Feb 23 – Campus Records Cleanup Day

February is Data Privacy Month.

Privacy is an important value of the University, and each of us is responsible for the security of information assets with which we work. Keeping records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is a privacy risk.

Good document hygiene includes shredding unnecessary paper records with sensitive information in a way that is consistent with the UC University Records Management Program (BFB-RMP-1) and the UC Records Retention Schedule.

Shredding Truck Available on February 23

On February 23 from 9am-11am, a shredding truck will be parked in Lot 12A near the Natural Sciences buildings.

Drop Off

You can drop off any paper records that your unit has determined should be destroyed. The truck will shred your paper records onsite, including paperclips, rubber bands and binder clips, and issue you a certificate of destruction.

Arrange for Pickup

Alternatively, if you are unable to transport them to the event location, you can request records be picked up from your department. Please contact Tawny Luu (tyluu@uci.edu) before February 23 to make pick-up arrangements.

What Should be Shredded

Please review the steps listed below that your unit or department should use to determine what paper records should be destroyed under the retention schedule.

Before you shred:

  1. Identify the records you have and whether they are still in use.
  2. Check the UC Records Retention Schedule.
  3. Determine whether the records can be destroyed.
    •  If the retention period has lapsed and no one uses the records, destroy or delete the records. Shred sensitive, confidential, or restricted paper records.
    •  If the retention period has lapsed but the records are part of a foreseeable or ongoing litigation, an investigation, an ongoing audit, or a pending Public Records Act request, KEEP the records. Do NOT destroy them.
    •  If your unit/department has been notified by Risk Management or counsel to retain the records, do NOT destroy them.
  4. Verify with your supervisor that it is acceptable to destroy the records.

Examples of sensitive, confidential or restricted information include:

  • Personally Identifiable Information (PII)
  • Protected health information (PHI) protected by HIPAA
  • Credit card data regulated by the Payment Card Industry (PCI)
  • Passwords providing access to restricted data or resources
  • Court-ordered settlement agreements requiring non-disclosure
  • Information specifically identified by contract as restricted
  • Other information which, if accessed or disclosed without authorization, may result in adverse effects.

Data Stored on Electronic Devices

Legacy data stored on old hard drives, external drives, USB devices, and copier drives are also a risk to privacy and should be disposed of appropriately. Please directly contact UCI Equipment Management (equipment-management@uci.edu) if you have decommissioned devices with data that should be destroyed under the UC Records Retention Schedule. They will pick up the devices year-round and ensure that they are securely disposed.

If you find “permanent” records scheduled for university archives review, please contact Laura Uglean Jackson, Assistant University Archivist, at lugleanj@uci.edu. The university archives accepts records in physical and electronic formats. See http://special.lib.uci.edu/transferring-admin-records to learn more about the types of records that the archives accepts.

This free event is brought to you by the UCI Information Security and Privacy Committee, UCI Records Management, and UCI Libraries Department of Special Collections and Archives.

Learn more tips to protect personal information at: http://security.uci.edu/top10.html