Authority: Issued by the Chancellor.
History: First Issued: August 14, 2007. Last Revised: October 17, 2017.
NC State University Campus-Specific Record Retention and Disposition Schedule (NC State Specific Schedule)
NCSU REG04.00.02 – Public Records Requests
NCSU REG07.40.01 – Disposal of University Property
Request for Approval of Unit Specific Schedule/Agenda
Unit Request for Destruction of Unscheduled Records
NC Department of Natural and Cultural Resources – Government Records Branch Web site
NC Department of Natural Cultural Resources – State Records Center Handbook
NC Department of Natural Cultural Resources – The Managment and Preservation of Digital Media
NC Department of Natural and Cultural Resources – Email Retention and Disposition
Security Backup Files as Public Records in North Carolina: Guidelines for the Recycling, Destruction, Erasure, and Re-use of Security Backup Files
North Carolina General Statute 121-2(8)
North Carolina General Statute 132-1
Contact Info: Vice Chancellor and General Counsel (919-515-3071); University Records Officer (919-515-1690); University Archivist (919-513-3673 or 515-2273); CIO and Vice Chancellor for Information Technology (919-515-0141)
1.1 State law requires agencies to retain Public Records and prohibits their destruction except in accordance with the consent of the North Carolina Department of Natural and Cultural Resources (DNCR). The DNCR has approved the NC State University Campus-Specific Records Retention and Disposition Schedule (the “Schedule”) that governs the destruction or other disposition of University records.
1.2 The Schedule may be supplemented by individual unit specific schedules (“Unit Specific Addenda”) submitted to the DNCR pursuant to the procedures outlined in this regulation. Unit specific addenda approved prior to September 1, 2017 are superseded and no longer effective.
1.3 The university utilizes information technology (IT) resources such as computer systems to send, receive, and store public records in electronic or digital form. “Computer system” references the Office of Information Technology (OIT) server-based computer systems and the data stored on them, which must be periodically copied and preserved to ensure continued computer system viability and functionality. The protocol to copy and preserve computer system backups as described in paragraph 8 below is based on Security Backup Files as Public Records in North Carolina: Guidelines for the Recycling, Destruction, Erasure, and Re-use of Security Backup Files published by the Archives and Records Section of the N.C. Division of Historical Resources.
2. RECORDS RETENTION AND DISPOSITION POLICY STATEMENT
2.1 The Schedule and all approved supplemental institutional unit specific addenda govern the retention and disposition of all university records. Public records, including electronic records, not listed in a schedule or in an official approved unit specific addenda may not be destroyed unless specific approval from the DNCR is obtained.
2.2 Public Records Destruction (subject to 2.3).
2.2.1 Public records may be destroyed when they have met their retention requirements under an approved schedule.
2.2.2 Public records with short-term value may be destroyed or otherwise disposed of when their reference value ends.
2.2.3 Unscheduled public records that the DNCR has specifically approved for destruction may then be destroyed by the university.
2.3 Notwithstanding the instructions of the Schedule and approved institutional unit specific addenda, any records subject to audit or official investigative proceedings or that relate to pending or probable litigation must be retained until the final conclusion of the audit, official proceedings or litigation and an official release has been communicated by either the Auditor or the Vice Chancellor and General Counsel, as applicable.
This regulation applies to all university personnel and covers all records, regardless of form, made or received, in connection with the transaction of university business.
4.1 “Public Record” means all documents, papers, letters, maps, books, photographs, films, sound recordings, electronic data-processing records such as E-mails and other electronic documents, magnetic or other tapes, electronic data-processing records, artifacts or other documentary material, regardless of physical form or characteristics, made or received pursuant to law or ordinance in connection with the transaction of public business by any agency of North Carolina government or its subdivisions. Personal records such as personal e-mail messages do not constitute public records. (N.C.G.S. 132-1).
4.2 “University Personnel” includes all employees of the university whether permanent, temporary, full-time or part-time, faculty, staff, administrators, student employees and agents of the university (including volunteers but not including independent contractors) to the extent they are acting within the scope of their agency authority.
4.3 “Unscheduled Record” means any record not listed in a retention and disposition schedule or unit specific schedule approved by the Chancellor, General Counsel, University Archivist and DNCR.
4.4 “Historical Value” means records that have administrative, legal, fiscal or evidential importance as well as documenting significant events, actions, decisions, conditions, relationships and similar developments.
4.5 “Public Record with Short-Term Value” means those records possessing only brief administrative, fiscal, legal, research or reference value. This category of record includes, but is not limited to, the following: reservations, routing slips, facsimile cover sheets, and those records that do not contain information necessary to conduct official business, meet statutory obligations, carry out administrative functions, or meet organizational objectives.
5. PROCEDURES FOR APPROVAL OF UNIT SPECIFIC AND CAMPUS-WIDE SCHEDULES
5.1 University units may need to seek approval for new or revised unit specific addenda when specific unit records are not included in the Schedule, or when an existing approved unit specific addenda needs revision. If units cannot locate particular records in the Schedule or unit specific addenda, the unit should contact the Office of General Counsel or the University Archivist for assistance.
5.2 If the Office of General Counsel and the University Archivist determine that there is no appropriate record series in the Schedule or existing unit specific addenda that meet the needs of the unit, the unit must submit a “Request for Approval of Unit Specific Schedule/Addenda” form to the Office of General Counsel who will consult with the University Archivist. If the request is approved, the Office of General Counsel shall forward the form to the Chancellor or designee for approval and then to the DNCR for final approval. Unit specific addenda are not effective until approved by the DNCR and electronically published by the University as unit specific addenda.
5.3 A request for approval of unit specific schedule/Addenda must be consistent with, and meet the minimum retention and other requirements set forth in, the Schedule.
5.4 The Office of General Counsel, in consultation with the University Archivist, is responsible for creating or revising campus-wide retention schedules utilizing appropriate procedures.
6. PROCEDURES FOR SEEKING APPROVAL FOR THE DESTRUCTION OF UNSCHEDULED RECORDS
6.1 Authorization for destruction of Unscheduled Records may be obtained from the DNCR. To obtain such approval, the unit must submit a “Unit Request for Destruction of Unscheduled Records” to be reviewed by the Office of General Counsel and University Archivist. If the University Archivist determines that the record has historical value, the unit will be notified of the possibility of transferring the record(s) to the Archives or to another designated, authorized permanent storage area. If the University Archivist determines that the records do not have historical value, and the Office of General Counsel determines that they no longer have administrative value, the Office of General Counsel will forward the Unit Request for Destruction of Unscheduled Records to the DNCR. No destruction of any Unscheduled Record may take place until the unit is notified in writing of the approval of the DNCR.
7. UNIT AND INDIVIDUAL UNIVERSITY PERSONNEL RESPONSIBILITIES
7.1 Unit Record Retention Management Practices. University units are responsible for establishing appropriate record retention management practices that are consistent with this regulation and the procedures of the Schedule and approved Unit Specific Addenda. Each unit head should identify and appoint a records manager who shall be responsible for ensuring (a) that unit records are retained and disposed of in accordance with the Schedule and unit specific addenda; (b) that access to confidential university records and information is restricted; (c) that records with historical value are delivered to the University Archivist; and (d) that accurate records of destruction or transfer activity are maintained. The records manager shall also process appropriate unit requests for approval of unit specific addenda, as necessary. Records managers should be familiar with the guidelines contained in the State Records Center Handbook.
7.1.1 University Personnel Termination or Transfer. When university personnel terminates or changes his/her affiliation with the university, it is the responsibility of the relevant unit administrator to ensure that records under the responsibility of that university personnel are retained or disposed of in compliance with this regulation and all applicable addenda. This action should be taken before the university personnel leaves.
7.2 E-Mail Retention and Disposition. The custodian of e-mail messages will normally be the originator if that person is university personnel; otherwise, it will be the individual university personnel to whom the message is addressed once the message is received at the university. The custodian is responsible for preserving the e-mails, notwithstanding any automatic repository as mentioned in section 8 or computer backup. The DNCR and the NC State Office of Information Technology provide guidance on the methods for managing, storing, preserving and destroying e-mails.
7.2.1 Non-University E-Mail Accounts. If university personnel use e-mail addresses not maintained by the University (e.g. Yahoo, MSN, Roadrunner) to create or receive e-mail that relates to university business, then the university personnel, as the e-mail custodian, is under a legal obligation to preserve, maintain and present upon request that e-mail according to applicable retention schedules or addenda.
8. E-MAIL RETENTION ARCHIVE AND COMPUTER SYSTEMS BACK-UP PROTOCOL
8.1 OIT will retain copies of all e-mails sent or received from external sources (except spam) by university personnel through the University central e-mail system (“E-mail Records”) and create a repository of these E-mail Records. This repository will be retained as a permanent archive for all records until the university personnel has elected to delete the record pursuant to the Schedule. Once an E-mail Record is deleted by university personnel, OIT will maintain the record for 7 years. OIT will use this repository to assist university units and university personnel in responding to requests for e-mail within the custody of the unit/personnel.
8.2 Computer systems maintained by OIT will be backed up periodically according to the standards identified in paragraph 8.2.1 below, with the backup media stored in a secure location. The purpose of the computer systems backup is to provide a means to restore the integrity of the computer systems and data in the event of a hardware/software failure or physical disaster. The computer systems backups will consist of regular full and incremental backups as appropriate. Although security backup files are public records pursuant to G.S. 121-2(8) and 132-1, systems backups are not intended to serve as an archival copy or to meet records retention requirements.
8.2.1 Procedures for OIT-maintained computer systems.
8.2.1a A full systems backup will be performed weekly. Weekly backups will be saved for at least 28 calendar days, at which time the media will be recycled or destroyed.
8.2.1b Cumulative incremental backups will be performed daily unless a full backup is performed. Incremental backups will be retained for at least two calendar weeks, at which time the media will be recycled or destroyed.
8.2.1c All backups will be stored in a secure location. Appropriate security and environment controls, temperature, humidity and fire protection shall be maintained at the storage location.
8.2.1d All backup media that is not re-usable shall be destroyed in an approved manner. Backup media that is re-used for other purposes shall be thoroughly erased.
8.2.1e Periodic tests of the backups will be performed to determine if files can be restored. Tests will be coordinated by the OIT Security and Compliance unit.
8.3 Departments that maintain their own server environments must document, maintain and follow their own appropriate backup procedures. Departmental backup procedures must include time frames for the recycling and destruction of the backup media.