Legal Issues in Records Management
Download
Report
Transcript Legal Issues in Records Management
Brad Houston, University Records Officer
July 7. 2009
RM programs in public
institutions (like
UWM!) driven by legal
mandate
Provides legal
protection in case of
public records request,
subpoena, etc.
Privacy laws and
concerns: dictates
disclosure
Introduce participants to relevant laws, court
decisions, and policies
Explain steps you can take to ensure
compliance and limit liability
Focus on electronic records and requirements
for storing and producing digital files
Describe basic procedures for dealing with
records requests
Do NOT rely on this presentation for legal
advice!
Guidelines for compliance, preparation for
discovery/disclosure
Not intended to provide SPECIFIC instruction for
individual litigation cases
If your office is subject to litigation/discovery:
Contact Legal Affairs (x4278)
Laws and what they mean for you as a UWM Employee
Definition of a public record
Materials “made or received… in connection with
the transaction of public business”
Public records are property of the State of
Wisconsin
Public records may not be destroyed without
approved records retention schedule
Electronic/Microfilm copies may be
considered official records
Defined regardless of format
“books, papers, maps, photographs, films,
recordings, optical disks, electronically formatted
documents or other documentary materials”
Major Exceptions:
Convenience/Reference copies
Notices/Invitations
Drafts/Notes (not shared with colleagues)
Routing Slips/Envelopes
An accountability measure!
Provision for internal audit of department
activities
No destruction without records schedules
(RRDAs)
General Records Schedules: Fiscal, Personnel, etc.
Specific Records Schedules: Dept. series
Records Schedules must be renewed every 10
years
Make sure all records in office have applicable
record schedules
Most offices are mostly covered by general
records schedules
Separate records from non-records
Maintain filing by record series and
disposition date
All public records potentially available to any
public requestor
“The denial of public access generally is contrary
to the public interest…”
Public records requests coordinated by UWM
Records custodian
Exceptions to required disclosure
Limitation of scope of disclosure
ANY requestor may request viewing of public
records except as otherwise provided by law!
Confidential Records: subject or his/her designee
may view (but see exceptions)
Requestors NOT required to provide reason
If requested records are internal use (i.e. not
intended for public), refer requestor to Public
Records Custodian
Information gathered in connection with a
complaint/grievance/arbitration
Information which may endanger an
individual’s life/safety
Information which identifies informants
You are not required to disclose:
Trade Secrets, including research data
Identities of applicants for public positions (until
finalists)
Plans/Specifications of State Buildings
Personnel Records (including some supp. materials)
Financial Identifying Information
If you suspect requested records to include these
materials, inform the records custodian!
Defer ALL public records requests to UWM
Public Records Custodian
Maintain appropriate security levels for all
records
Suspend records destruction once a public
records request is received
Be prepared to make ANY eligible record in
your office available
Requestors may sue for “unnecessary delay”, so
be timely in responding to the Records Custodian!
Define rules and regulations re: discovery of
records for subpoenas/litigation in federal
court
Describe scenarios under which records
disposition can/cannot occur
Provide for potentially severe penalties for
non-compliance or premature destruction
In all cases, FRCP-relevant cases will be
handled through Legal Affairs
Contact Legal Affairs IMMEDIATELY
If electronic records are involved, also contact
UITS to preserve backup tapes
Cease all records management activities
(especially records destruction)
Assess your ability to produce records, and
how quickly
ANYTHING in subpoenaed files may be
subject to discovery and use!
Protect yourself:
Keep files on different cases/projects discrete
Destroy files scheduled for destruction in a timely
manner unless litigation has started
Do not use your personal email for work purposes,
or vice-versa
▪ Why? You may need to produce in connection with
litigation
FRCP “Safe Harbor” clause! Applies if:
Records schedule for that series exists
Disposition of that series is performed on regular
basis
Records were destroyed before Legal Affairs
became aware of litigation possibility
Strongest argument for practicing good
records management
FERPA, HIPAA, and UWM’s Personnel File Policy
Students have right to view educational
records
Educational records are only accessible to
student
Student may authorize disclosure
Directory Information may be made available
Exception: if a student has opted-out
Certain other exceptions exist
All records pertaining to students maintained
at UWM
Presumption of confidentiality
Major exceptions:
Instructor personal/sole possession notes
Employment Records
Campus Security Records
Alumni records
Defined as information publicly available:
Name, Address, Contact Info
Year in school, major, enrollment status
Participation in activities
Degrees, graduation date, awards received
Students may choose to opt out of directory
information release
Contact Enrollment Services
Campus Directory?
Individual Students
UWM Employees with “Genuine Educational
Interest”
Exempted classes
Financial Aid Providers
Other educational institutions (for transfers, etc.)
Specifically exempted officials (FERPA Manual)
Accrediting groups/student study groups
Students must provide WRITTEN consent
(with signature), including:
Specification of records to be released
Identify to whom records may be released
Indication of purpose of release
Provide requested records within 45 days
No consent needed if records are subpoenaed
or requested via public records request
But contact Records Custodian first to determine
validity of subpoena
Release FERPA-protected information to
parents
Exception: if student is under 18
Post test or course grades using social
security numbers
Provide records to UWM staff without
“legitimate educational interest”
Keep a log of all disclosures of FERPAprotected information
Exceptions: access by student or student-
permitted party, directory info disclosure
Keep a log of notifications to students of
disclosure
Maintain letters of consent for AT LEAST six
years after student graduates/leaves UWM
Do not disclose student information if you
have ANY doubt re: permissions
Contact Legal Affairs for guidance
Advise requestor to direct request to Public
Records Custodian
Current Legal Affairs stance: presume ALL
student information is private
Why? Directory Info “Opt Outs”
Defines Official Personnel File and contents
Provides provisions and restrictions for access
Prescribes official custodian, length of
retention
This section being revised
Does not in itself have force of law
Clarifies key provisions of Public Records Law
Copy of the Personnel File held by Dean or
Division Head or their designate
Usually the PRep, but they may delegate
Contains all information related to
employment actions by a UWM employee
Become inactive after employee leaves:
Classified: 7 year retention and destroy
Unclassified: 10 year retention and destroy
Faculty: 30 year retention and transfer to archives
Employees may view their own personnel file
May not view confidential records within P-file
Coordinate request with Public Records
Custodian, especially if sent to Archives
Employees may authorize access to their
personnel file
Requires written permission from employee
Route through public records custodian
All subpoenas subject to review by Legal
Affairs
Defines and protects certain classes of health
information
Indicates which entities are required to
protect information, and which are excluded
Provides right of patients to access health
records
Surprisingly, not applicable to most
departments on campus!
Employer medical information not subject to
HIPAA regulation
Three main groups of covered depts/people:
Provider units (Athletic trainers, Health Center,
Health Sciences and Nursing Centers)
Administrative units (Bursar, BFS, Institutional
Review Board, some members of UITS)
Researchers and students using clinical info
UWM HIPAA resource site
https://www4.uwm.edu/legal/hipaa/index.cfm
UWM HIPAA manual
https://www4.uwm.edu/legal/hipaa/policies/index
.cfm#sectionB
Other questions? Contact Legal Affairs
directly
Wisconsin Administrative Rule 12, Digital Millenium Copyright Act
Electronic documents are records too, and
subject to public records request/subpoena!
Latest revisions to FRCP include e-discovery
provisions:
E-records are discoverable and usable as evidence
Must be produced within 30 days, in the form in
which they are used
Requestor may specify form of production
Third parties may be subpoenaed (Twitter,
anyone?)
Puts forth criteria for maintaining electronic
records
Mandates design and use of information
systems to support e-records
Does NOT require departments to maintain
records electronically
DOES apply to records already being
maintained electronically exclusively
Electronic records must be:
Accurate: reflects the original record
Accessible: Record can be retrieved
Authentic: can be substantiated as accurate
Reliable: produces the original record every time
Legible: letters and numbers are identifiable
Readable: Groups of letters recognized as words
All of these properties must be maintained
throughout a record’s active life
Legible and Readable: keep file formats up to
date, migrate files
Usually applies only to long-retention records
Accurate and Reliable: write-protect final
copies of electronic records
Authentic: use versioning/logging features of
PantherFile
Accessible: Create logical filing system
Robust search terms, tagging, metadata?
Defines illegality of republishing copyrighted
information via file-sharing
Prohibits circumvention of anti-piracy
software or code (incl. DRM on music files)
Limits liability of ISP (i.e. UITS) for violations
Does provide expectation of ISP action, however
Provides exceptions for certain
departments/circumstances (mostly Fair Use)
UWM takes DMCA violations VERY seriously
Also violation of UWM Computing Policy!
UITS is required to facilitate removal of protected
information
Remember: Your work computer is NOT your
personal property!
Info Security Office will not hesitate to seize it for
forensic analysis if necessary
DO NOT DELETE offending material
▪ It can still be found, AND you get in more trouble!
You will NOT be eligible for legal defense
from UWM
Limits UWM’s own liability
Legal Affairs may facilitate contact between
you and litigant
e.g. forwarding letters of intent, pre-settlement or
settlement letters, etc.
Your UWM computing privileges may be
revoked
Summary and resources
Create record schedules for all records in your
office
General Schedules cover a lot of these
Maintain appropriate security levels for
protected records (FERPA, personnel, HIPAA,
etc.)
Destroy records as soon as retention time
expires
Separate work-related and personal records
STOP destruction of records as soon as you
are aware of litigation possibility
Inform legal affairs immediately of situation
Organize your records and prepare for
potential format conversion
Don’t discuss the terms of the litigation any
more than strictly necessary
UWM FERPA Guide
https://www4.uwm.edu/current_students/records
_grades/ferpa_facstaff.cfm
UWM HIPAA Guide
https://www4.uwm.edu/legal/hipaa/index.cfm
Digital Millennium Copyright Act– Info
Security
https://www4.uwm.edu/uits/security/alerts/news_
details.cfm?item_id=1561
Office of Legal Affairs
Legal Topics in Higher Education
▪ http://www4.uwm.edu/legal/resources/legal-topics.cfm
General Legal Resources
▪ http://www4.uwm.edu/legal/resources/generalresources.cfm
Wisconsin Statutes (16.61 and 19.31)
http://nxt.legis.state.wi.us/nxt/gateway.dll/?f=tem
plates&fn=default.htm
Personnel File Policy
http://www4.uwm.edu/secu/acad+admin_policies
/S42.htm
Public Access to Records
http://www4.uwm.edu/secu/acad+admin_policies
/S45.htm
Information Security Policy
http://www4.uwm.edu/secu/acad+admin_policies
/S-59.pdf
This presentation available online:
http://www.uwm.edu/Libraries/arch/recordsmgt/legal.ppt
Or, contact UWM Records Management:
[email protected] (Brad Houston)
414-229-6979
http://www.records.uwm.edu