Feb. 25: Campus Records Cleanup Today

February is Data Privacy Month. Privacy is an important value of the University, and each of us is responsible for the security of information assets with which we work. Keeping records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is a privacy risk.

Shred Unnecessary Paper Records

Good document hygiene includes shredding unnecessary paper records with sensitive information in a way that is consistent with the UC University Records Management Program (BFB-RMP-1) and the UC Records Retention Schedule.

On-site Shredding Truck – February 25, 2016

On February 25 from 9am-11am, a shredding truck will be parked in Lot 12A near the Natural Sciences buildings. You can drop off any paper records from your unit/department that your unit/department has determined should be destroyed under the retention schedule. Please review the steps listed below that your unit/department should use to determine what paper records should be destroyed under the retention schedule. The truck will shred your paper records on-site, including paperclips, rubber bands and binder clips, and issue you a certificate of destruction. In the alternative, you can make prior arrangements to have the records picked up from your department if you are unable to transport them to the event location.

Record Pick Up Arrangement

Please contact Tawny Luu (tyluu@uci.edu) before February 25 if you need your records to be picked because you cannot transport them to the event.

Before you shred:

  1. Identify the records you have and whether they are still in use.
  2. Check the UC Records Retention Schedule.
  3. Determine whether the records can be destroyed.
    1. If the retention period has lapsed and no one uses the records – Destroy or delete the records. Shred sensitive, confidential, or restricted paper records.
    2. If the retention period has lapsed but the records are part of a foreseeable or ongoing litigation; an investigation; an ongoing audit; or a pending Public Records Act request, KEEP the records. Do NOT destroy.
    3. If your unit/department has been notified by Risk Management or counsel to retain the records, do NOT destroy them.
  4. Verify with your supervisor that it is acceptable to destroy the records.

Examples of sensitive, confidential or restricted information include:

  • Personally Identifiable Information (PII)
  • Protected health information (PHI) protected by HIPAA
  • Credit card data regulated by the Payment Card Industry (PCI)
  • Passwords providing access to restricted data or resources
  • Court-ordered settlement agreements requiring non-disclosure
  • Information specifically identified by contract as restricted
  • Other information which, if accessed or disclosed without authorization, may result in adverse effects.

Data Stored on Drives

Legacy data stored on old hard drives, external drives, USB devices, and copier drives are also a risk to privacy and should be disposed of appropriately. Please directly contact UCI Equipment Management (equipment-management@uci.edu) if you have decommissioned devices with data that should be destroyed under the UC Records Retention Schedule. They will pick up the devices year-round and ensure that they are securely disposed.

Learn more tips to protect your privacy at: http://privacy.uci.edu/privacyday.php

Sincerely,

Tawny Luu
Director, Public Records Office
Campus Privacy Official
Co-chair, Information Security and Privacy Committee

Isaac Straley
Information Security Officer
Co-chair, Information Security and Privacy Committee

Scroll Up