Records and Information Retention Policy

This policy provides general guidelines for establishing a unified approach to records and information management across Ensign College, BYU-Idaho, and BYU-Pathway Worldwide. The intent of this policy is to create a records and information management program at each institution that will promote compliance with recordkeeping laws and regulations, manage risk, and preserve institution history.

Retention of institution records is coordinated by each institution’s Records and Information Management program, which is overseen by the designated institutional Officer and the representative(s) assigned to assist in operationalizing the corresponding procedures.

At each institution, a Records Manager is assigned to prepare the General Retention Schedule (GRS) in collaboration with the other institutions. The Records Manager assists campus departments that require long-term records retention to comply with the GRS and as necessary, to have and follow their own Department Retention Schedule (DRS). The Records and Information Management program will provide recommendations for effectively managing institution records, including proper destruction, storage, and security, as well as minimizing the cost of legal discovery. Detailed information can be found on each institution’s intranet.

Each institution must designate a department (referred to as Institution Archives in this policy) responsible for maintaining, for research purposes, those institution records that have historical and continuing value and that are not highly confidential.

The Records and Information Management program seeks to meet several requirements:

1. Ensure only essential records of continuing value are preserved in accordance with applicable laws and regulations. Records should be retained in the active department office areas as long as they serve immediate administrative, legal, or fiscal purpose, or as long as the department considers in-office retention necessary for administrative or historical reasons.
2. Safeguard against the illegal removal, loss, or destruction of records. Records should be securely disposed of according to the General Retention Schedule.
3. Ensure that the recordkeeping responsibility lies with the owner or creator of the record. Department offices provide guidance on records unique to their offices and should contact their Records Manager for additional guidance.

Benefits

1. Legal compliance and safety of vital organizational records.
2. Improved staff productivity with higher quality of service and faster retrieval of documents.
3. Reduced storage costs through elimination of unnecessary and duplicate documents and an efficient, cost-effective retention and disposal system.

DEFINITIONS

Records refer to information or data in any format, whether paper or electronic, of a legal or official nature that is created or received by institution personnel or third parties and is necessary to conduct institution business, whether related to operations, research, legal, regulatory, or other similar purposes.

Records and Information Management is the systematic and administrative control of records, regardless of media, throughout their life cycle to ensure efficiency and economy in their creation, use, handling, control, maintenance, and disposition.

CES General Retention Schedule (CES GRS) is the key tool for managing records effectively. It includes multiple records categories that identify record types and the time period those records must be retained to comply with legal or regulatory requirements, or for business or historic needs. It provides guidelines for disposition through destruction or transfer to Institution Archives.

Legal hold is a systematic or written directive from the institution’s Office of the General Counsel to suspend the application of this policy for the destruction or alteration of information that is considered relevant to pending, threatened, or imminent litigation or government investigation. All personnel should comply with litigation holds received from their Office of the General Counsel.

Confidentiality is a classification. All institution records are classified as confidential unless otherwise designated by the department in which the record originated. Departments may designate records as highly confidential. If designated as highly confidential, a record may not be transferred to Institution Archives and may not be disclosed—except to the responsible vice president, their Office of the President, and their Office of the General Counsel—unless disclosure is required by law.

REQUIREMENTS

The Records and Information Management program consists of several components, foremost among them the General Retention Schedule. Other components include vital records, electronic records and email management, active and inactive records management, training for records liaisons, imaging and scanning, and components deemed necessary by the institution.

The CES GRS is created or updated by the Records Manager after a records inventory and according to retention periods based on legal, administrative, and historical value. State, federal, and/or regulatory requirements prescribe minimum records retention periods. The schedule is official and published on the institution’s intranet after review by the compliance office, legal counsel, and the appropriate leadership councils of the institution. If DRS exist, they must also be reviewed by the Records Manager.

Retention—Each institution employee is responsible for retaining records according to the CES GRS as it relates to his or her area of control. Records may be retained or managed by the department in which the record originated or by a representative of the Records and Information Management program. If maintained by the department, proper controls should be in place. Each institution employee should notify their Records Manager if a category of institution records is missing from or not appropriately listed in the CES GRS.

Access—All records containing privileged, confidential, legally protected, or proprietary information must be securely maintained to prevent unauthorized access (e.g., employment records, health records, student records, financial records, counseling records, legal records).

Notwithstanding minimum retention periods, all records shall be maintained until all required audits are completed and shall be kept beyond the listed retention period if litigation is pending or in progress. The Records Manager and/or personnel responsible for retention of applicable records must be notified of any litigation that would require retention of records beyond normal disposition.

Archival—Department records may be sent to the Institution Archives where they are managed for the duration of their respective retention periods. Records of historical and continuing value that are not classified as highly confidential are then available for research according to the institution’s applicable data governance standards and related procedures.

Disposal—Once the specific retention period for any paper or electronic record has been reached, records of the institution should be securely disposed of in an appropriate manner according to the CES GRS, either by the department or by a representative of the Records and Information Management program. Destruction of records is permitted in accordance with the law only after expiration of the retention periods stated on the approved CES GRS and there are no legal holds or ongoing audits.

Detailed procedures including information about records inventories, department retention schedules (as needed), retention for automated systems, and procedural roles and responsibilities can be found on each institution’s intranet.

Each department must become familiar with and follow the CES GRS and its corresponding procedures. For any unique records not covered in the schedule, the department should contact their Records Manager for assistance and information.

EXCLUSIONS

This internal policy gives guidance on a unified approach regarding records and information management at each institution and the data in the shared ecosystem among them. It does not however, preempt any requirements or directives outlined in applicable master service or data sharing agreements.

NOTES: Record and Information Retention Program Summary