SP 6-10l
APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021
REFERENCES:
Board Policy (BP) 6-10, Cyber Security Policy
Board Policy (BP) 3-110, Records Management
System Procedure (SP) 3-100, Evidence Preservation Procedure
APPROVED:
/ Joe Garcia /
Joseph A. Garcia
Chancellor
This procedure documents data retention guidance in compliance with applicable laws and state rules for Colorado Community College System and its Colleges’ (“CCCS”) documents and data.
This procedure applies to employees, personnel affiliated via third party contracts, and volunteers that have access to Information Assets, owned or leased by CCCS.
Data Retention
Data retention is defined as the saving of historic and/or inactive files on disk, or other mass storage media for the purpose of keeping the data for compliance or legal reasons, for a defined period of time.
The System Chancellor delegates to the System Vice Chancellor for Information Technology (“IT”) responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.
CCCS is subject to laws and regulations that mandate certain types of records must be maintained for defined periods of time. Failure to retain those records for the minimum period could subject CCCS to penalties and fines. CCCS expects employees to fully comply with any published records retention or destruction procedures and schedules.
Data Retention
Colorado has identified a document retention schedule that must be followed by all state agencies and public institutions. CCCS shall follow the document retention schedule as outlined in the Colorado State Archives State Agency Records Management Manual or similar document.
In accordance with Board Policy (BP) 3-110, Records Management, CCCS records must be protected and maintained in compliance with applicable laws. Failure to comply with this record retention schedule may result in punitive action against CCCS, individual Colleges, and/or departments. State record retention guidelines provide a minimum retention period, but records may need to be retained longer due to operational needs, contractual requirements, and/or litigation holds. Questions about this procedure should be submitted to CCCS Legal Counsel.
Email Archival
Due to the establishment of Electronic Communications Management and Retention Procedures (SP, 3-125d), the implementation of email archiving and concerns regarding e-discovery, employees are to use the CCCS provided archival system to archive email into folders and retain emails to comply with both retention and destruction procedures. Employees are not to keep unapproved personal solutions for the archival of email, save email to a hard drive or flash drive or to forward email outside of the CCCS email system to avoid compliance with this procedure. Employees are not to print paper copies of emails to be saved in physical files unless the printed emails are a part of the permanent record relating to a printed, physical document and to not have the printed email and the printed document together would adversely impact the business of CCCS.
Legal Hold Requests
If you believe, or if CCCS informs you, that your records are relevant to litigation, or potential litigation (i.e., a dispute that could result in litigation), then you must preserve those records until CCCS Legal Counsel determines the records are no longer needed. Legal hold requests supersede any previously or subsequently established destruction schedule for those records.
Employees involved with maintaining records pursuant to one of these requests shall coordinate with the System or College Human Resources, Legal and the System IT Department (“System IT”) and College IT Department (“College IT”) on the proper procedures to follow.
If you have any questions, please contact the CCCS Legal Counsel and refer to SP 3-100, Evidence Preservation Procedure.
Media Sanitizing and Disposal
CCCS must ensure secure and appropriate disposal of Information Systems and Assets including devices, network components, operating system, application software, and storage media to prevent unauthorized use or misuse of internal/external information. This can include, but is not limited to magnetic tapes, floppy disks, removable disk drives, optical disks, copier and fax machines, non-volatile memory devices (including memory sticks/cards or USB memory storage and mobile devices).
CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.