of the
exit of an employee from the University or the transition of an employee from one Unit to another to
ensure University network and system access is deactivated or changed in a timely manner.
In cases where social media sites were being managed by an exiting employee on behalf of the
University, the individual’s account must be deactivated (if it is a named account) or the username and
password must be provided to the Unit (if it is a generic University Account). In the case of a generic
University account, the password must be changed.
In the case of Cloud solutions being used by an exiting employee for the delivery of University services, it
is the Unit’s responsibility to terminate any access.
3