Managing electronic information (including e-mail)
Retention and disposal
Employees are responsible for retaining information that is of value to the University, whether that is for business processes for legal purposes, or historical value. The University’s Record Retention Policy offers recommended retention periods for common University records. Disposition of records created, retained or stored in information systems, computers, other networked devices, mobile devices, external storage services, or stand-alone storage devices should proceed on the same basis as for traditional paper records. Employees with questions should refer to the list of guardians of University information and/or to the University records manager.
Employees of the University should understand that electronic information is governed by the same laws and regulations as paper documents historically have been, including statutes protecting the privacy of student records, medical information, and personally identifiable information. Employees are expected to apply to electronic information the same security and record retention practices applied to paper documents.
At this time, e-mail should be handled as any other correspondence in terms of retention and disposal. There are three ways of preserving e-mail: on the e-mail system, within an office’s paper files, or in some form of electronic record-keeping system, for example, OnBase. As a general rule, the longer the message must be maintained or the more it needs to be shared, the greater the need to remove it from the e-mail system and store it as a hard copy (including the metadata accompanying the message, for example file properties or full e-mail headers) or in an electronic storage system. Attachments must also be identified and linked to the original message so that they may be easily located. Regardless of the methodology chosen, the authenticity and integrity of the entire e-mail message should be preserved.
Generally speaking, e-mail systems are communication systems, not record keeping systems, and are not designed for the efficient management or preservation of messages stored on them. Storage of e-mail to some form of record-keeping application most fully satisfies the need of current access to e-mail and also enhances value by allowing searching and sorting, maintaining linkages, and allowing for the full integration of the e-mail file into the office's workflow processes. Such systems also offer the potential for preserving and making accessible records scheduled for long-term retention. E-mail retained in electronic format must be migrated to new software and storage media as upgrades occur.
Like all records, e-mail eventually will cease to be useful to the office, and at this point should be deleted from the Outlook inbox and/or sent folders. Then the “Trash” or “Deleted Items” folder must be emptied (either manually or on an automated schedule) to properly dispose of the e-mail record. Then the records truly are deleted. (While it may be possible for a specialist to reconstruct the deleted files, it is not necessary for you to do anything further.)
When a University employee trades in or replaces a computer or other networked device, it is required that the employee or the employee's computing support specialist use appropriate, effective software to remove any and all data from the hard drive, or if warranted, destroy the hard drive by means approved by the University’s Information Security Officer. As with the disposition of any other University records, e-mail disposal should be regularized and documented. With respect to back-up media, it is recommended that these storage devices be physically destroyed when no longer needed. However, it is imperative that copies of critical work and work product be maintained until no longer needed.
All members of the University community are responsible for knowing the content of official correspondence sent to their University-provided e-mail address. Students who submit academic work via e-mail should retain copies of the work until certain that the instructor has received a legible copy. Acknowledgement by the instructor of receipt of a legible copy would be courteous and is encouraged.
Faculty, staff and students who have personal e-mail accounts with services outside the University are encouraged to use only their University-provided e-mail accounts for communications regarding University matters. Using University e-mail protects the privacy and security of University data; allows for verification of sending and receipt of critical correspondence regarding academic and other matters; and facilitates responses to subpoenas and other situations that may require the retrieval, inspection, or production of documents including e-mail.
Princeton account-holders who have their e-mail copied or forwarded to an outside account must take care to avoid marking any such copied or forwarded mail as spam. Major Internet service providers have barred all e-mail coming from the Princeton domain when the provider's customers have marked as spam what the provider perceives to be too many messages. Such incidents can interfere with the business of the University as well as impede communication for other members of the University community.
If you are responsible for data that are important to the University and that are created or stored on portable devices, you also are responsible for ensuring that the information is backed up regularly in a form that permits ready retrieval.
If you are a student and have custody of data important for completion of your University academics, you are responsible for assuring that adequate and appropriate back-up of the information is maintained.
Some kinds of information are considered confidential. For example, some information is defined confidential by law, for example by FERPA or HIPPA; some research data including data involving human subjects must be kept confidential. In general, personally identifiable information should be considered confidential, consistent with the University’s Information Security Policy (www.princeton.edu/informationsecurity).
As an employee or student, if you have authorized or inadvertent access to what the University defines as confidential data, you must comply with the University's Information Security Policy and know which University office has stewardship of, and authority over, the information.
You also must confine your access to or viewing of such data to situations in which your University responsibilities require such access or viewing.
If you have authorized access to confidential or private information within the University, you must respect the confidentiality or privacy constraints that pertain.
Any handling of confidential data, whether in hard-copy form, on University-owned equipment, or via personally-owned home devices, should be done in the most secure, confidential manner, consistent with the Information Security Policy.
In the event of unauthorized access to University data, whether through theft or loss of portable devices such as USB drives, laptops, smart phones or other devices, or any other kind of breach of security, the individual who possessed the device or learns of the breach is responsible for notifying the appropriate University offices of a potential data breach, and assisting with the University’s data breach response. If the individual suspects the breach involves illegal action by a member of the University community, the University's policy on reporting potentially illegal activity (www.princeton.edu/reportingillegalactivity) should be followed. OIT's Help line (609-258-HELP by telephone, or firstname.lastname@example.org via e-mail) is the best place to start when reporting potential data breach. If a related device is lost or stolen, a report should be filed as soon as possible with appropriate law enforcement. A loss or theft of University-owned equipment anywhere in the world should be reported to the Department of Public Safety. If the incident occurred off-campus, a copy of the relevant police report also should be obtained and provided to the Department of Public Safety.
Confidential or private data ordinarily should not be stored on mobile devices that are easy to carry away. If it is absolutely necessary to store private or confidential information on such a device, the information must be encrypted to protect it from view should the device fall into unauthorized hands. The portable device and, ideally the files as well, must be password protected. It also is essential to provide adequate physical security for any device, including a desktop machine that contains confidential data. Please note that if personally identifiable information from children under the age of 13 is collected for commercial purposes, such activities may be subject to the Children’s Online Privacy Protection Act.
The University-endorsed encryption product or protocol should be used whenever possible. If the University has not yet endorsed a particular product or protocol for the platform you use, you should be prepared to use one when it is announced as endorsed. Information regarding encryption on University devices is published at www.princeton.edu/encryption.
Those who travel on University business or for study abroad should know that some encryption software may not be taken out of the United States. For that reason, and to avoid transporting confidential data unnecessarily, it may be prudent to travel with a computer or mobile device specially configured for travel rather than with the laptop or mobile device used locally at Princeton.
The advent of storage services in “the cloud” (for example, DropBox) provides a tempting alternative for those who use portable network devices or have computers stationary in several locations. However, the security of such services still must stand the test of time. Until the University can recommend a particular service, your storing confidential or private University information in such a “cloud” service poses serious risks. The University is considering a service that would encrypt all stored files, reducing risk of exposure. When such a service is recommended for use by the University community, an announcement will be made. Until that time, private or confidential University data must not be stored in a cloud service unless that service has been approved by an authorized representative of the University.
Peer-to-peer file-sharing software may not be installed or used on DeSC computers (the set of machines designated explicitly for administrative applications) because such applications could expose to Internet access information that is private, confidential, or University-private. Other policies affecting DeSC computers may be seen at www.princeton.edu/desc/policy-and-procedures/ and at www.princeton.edu/desc/policy-and-procedures/security-policy-and-proce/ .