Records Guidance for Highly Sensitive Data
- Can I destroy the records containing social security numbers or other highly sensitive data? Check the Retention Guidance Matrix. If records have met retention or your office is not the official record keeper then you may destroy the records.
- To destroy, complete a Certificate of Records Destruction (RM3) form and submit to firstname.lastname@example.org. More information regarding destruction of University records and instructions for completing a RM3 can be found on the Destruction of Public Records page.
- I need to keep physical records until retention is met, where may I store them? Review the Physical Records Storage Standards for proper method and locations for storage.
- Secure physical records storage is available through the Records Management Office. For more information visit Storage of University Records.
- I need to keep electronic records until retention is met, where may I store them? Review the Institutional Data Protection Standards.
- Questions contact email@example.com
- I can redact the highly sensitive data from my records, what is the best way to redact?
Redaction of highly sensitive data from Physical and Electronic records
It is important to note, that if the information is germane to the authenticity or the use of the official record then the information should be retained and not redacted. Such records would include direct deposit forms where the bank account information is the reason for the form. These forms would be required to remain intact with the official record keeper (UREG). If individual departments and offices have reference copies, these should be destroyed completely and not redacted. Please review the Retention Guidance Matrix to review what references copies should be destroyed.
Physical Records – there are two methods for the redaction of physical records of specific information:
- Blacking Out – on the record black out the specific information to be redacted and then make a copy of the record. Destroy the original and keep the photocopy until retention has been met. You may also use tape or cover up the area while photocopying and then destroy the original. Be careful not to cover or blackout more information than necessary.
- Scalpel (Cutting Out) – Cut the section of the document to be redacted. If the document becomes unstable due to loss of section, make a photocopy of the document and destroy the original. Destroy all pieces cut from the document. You may also use a hole punch for small sections.
Electronic Records – method depends on the format of the document:
- PDF documents – un-reversible redaction is available in the Adobe Pro package. Use the redaction tool and follow all steps in the redaction process, including selection, redaction and saving the document under another name. Adobe Pro may be able, depending on whether the document was OCR’d or created from another electronic document, to search for specific information and redact this. ALWAYS PERFORM THE “SAVE AS” ON THE REDACTED DOCUMENT and destroy the original securely.
- Editable Documents (Excel, Word, XML) – redaction is simply deleting the specific information. This means deleting the section in the document containing the highly sensitive information. Once the deletion of the section is complete SAVE or SAVE AS the document. DO NOT HIDE COLUMNS OR REDACT WITHIN THESE PROGRAMS – the information still exists and can be easily recovered.
- Email – you should not use email to send Highly Sensitive Data, but if you have highly sensitive data in email, remove this information from the email account by printing either to paper or PDF and then follow the redaction procedures above. If the email does not need to be retained, then destroy the email securely.