Brad Houston, University Records Officer July 7. 2009 RM programs in public institutions (like UWM!) driven by legal mandate Provides legal protection in case of public records request, subpoena, etc. Privacy laws and concerns: dictates disclosure Introduce participants to relevant laws, court decisions, and policies Explain steps you can take to ensure compliance and limit liability Focus on electronic records and requirements for storing and producing digital files Describe basic procedures for dealing with records requests Do NOT rely on this presentation for legal advice! Guidelines for compliance, preparation for discovery/disclosure Not intended to provide SPECIFIC instruction for individual litigation cases If your office is subject to litigation/discovery: Contact Legal Affairs (x4278) Laws and what they mean for you as a UWM Employee Definition of a public record Materials “made or received… in connection with the transaction of public business” Public records are property of the State of Wisconsin Public records may not be destroyed without approved records retention schedule Electronic/Microfilm copies may be considered official records Defined regardless of format “books, papers, maps, photographs, films, recordings, optical disks, electronically formatted documents or other documentary materials” Major Exceptions: Convenience/Reference copies Notices/Invitations Drafts/Notes (not shared with colleagues) Routing Slips/Envelopes An accountability measure! Provision for internal audit of department activities No destruction without records schedules (RRDAs) General Records Schedules: Fiscal, Personnel, etc. Specific Records Schedules: Dept. series Records Schedules must be renewed every 10 years Make sure all records in office have applicable record schedules Most offices are mostly covered by general records schedules Separate records from non-records Maintain filing by record series and disposition date All public records potentially available to any public requestor “The denial of public access generally is contrary to the public interest…” Public records requests coordinated by UWM Records custodian Exceptions to required disclosure Limitation of scope of disclosure ANY requestor may request viewing of public records except as otherwise provided by law! Confidential Records: subject or his/her designee may view (but see exceptions) Requestors NOT required to provide reason If requested records are internal use (i.e. not intended for public), refer requestor to Public Records Custodian Information gathered in connection with a complaint/grievance/arbitration Information which may endanger an individual’s life/safety Information which identifies informants You are not required to disclose: Trade Secrets, including research data Identities of applicants for public positions (until finalists) Plans/Specifications of State Buildings Personnel Records (including some supp. materials) Financial Identifying Information If you suspect requested records to include these materials, inform the records custodian! Defer ALL public records requests to UWM Public Records Custodian Maintain appropriate security levels for all records Suspend records destruction once a public records request is received Be prepared to make ANY eligible record in your office available Requestors may sue for “unnecessary delay”, so be timely in responding to the Records Custodian! Define rules and regulations re: discovery of records for subpoenas/litigation in federal court Describe scenarios under which records disposition can/cannot occur Provide for potentially severe penalties for non-compliance or premature destruction In all cases, FRCP-relevant cases will be handled through Legal Affairs Contact Legal Affairs IMMEDIATELY If electronic records are involved, also contact UITS to preserve backup tapes Cease all records management activities (especially records destruction) Assess your ability to produce records, and how quickly ANYTHING in subpoenaed files may be subject to discovery and use! Protect yourself: Keep files on different cases/projects discrete Destroy files scheduled for destruction in a timely manner unless litigation has started Do not use your personal email for work purposes, or vice-versa ▪ Why? You may need to produce in connection with litigation FRCP “Safe Harbor” clause! Applies if: Records schedule for that series exists Disposition of that series is performed on regular basis Records were destroyed before Legal Affairs became aware of litigation possibility Strongest argument for practicing good records management FERPA, HIPAA, and UWM’s Personnel File Policy Students have right to view educational records Educational records are only accessible to student Student may authorize disclosure Directory Information may be made available Exception: if a student has opted-out Certain other exceptions exist All records pertaining to students maintained at UWM Presumption of confidentiality Major exceptions: Instructor personal/sole possession notes Employment Records Campus Security Records Alumni records Defined as information publicly available: Name, Address, Contact Info Year in school, major, enrollment status Participation in activities Degrees, graduation date, awards received Students may choose to opt out of directory information release Contact Enrollment Services Campus Directory? Individual Students UWM Employees with “Genuine Educational Interest” Exempted classes Financial Aid Providers Other educational institutions (for transfers, etc.) Specifically exempted officials (FERPA Manual) Accrediting groups/student study groups Students must provide WRITTEN consent (with signature), including: Specification of records to be released Identify to whom records may be released Indication of purpose of release Provide requested records within 45 days No consent needed if records are subpoenaed or requested via public records request But contact Records Custodian first to determine validity of subpoena Release FERPA-protected information to parents Exception: if student is under 18 Post test or course grades using social security numbers Provide records to UWM staff without “legitimate educational interest” Keep a log of all disclosures of FERPAprotected information Exceptions: access by student or student- permitted party, directory info disclosure Keep a log of notifications to students of disclosure Maintain letters of consent for AT LEAST six years after student graduates/leaves UWM Do not disclose student information if you have ANY doubt re: permissions Contact Legal Affairs for guidance Advise requestor to direct request to Public Records Custodian Current Legal Affairs stance: presume ALL student information is private Why? Directory Info “Opt Outs” Defines Official Personnel File and contents Provides provisions and restrictions for access Prescribes official custodian, length of retention This section being revised Does not in itself have force of law Clarifies key provisions of Public Records Law Copy of the Personnel File held by Dean or Division Head or their designate Usually the PRep, but they may delegate Contains all information related to employment actions by a UWM employee Become inactive after employee leaves: Classified: 7 year retention and destroy Unclassified: 10 year retention and destroy Faculty: 30 year retention and transfer to archives Employees may view their own personnel file May not view confidential records within P-file Coordinate request with Public Records Custodian, especially if sent to Archives Employees may authorize access to their personnel file Requires written permission from employee Route through public records custodian All subpoenas subject to review by Legal Affairs Defines and protects certain classes of health information Indicates which entities are required to protect information, and which are excluded Provides right of patients to access health records Surprisingly, not applicable to most departments on campus! Employer medical information not subject to HIPAA regulation Three main groups of covered depts/people: Provider units (Athletic trainers, Health Center, Health Sciences and Nursing Centers) Administrative units (Bursar, BFS, Institutional Review Board, some members of UITS) Researchers and students using clinical info UWM HIPAA resource site https://www4.uwm.edu/legal/hipaa/index.cfm UWM HIPAA manual https://www4.uwm.edu/legal/hipaa/policies/index .cfm#sectionB Other questions? Contact Legal Affairs directly Wisconsin Administrative Rule 12, Digital Millenium Copyright Act Electronic documents are records too, and subject to public records request/subpoena! Latest revisions to FRCP include e-discovery provisions: E-records are discoverable and usable as evidence Must be produced within 30 days, in the form in which they are used Requestor may specify form of production Third parties may be subpoenaed (Twitter, anyone?) Puts forth criteria for maintaining electronic records Mandates design and use of information systems to support e-records Does NOT require departments to maintain records electronically DOES apply to records already being maintained electronically exclusively Electronic records must be: Accurate: reflects the original record Accessible: Record can be retrieved Authentic: can be substantiated as accurate Reliable: produces the original record every time Legible: letters and numbers are identifiable Readable: Groups of letters recognized as words All of these properties must be maintained throughout a record’s active life Legible and Readable: keep file formats up to date, migrate files Usually applies only to long-retention records Accurate and Reliable: write-protect final copies of electronic records Authentic: use versioning/logging features of PantherFile Accessible: Create logical filing system Robust search terms, tagging, metadata? Defines illegality of republishing copyrighted information via file-sharing Prohibits circumvention of anti-piracy software or code (incl. DRM on music files) Limits liability of ISP (i.e. UITS) for violations Does provide expectation of ISP action, however Provides exceptions for certain departments/circumstances (mostly Fair Use) UWM takes DMCA violations VERY seriously Also violation of UWM Computing Policy! UITS is required to facilitate removal of protected information Remember: Your work computer is NOT your personal property! Info Security Office will not hesitate to seize it for forensic analysis if necessary DO NOT DELETE offending material ▪ It can still be found, AND you get in more trouble! You will NOT be eligible for legal defense from UWM Limits UWM’s own liability Legal Affairs may facilitate contact between you and litigant e.g. forwarding letters of intent, pre-settlement or settlement letters, etc. Your UWM computing privileges may be revoked Summary and resources Create record schedules for all records in your office General Schedules cover a lot of these Maintain appropriate security levels for protected records (FERPA, personnel, HIPAA, etc.) Destroy records as soon as retention time expires Separate work-related and personal records STOP destruction of records as soon as you are aware of litigation possibility Inform legal affairs immediately of situation Organize your records and prepare for potential format conversion Don’t discuss the terms of the litigation any more than strictly necessary UWM FERPA Guide https://www4.uwm.edu/current_students/records _grades/ferpa_facstaff.cfm UWM HIPAA Guide https://www4.uwm.edu/legal/hipaa/index.cfm Digital Millennium Copyright Act– Info Security https://www4.uwm.edu/uits/security/alerts/news_ details.cfm?item_id=1561 Office of Legal Affairs Legal Topics in Higher Education ▪ http://www4.uwm.edu/legal/resources/legal-topics.cfm General Legal Resources ▪ http://www4.uwm.edu/legal/resources/generalresources.cfm Wisconsin Statutes (16.61 and 19.31) http://nxt.legis.state.wi.us/nxt/gateway.dll/?f=tem plates&fn=default.htm Personnel File Policy http://www4.uwm.edu/secu/acad+admin_policies /S42.htm Public Access to Records http://www4.uwm.edu/secu/acad+admin_policies /S45.htm Information Security Policy http://www4.uwm.edu/secu/acad+admin_policies /S-59.pdf This presentation available online: http://www.uwm.edu/Libraries/arch/recordsmgt/legal.ppt Or, contact UWM Records Management: houstobn@uwm.edu (Brad Houston) 414-229-6979 http://www.records.uwm.edu