Statement and Purpose

This policy is intended to help employees manage business related information that is created and maintained by the employee in electronic form. This includes:

Information sent or received by email, calendar items, contacts, or tasks
Documents, reports, worksheets, or presentations created and stored in any location (My Documents, OneDrive for Business, Departmental Shares/Directories, SharePoint, etc...)
Any communications performed as an employee (voice messages, instant messaging, chat, etc...)

All employees (and their supervisors and managers) should familiarize themselves with these data retention requirements to assure that important institutional data is being preserved and maintained. Additionally, this policy sets forth reasonable expectations for the recovery of material accidentally deleted or corrupted.

Questions about the proper classification of a specific piece of information should be addressed to your area manager.

Data Retention and Recovery

Ownership

SPU retains ownership of all items that are created, maintained, stored, or shared by employees in the performance of their duties. Implied in this policy is the understanding that a substantial portion of university business is conducted via electronic communications (email, instant messaging, etc..) and in documents or other electronic materials created and maintained by the employee. See the Computer Acceptable Use policy for more information. All Computer User Accounts and Resources are covered under this policy.

Audit/Inspect/Monitor

The University reserves the right to audit, inspect and monitor all information stores and network transmissions within the campus network regardless of their source or origin.

Privacy

While campus technology resources are owned by the University and are intended exclusively for institutional use, we also respect the personal privacy and confidentiality of sensitive information stored on campus resources and seek to ensure that it is protected and secure.

Institutional Data

The Institutional Data Policy establishes roles and responsibilities for the management of Institutional Data, standards for data management, strategies for data quality and integrity, appropriate security and access controls as identified by our data security standards, and creating a culture of skillful and responsible data utilization.

Email and Electronic Communications

This retention policy is secondary to Seattle Pacific University’s policies on freedom of information and specific business or departmental record keeping requirements (procedural or statutory). Any email that contains information within the scope of the business record keeping policy created or maintained at the departmental level – should be treated in the manner prescribed by those policies. All university/employment related email messages and storage should be done on SPU provided systems and resources (SPU's Office365 email accounts). Don't use non-SPU provided accounts and systems (such as Gmail, Yahoo, Hotmail, etc...) for university related business.

Email Quotas and Storage Space

All SPU email accounts have large storage quotas (currently 50 gigabytes, or more if needed). You should be able to store and maintain any institutional email that is required. Err on the side of preservation if there is ever any question.

Email Classification and Retention

In accordance with SPU’s Computer Acceptable Use policy, the primary intent of SPU email is for university business. SPU retains ownership of all correspondence that resides on SPU provided email servers, and may at any time, store, archive or otherwise access email messages in accordance with the provisions set forth by university policy.

Individual employees are responsible for saving/retaining important university-related email messages, unless otherwise dictated and prescribed by statute or university policy. Consequently, important correspondence pertaining to university business should be saved, printed or otherwise preserved by the individual email user in accordance with other university policy regarding the preservation of the academic, business, financial or administrative record.
Email messages should be handled according to the value of their content. For university purposes, email may be characterized in two categories: Limited/Transitory; or Archival/Lasting.
1. Limited/Transitory: Email that pertains to common communications between individuals, and that has a limited time of relevancy, should be deleted as soon as their short term reference value expires. An example of limited/transitory email would be that used in coordinating a departmental meeting. Retaining this message would have no value beyond the date of the meeting. Such messages should be deleted freely and frequently.
2. Archival/Lasting: Email messages that have long term relevance and that pertain to university business or academic operations, should be retained for longer periods of time. Such messages include information regarding university policies, financial records, academic records, operational procedures, administrative actions, or personnel (employment) matters. Currently, SPU employees are individually responsible for retaining correspondence of an archival/lasting nature. Methods of retention could include archival in specific categorized folders (email), and/or printing out hard copy for permanent records filing.
All institutional data should be maintained on campus owned and provided equipment and servers. If you need additional storage resources to maintain critical data on campus-provided equipment, please contact CIS for assistance. Do not copy or store institutional data on personally owned equipment or systems.
Do not store or transmit confidential or sensitive personal information through insecure channels such as email. These data categories should only be stored and maintained in centralized servers.

If you have questions concerning your department’s specific retention requirements, please consult your department head or supervisor.

Email Deletion and Recovery

There are several safeguards built into the campus email resources to protect data. You should be familiar with each of these resources.

Deleted Items Folder – when you delete a message it is stored within your personal email box in the deleted items folder. This directory is automatically emptied once a week, but can be used to retrieve messages before that.
Recover Deleted Items - messages that were deleted from your personal email account persist for roughly 60 days in a server based deleted items folder. These messages can be retrieved from the Tools, Recover Deleted Items menu. The Recover deleted items message store provides on online recovery options for roughly 6-8 weeks of deleted email.

Data Documents, Reports, Worksheets, Presentations

This document retention policy is secondary to Seattle Pacific University’s policies on freedom of information and specific business or departmental record keeping requirements (procedural or statutory). Any items that contain information within the scope of the business record keeping policy created or maintained at the departmental level – should be treated in the manner prescribed by those policies. All university/employment related items and storage should be done on SPU provided systems and resources. Don't use non-SPU provided accounts, personally-owned computers, and/or systems (Google Drive, DropBox, etc..) to store data for university related business.

Further information about the Institutional Data Policy can inform employees about preservation requirements.

Document Quotas and Storage Space-Locations

All SPU employees have large storage quotas for documents. The My Documents file share can be increased by CIS to accommodate any reasonable need. Additionally OneDrive for Business and SharePoint resources can be adjusted for legitimate business purposes You should be able to store and maintain any institutional data that is required. Err on the side of preservation if there is ever any question.

Document Retention

SPU retains ownership of all items that are created, maintained, stored, or shared by employees in the performance of their duties.

Individual employees are responsible for saving/retaining important university-related documents, reports, worksheets or presentations, unless otherwise dictated and prescribed by statute or university policy. Consequently, important items pertaining to university business should be saved, printed or otherwise preserved by the individual user in accordance with other university policy regarding the preservation of the academic, business, financial or administrative record. This includes, but is not limited to, information in paper, electronic, audio, or graphic/visual formats.
There is often both current and archival purposes for institutional data. Items are generally stored and maintained for long period of time. SPU employees are individually responsible for retaining these items of a current, or an archival/lasting nature. Items such as information regarding university policies, financial records, academic records, operational procedures, administrative actions, or personnel (employment) matters are generally preserved indefinitely. Deletion is only needed when the items are obsolete and are no longer needed for any current for future purposes.
All institutional data should be maintained on campus owned and provided equipment and servers. If you need additional storage resources to maintain critical data on campus-provided equipment, please contact CIS for assistance. Do not copy or store institutional data on personally owned equipment or systems.
Do not store or transmit confidential or sensitive personal information through insecure channels such as email. These data categories should only be stored and maintained in centralized servers.