Handbook of Business Procedures
Date published: October 23, 2012
Last revised: March 17, 2023
Issued by: Records Management Service
20.7.1. MANAGING CONTROLLED OR CONFIDENTIAL RECORDS
A. Introduction
Controlled and confidential records at The University of Texas at Austin have security requirements, whether the records are hard copies or electronic.
1. Physical Security
Records containing controlled and confidential information must be kept in locked cabinets for their entire lifecycle. File cabinets containing these records must be kept in areas that are not accessible to unauthorized personnel. Records that have met retention requirements and are awaiting disposition must be marked "For confidential disposal" and kept in a locked cabinet or secure area.
2. Electronic Security
Electronic or imaged records that contain controlled or confidential information must be securely maintained for their entire lifecycle. These records must be password secured so that only authorized personnel can access them. If information is stored on a local hard drive, the computer must be locked when not in use. Hard drives must be wiped clean before disposal so that no information is recoverable. Contact the Information Security Office for support and information in developing secure departmental electronic records storage and retrieval systems. For credit card security requirements, refer to 6.4. Credit Card Collections.
B. Disposition of Controlled or Confidential Records
Security requirements apply to the entire lifecycle of all master records, convenience copies, and transitory information records that contain controlled or confidential information, and departments must destroy records in a manner that preserves confidentiality following the guidelines in 20.7.2. Destruction Options for Controlled or Confidential Records.
- Master Records
Once master records that contain controlled or confidential information have met retention requirements, they must be disposed in a manner that preserves confidentiality throughout the entire disposal process, whether they are transferred to archives or destroyed. When records to be transferred to archives contain controlled or confidential information, the university archivist is notified of the confidential status. Master records that contain controlled or confidential information and are approved for destruction by RIMS must be protected and disposed following the guidelines in 20.5.4. Destruction Procedures and Form.
- Convenience Copies
Convenience copies that contain controlled or confidential information may be disposed at any time prior to the disposition of the corresponding master record, and no authorization is required. However, measures to protect confidentiality are required.
- Transitory Information Records
Transitory information records that contain controlled or confidential information may be disposed when they have served their purpose, as determined by the department, and no authorization is required. However, measures to protect confidentiality are required.