Privacy and Photocopiers

Several recent media stories have raised concerns about the privacy of confidential and personal information that may be stored on office photocopiers and other multi-function devices (such as combined scanners, printers, copiers). These computer-driven devices all have hard drives embedded within them which can store information in a "mail box" if set to do so. This can be a problem especially if the devices are leased and then returned to the company to be used in another location.

Although accessing stored images requires specialized software, it is better to exercise caution, especially if the copier is used for printing confidential information. In order to avoid a breach of privacy or confidentiality, units should ensure that their photocopiers and similar devices are set not to retain confidential or personal information in a "mail box", and that if documents are stored, the hard drive is re-formatted before being returned to the vendor or sold.

See IPO Tip Sheet #7, Secure Destruction of Records for further information.

Retention and Disposal of Personal Information

Did you know that how long we keep personal information and how we dispose of it are regulated by the Freedom of Information and Protection of Privacy Act? FIPPA says that institutions must retain personal information that has been used by the institution for a minimum of one year, in order to allow individuals a reasonable opportunity to obtain access to their own information.

Furthermore, Regulation 459 under FIPPA is devoted entirely to the issue of disposal of personal information. Institutions must:

• take all reasonable steps to protect the security and confidentiality of personal information that is to be destroyed or transferred to the Archives, including during its storage, transportation, handling and destruction;
• ensure that personal information is destroyed in such a way that it cannot be reconstructed or retrieved; and
• maintain a disposal record setting out what personal information has been destroyed or transferred to the Archives and the date of that destruction or transfer.

When destroying personal information or transferring it to the University Archives in compliance with the requirements of the Common Records Schedule, be sure to use the Records Destruction Approval form or the Transfer to Archives Approval form. Then keep the signed-off copy of the form as your record of disposal.

Lotus Notes: Printing Emails for FIPPA Requests

When printing email records for submission to the Information and Privacy Office (IPO) in response to a FIPPA request, keep in mind that the printouts must clearly indicate the parties involved in the email correspondence (name and email address) and include the complete contents of the email and attachments. Having a complete record not only facilitates the IPO's review of the records, but is essential in order to comply fully with the legislation.

Here are two tips on how to set up Lotus Notes to print an email record properly for submission to the IPO:

Display Complete Email Addresses

Lotus Notes 8 hides the email addresses of parties by default, in order to provide a more "friendly" interface (Figure 1).

Figure 1

• Click on Show Details option on the right side of the email header.
• The complete email addresses are now displayed in the expanded view.

Figure 2

Print Complete Correspondence and Replies

By default, Lotus Notes hides the previous replies of the email correspondence under a collapsible Sections feature (Figure 3 below), and only displays the most recent replies in the email. Before printing out the email, confirm that all sections of the email are expanded in order to provide a complete record of the correspondence.

To expand or collapse a section, click on the arrow area beginning each line (outlined in red):

Figure 3

• Shows a collapsed (hidden) reply marked with a grey right arrow.
• Shows an expanded reply section marked with an orange down arrow.

To assist the University to comply with the Freedom of Information and Protection of Privacy Act and respond within the allotted 30-day time period, make sure you adjust these Lotus Notes settings before printing out your email records.

Common Records Schedule Updates

A number of updates have been made to file classes and sub-classes of the Common Records Schedule (CRS). Some of these changes were made in order to rationalize multiple retention periods. In other cases, new file classes have been added to address activities not already covered. For details of the changes, see the complete listing on the IPO website.

RecordLynx Deployment

Uptake of RecordLynx, the IPO's Excel-based tool to manage paper records, is going well. So far, RecordLynx has been deployed, or is in the process of being deployed, in the Office of the University Secretary and General Counsel; Integrated Resource Planning Office; Office of the Vice-President Finance & Administration; Centre for Human Rights; Faculty of Graduate Studies; Osgoode Hall Law School; and of course, in the Information and Privacy Office.

For more information about the tool, see the profile of RecordLynx, entitled Managing Paper Records, in the last issue of the newsletter.

Active Directory Deployment: An Opportunity to Improve Electronic File Management

During the fall term, University Information Technology (UIT) and other IT units will be moving from using Novell technology for managing files on the University's computers (for example, the files and folders on your home drive or the unit's shared drives) and deploying Active Directory. The change means little for you as the end user; however, it does present an opportunity for faculties and administrative units to organize their shared drive files and folders to comply with York's authorized records management requirements.

So — instead of simply moving existing, often idiosyncratically named and organized files and folders from the old system to the new one, why not invest a little extra time in developing a unit file plan based on the Common Records Schedule (CRS) and then migrating your electronic files to a more structured, managed filing system? Each CRS file class is linked to an authorized retention and disposition indicating how long to keep a record, and what to do with it when the retention period expires (either delete/destroy it, or transfer it to the University Archives). A pre-defined file structure based on the CRS can be provided to units, and units can simply omit file classes that don't pertain to their activities. The example at left shows what a CRS-based file and folder structure would look like. If your unit has already developed a CRS-compliant file plan for your paper files, it's even easier: you can simply adapt that file plan to your files and folders on your unit's shared drives.

The benefits of using this approach are many. Most importantly, it allows units to apply a consistent classification framework to their electronic records and filing processes. Further, it allows your unit to review and retain or dispose of electronic records according to the timelines specified in the CRS. In addition, a CRS-compliant file plan for electronic records facilitates compliance with York University's records management policies, allows for more efficient use of IT storage resources at no additional cost, and provides the foundation for adopting specialized records management software in the future.

Faculty and divisional IT leads are fully on board with supporting this approach if directed by their organizational units to do so. The IPO can assist units in getting started on e-file plan development. We have also prepared some guidance on how to organize shared drives according to the CRS: Organizing and Maintaining Shared Drives.

Left: Sample top-level file directory structure (partial) based on the Common Records Schedule. Lower levels (sub-folders) are created by units themselves.