MEMORANDUM

TO:                BGSU Faculty and Staff

SUBJECT:   Electronic Data Privacy and Records Retention Policies

DATE:           July 2, 2007

The recent incident involving the loss of a flash drive that contained personal information has heightened our awareness of policies and practices concerning the handling, transportation, and storage of such data.  There are two sets of policies that all faculty and staff should be thoroughly familiar with and observe in their daily operations.  We all must act in accordance with these policies to reduce the chances of any similar incident occurring in the future.

Records Retention

Our records retention manual and policies are well developed and available on the web http://www.bgsu.edu/colleges/library/cac/uarchives/recman.html.  These policies and our records retention program have been approved by the University's Board of Trustees under the statutory authority granted them in the Ohio Revised Code.  Relevant to the recent breach of security, these policies include the provision that a faculty members' grade records must be destroyed no later than six years after such records are actively in use by the faculty member for a current or recently completed course*.  Subsequent to that time, Registration and Records is the University's office responsible for maintaining and managing records dealing with grades.

Sensitive Data Privacy

Attached you will find a recently developed interim policy on Sensitive Data Privacy.  This policy deals with the appropriate (and inappropriate) ways to record, transport, and/or store electronic data.  Please read this carefully and help us to avoid security problems in the future.  Thank you.

Mark Gromko
Interim Provost and Vice President for Academic Affairs

Bruce Petryshak
Chief Information Officer

*http://www.bgsu.edu/colleges/library/cac/uarchives/recseries.html#a and

http://www.bgsu.edu/colleges/library/cac/uarchives/recdisp.html