Legal Issues in Records Management

advertisement
Brad Houston, University Records Officer
July 7. 2009
RM programs in public
institutions (like
UWM!) driven by legal
mandate
 Provides legal
protection in case of
public records request,
subpoena, etc.
 Privacy laws and
concerns: dictates
disclosure





Introduce participants to relevant laws, court
decisions, and policies
Explain steps you can take to ensure
compliance and limit liability
Focus on electronic records and requirements
for storing and producing digital files
Describe basic procedures for dealing with
records requests

Do NOT rely on this presentation for legal
advice!
 Guidelines for compliance, preparation for
discovery/disclosure
 Not intended to provide SPECIFIC instruction for
individual litigation cases

If your office is subject to litigation/discovery:
 Contact Legal Affairs (x4278)
Laws and what they mean for you as a UWM Employee

Definition of a public record
 Materials “made or received… in connection with
the transaction of public business”



Public records are property of the State of
Wisconsin
Public records may not be destroyed without
approved records retention schedule
Electronic/Microfilm copies may be
considered official records

Defined regardless of format
 “books, papers, maps, photographs, films,
recordings, optical disks, electronically formatted
documents or other documentary materials”

Major Exceptions:
 Convenience/Reference copies
 Notices/Invitations
 Drafts/Notes (not shared with colleagues)
 Routing Slips/Envelopes

An accountability measure!
 Provision for internal audit of department
activities

No destruction without records schedules
(RRDAs)
 General Records Schedules: Fiscal, Personnel, etc.
 Specific Records Schedules: Dept. series

Records Schedules must be renewed every 10
years

Make sure all records in office have applicable
record schedules
 Most offices are mostly covered by general
records schedules


Separate records from non-records
Maintain filing by record series and
disposition date

All public records potentially available to any
public requestor
 “The denial of public access generally is contrary
to the public interest…”



Public records requests coordinated by UWM
Records custodian
Exceptions to required disclosure
Limitation of scope of disclosure

ANY requestor may request viewing of public
records except as otherwise provided by law!
 Confidential Records: subject or his/her designee
may view (but see exceptions)


Requestors NOT required to provide reason
If requested records are internal use (i.e. not
intended for public), refer requestor to Public
Records Custodian



Information gathered in connection with a
complaint/grievance/arbitration
Information which may endanger an
individual’s life/safety
Information which identifies informants

You are not required to disclose:
 Trade Secrets, including research data
 Identities of applicants for public positions (until
finalists)
 Plans/Specifications of State Buildings
 Personnel Records (including some supp. materials)
 Financial Identifying Information

If you suspect requested records to include these
materials, inform the records custodian!




Defer ALL public records requests to UWM
Public Records Custodian
Maintain appropriate security levels for all
records
Suspend records destruction once a public
records request is received
Be prepared to make ANY eligible record in
your office available
 Requestors may sue for “unnecessary delay”, so
be timely in responding to the Records Custodian!




Define rules and regulations re: discovery of
records for subpoenas/litigation in federal
court
Describe scenarios under which records
disposition can/cannot occur
Provide for potentially severe penalties for
non-compliance or premature destruction
In all cases, FRCP-relevant cases will be
handled through Legal Affairs

Contact Legal Affairs IMMEDIATELY
 If electronic records are involved, also contact
UITS to preserve backup tapes


Cease all records management activities
(especially records destruction)
Assess your ability to produce records, and
how quickly


ANYTHING in subpoenaed files may be
subject to discovery and use!
Protect yourself:
 Keep files on different cases/projects discrete
 Destroy files scheduled for destruction in a timely
manner unless litigation has started
 Do not use your personal email for work purposes,
or vice-versa
▪ Why? You may need to produce in connection with
litigation

FRCP “Safe Harbor” clause! Applies if:
 Records schedule for that series exists
 Disposition of that series is performed on regular
basis
 Records were destroyed before Legal Affairs
became aware of litigation possibility

Strongest argument for practicing good
records management
FERPA, HIPAA, and UWM’s Personnel File Policy


Students have right to view educational
records
Educational records are only accessible to
student
 Student may authorize disclosure

Directory Information may be made available
 Exception: if a student has opted-out

Certain other exceptions exist



All records pertaining to students maintained
at UWM
Presumption of confidentiality
Major exceptions:
 Instructor personal/sole possession notes
 Employment Records
 Campus Security Records
 Alumni records

Defined as information publicly available:
 Name, Address, Contact Info
 Year in school, major, enrollment status
 Participation in activities
 Degrees, graduation date, awards received

Students may choose to opt out of directory
information release
 Contact Enrollment Services
 Campus Directory?



Individual Students
UWM Employees with “Genuine Educational
Interest”
Exempted classes
 Financial Aid Providers
 Other educational institutions (for transfers, etc.)
 Specifically exempted officials (FERPA Manual)

Accrediting groups/student study groups

Students must provide WRITTEN consent
(with signature), including:
 Specification of records to be released
 Identify to whom records may be released
 Indication of purpose of release


Provide requested records within 45 days
No consent needed if records are subpoenaed
or requested via public records request
 But contact Records Custodian first to determine
validity of subpoena

Release FERPA-protected information to
parents
 Exception: if student is under 18


Post test or course grades using social
security numbers
Provide records to UWM staff without
“legitimate educational interest”

Keep a log of all disclosures of FERPAprotected information
 Exceptions: access by student or student-
permitted party, directory info disclosure


Keep a log of notifications to students of
disclosure
Maintain letters of consent for AT LEAST six
years after student graduates/leaves UWM

Do not disclose student information if you
have ANY doubt re: permissions
 Contact Legal Affairs for guidance
 Advise requestor to direct request to Public
Records Custodian

Current Legal Affairs stance: presume ALL
student information is private
 Why? Directory Info “Opt Outs”



Defines Official Personnel File and contents
Provides provisions and restrictions for access
Prescribes official custodian, length of
retention
 This section being revised

Does not in itself have force of law
 Clarifies key provisions of Public Records Law

Copy of the Personnel File held by Dean or
Division Head or their designate
 Usually the PRep, but they may delegate


Contains all information related to
employment actions by a UWM employee
Become inactive after employee leaves:
 Classified: 7 year retention and destroy
 Unclassified: 10 year retention and destroy
 Faculty: 30 year retention and transfer to archives

Employees may view their own personnel file
 May not view confidential records within P-file
 Coordinate request with Public Records
Custodian, especially if sent to Archives

Employees may authorize access to their
personnel file
 Requires written permission from employee
 Route through public records custodian

All subpoenas subject to review by Legal
Affairs



Defines and protects certain classes of health
information
Indicates which entities are required to
protect information, and which are excluded
Provides right of patients to access health
records

Surprisingly, not applicable to most
departments on campus!
 Employer medical information not subject to
HIPAA regulation

Three main groups of covered depts/people:
 Provider units (Athletic trainers, Health Center,
Health Sciences and Nursing Centers)
 Administrative units (Bursar, BFS, Institutional
Review Board, some members of UITS)
 Researchers and students using clinical info

UWM HIPAA resource site
 https://www4.uwm.edu/legal/hipaa/index.cfm

UWM HIPAA manual
 https://www4.uwm.edu/legal/hipaa/policies/index
.cfm#sectionB

Other questions? Contact Legal Affairs
directly
Wisconsin Administrative Rule 12, Digital Millenium Copyright Act


Electronic documents are records too, and
subject to public records request/subpoena!
Latest revisions to FRCP include e-discovery
provisions:
 E-records are discoverable and usable as evidence
 Must be produced within 30 days, in the form in
which they are used
 Requestor may specify form of production
 Third parties may be subpoenaed (Twitter,
anyone?)




Puts forth criteria for maintaining electronic
records
Mandates design and use of information
systems to support e-records
Does NOT require departments to maintain
records electronically
DOES apply to records already being
maintained electronically exclusively

Electronic records must be:
 Accurate: reflects the original record
 Accessible: Record can be retrieved
 Authentic: can be substantiated as accurate
 Reliable: produces the original record every time
 Legible: letters and numbers are identifiable
 Readable: Groups of letters recognized as words

All of these properties must be maintained
throughout a record’s active life

Legible and Readable: keep file formats up to
date, migrate files
 Usually applies only to long-retention records



Accurate and Reliable: write-protect final
copies of electronic records
Authentic: use versioning/logging features of
PantherFile
Accessible: Create logical filing system
 Robust search terms, tagging, metadata?



Defines illegality of republishing copyrighted
information via file-sharing
Prohibits circumvention of anti-piracy
software or code (incl. DRM on music files)
Limits liability of ISP (i.e. UITS) for violations
 Does provide expectation of ISP action, however

Provides exceptions for certain
departments/circumstances (mostly Fair Use)

UWM takes DMCA violations VERY seriously
 Also violation of UWM Computing Policy!
 UITS is required to facilitate removal of protected
information

Remember: Your work computer is NOT your
personal property!
 Info Security Office will not hesitate to seize it for
forensic analysis if necessary
 DO NOT DELETE offending material
▪ It can still be found, AND you get in more trouble!

You will NOT be eligible for legal defense
from UWM
 Limits UWM’s own liability

Legal Affairs may facilitate contact between
you and litigant
 e.g. forwarding letters of intent, pre-settlement or
settlement letters, etc.

Your UWM computing privileges may be
revoked
Summary and resources

Create record schedules for all records in your
office
 General Schedules cover a lot of these



Maintain appropriate security levels for
protected records (FERPA, personnel, HIPAA,
etc.)
Destroy records as soon as retention time
expires
Separate work-related and personal records




STOP destruction of records as soon as you
are aware of litigation possibility
Inform legal affairs immediately of situation
Organize your records and prepare for
potential format conversion
Don’t discuss the terms of the litigation any
more than strictly necessary

UWM FERPA Guide
 https://www4.uwm.edu/current_students/records
_grades/ferpa_facstaff.cfm

UWM HIPAA Guide
 https://www4.uwm.edu/legal/hipaa/index.cfm

Digital Millennium Copyright Act– Info
Security
 https://www4.uwm.edu/uits/security/alerts/news_
details.cfm?item_id=1561

Office of Legal Affairs
 Legal Topics in Higher Education
▪ http://www4.uwm.edu/legal/resources/legal-topics.cfm
 General Legal Resources
▪ http://www4.uwm.edu/legal/resources/generalresources.cfm

Wisconsin Statutes (16.61 and 19.31)
 http://nxt.legis.state.wi.us/nxt/gateway.dll/?f=tem
plates&fn=default.htm

Personnel File Policy
 http://www4.uwm.edu/secu/acad+admin_policies
/S42.htm

Public Access to Records
 http://www4.uwm.edu/secu/acad+admin_policies
/S45.htm

Information Security Policy
 http://www4.uwm.edu/secu/acad+admin_policies
/S-59.pdf

This presentation available online:
 http://www.uwm.edu/Libraries/arch/recordsmgt/legal.ppt

Or, contact UWM Records Management:
 houstobn@uwm.edu (Brad Houston)
 414-229-6979
 http://www.records.uwm.edu
Download