University Records Disposal Policy: Manual Records
Summer 2005
Policy scope, overview and aims
The University of Essex recognises the importance of
destroying all records effectively in order to ensure
compliance with its various legal obligations and to protect
the security of the information in its possession. This
policy covers manual records managed in all parts of the
University. Its fundamental aim is to ensure a rigorous and
consistent approach to the secure destruction and disposal
of such records.
The policy recognises the difficulty in determining the
level of confidentiality for any specific record. The
established
definitions of "confidential” and
"highly confidential” material contained in
the policy
may not fit all or every record in need of destruction. The
policy is designed to provide a framework within which those
involved in controlling destruction of records can operate.
Individuals are able to use limited discretion when making
the final decision on which category a particular record
should fall into.
Specific legal obligations
The effective destruction of records is an important part
of the University’s approach towards protecting the security
of the information in its possession. In particular, there
are two specific legal obligations that require effective
adherence to this policy:
The provisions and
principles of the Data Protection Act 1998
require the University to ensure that any record containing
personal data, such as an individual’s name, address, or
information relating to personal health, or financial or
legal matters, is managed in a way that prevents the
inadvertent disclosure or loss of information. In effect,
this requires the University to destroy personal data under
secure and confidential conditions.
The provisions of the Freedom of Information Act 2000
require effective destruction of a record at the end of its
lifecycle in accordance with the
established record retention schedule, to be able to
guarantee that responses to requests for information made
under the Act are lawful.
Manual Records: Destruction Process
It is the individual responsibility of all staff to
ensure information they are handling is destroyed
effectively, securely and in accordance with this policy.
Manual records that have reached the end of their lifecycle,
either in accordance with the relevant Records Retention
Schedule or as usual paper waste, are divided into the
following four categories, and are destroyed in accordance
with the instructions relating to each category.
- Hexagonal Paper
Recycle Bins
For non-confidential records and/or data,
and those containing no personal
information, hexagonal bins are provided for
recycling purposes. All hexagonal recycle
bins are emptied whenever necessary by the
cleaner in each department or section. As
paper collected in the bins is only ever
recycled and never shredded, it is the
responsibility of all those placing material
in the bins to check that it has been
identified correctly for recycling.
Additional hexagonal bins can be obtained
by calling extension 2300 or 3144.
-
Confidential Shredding
A record containing basic personal data,
such as name, address, contact details, date
of birth or similar, is shredded
confidentially by a member of staff from the
Estate Management Section. This type of
record is not accompanied during
transportation or the shredding process by a
member of staff from the department or
section wishing to destroy it.
To deal with the destruction of a record
that requires "confidential shredding”,
staff are required to e-mail the Cleaning
Section (faults@essex.ac.uk), explaining that
there are confidential records ready for
shredding. The records are then marked as
‘confidential’ and left in an agreed, secure
place.
Records marked as confidential may not be
shredded immediately. Any record in need of
immediate shredding must be treated as
"highly confidential” (see below).
-
Highly Confidential
Shredding
Any record containing the data described
below is treated as highly confidential
material, as is any record in need of
immediate destruction.
A record is considered "highly
confidential” if it contains the following
material or similar, or is in need of
immediate destruction:
- data relating to
confidential financial
activities of the
University;
- data relating to policy
decisions/future activities
of the University;
- payroll and pension
data;
- sensitive personal data,
as defined by the Data
Protection Act 1998,
covering racial or ethnic
origin, political opinions,
religious beliefs, Trade
Union activities, physical
or mental health, sexual
life, or details of criminal
offences;
- higher level personal
data, such as information
relating to student/staff
disciplinary proceedings or
harassment;
- records containing
"private” personal data,
such as information relating
to an individual’s home or
family life, personal
finances, or a personal
reference;
- records of a
commercially sensitive
nature, such as contracts,
tenders, purchasing and
maintenance records, or
legal documents;
- records concerning
intellectual property
rights, such as unpublished
research data, draft papers,
and manuscripts;
- records containing
personal or sensitive data
about research subjects.
A "highly confidential” record is
shredded confidentially by a member of staff
from the Estate Management Section. The
Cleaning Section is informed via e-mail
(faults@essex.ac.uk), stating that the
material is highly confidential. To ensure a
higher level of security, a member of the
department or section wishing to destroy the
record is present during both the
transportation and shredding process.
Anyone in doubt about which
category to use is advised to contact the
Information Manager.
-
Internal Shredding
Staff working in offices that have their
own shredding equipment may destroy
"confidential” or "highly confidential”
manual records using that equipment. For
records destroyed in this way, the Estate
Management Section is not involved. Staff
shredding their own records are responsible
for ensuring that the records are destroyed
adequately and in such a way that protects
the security of the information contained
within them.
Information already available in the
public domain
Information already available in the public domain, for
example via the University website, but which could fall
potentially into a "confidential” or "highly confidential”
category, such as decisions recorded in Senate, Council, or
Committee minutes, is not normally considered to be
"confidential” or "highly confidential” material. For
records containing such information, destruction via the
hexagonal recycling bins is adequate.
Policy review
In accordance with the University’s standard records
management practice, the policy is reviewed every three
years to ensure it meets effectively the University’s
operational and legal requirements.
Policy Created: Summer 2005
Policy Effective From: October 2005
To be reviewed: Summer 2008