Adoption
Date : 1989-10-11
Approving Body : University Secretary-General

Modifications:

2025-06-03
2022-03-17
2021-09-23
2007-08-22


Responsible Service : University Archives

1.0     Purpose

1.1 This procedure supports Policy 23-Information Management and its purpose is to ensure consistent methods for the retention and final disposition of University information assets, in accordance with the University Information Disposition Schedule.

2.0 Interpretation

2.1 This procedure provides guidance to University of Ottawa employees, faculty, staff, and heads of units with the responsibility of the management of information, in accordance with the University Information Disposition Schedule and provides instructions for preparing information assets for final disposition.

2.2 Authority to establish this procedure is derived from Policy 23- Information Management which delegates authority to the Senior Director, Information and Archives Management to establish and maintain a retention and disposition schedule for all information assets, based on legal, regulatory, fiscal, operational, archival, evidential and historical requirements.

3.0    Scope 

3.1 This procedure applies to all information assets, regardless of medium or format, that are in the custody and control of the University.

3.2 This procedure does not apply to transitory information, which may be securely destroyed as soon as it is no longer useful.

4.0 Terms and Definitions

4.1 For the purpose of this procedure the following definitions apply:

“information asset” is information that is generated or managed by the University and has value to the University.

“disposition” is the action taken on University information assets by the Responsible Unit(s), when the retention period has been reached. There are two possible disposition actions documented in the University Information Disposition Schedule:

“destroy”:  information assets are destroyed or erased in an irreversible manner which ensures that the information cannot be recovered or reconstructed, by methods outlined in section 7 of this procedure.

“send to archives”: information assets have enduring archival or historical, value and are transferred for permanent preservation and access to the custody of the University Archives where they will be managed in accordance with Procedure 20-11.

“University Information Disposition Schedule” is a University tool to manage information assets created or received by the University.  The systematic application of managing information through a classification structure allows for the control of information assets throughout its lifecycle – from creation through to disposition.  TheInformation Disposition Schedule provides authority for the management of information regardless of whether they are in paper, digital, image, audio, or video format.  

“function” is a group of high level activities of the University to fulfill its goals and accomplish its functions and transactions.

“class code” is a numerical code to identify the information class.

“activity” is a major action, or task, undertaken to complete a given function.

“responsible unit(s)” is the University unit or units who are considered to have the authority, responsibility and accountability for managing, maintaining, and disposing of the most complete version of information assets in a class code.

“retention trigger” describes when to begin the retention period.

“retention period” is the length of time that information assets must be kept by the Responsible Unit(s).

“transitory information” is information of temporary usefulness in any format or medium having no ongoing value beyond an immediate and minor transaction or the preparation of a subsequent information asset. Transitory information can be securely destroyed when no longer needed.

5.0 Responsibility

5.1 Responsibilities of University employees, faculty, staff, and heads of units:

a)    apply this procedure to the information assets in their custody and control,

b)    securely destroy transitory information once it is no longer useful,

c)    respond to and approve, in a timely manner, all Information Destruction requests sent to highest-level directors or managers,

d)    prepare information assets for their final disposition,

e)    if identified as a Responsible unit, destroy all information assets in their custody and control once they have reached their retention period.

5.2 Responsibilities of the Senior Director, Information Management:

a)    monitor the retention periods for information assets that have been stored with their service and request authorization from the most senior di
rector of the unit, when applicable,

b)    ensure the secure preservation and access of information assets that are determined to have enduring value, according to the University Information Disposition Schedule, and in accordance with Procedure 20-11.

c)    establish, monitor and maintain best-practices, and tools, as well as, provide advice, awareness and training sessions to employees, faculty, staff, and heads of units to support the application of this procedure, specifically, the University Information Disposition Schedule.

6.0    Procedure

6.1 Approval from the highest-level director or manager of the Responsible Unit is required to dispose of information assets created by their department or unit. Approval should be based on the current, approved Information Disposition Schedule.

6.2 Units must not destroy any information pertaining to an ongoing or reasonably anticipated investigation, legal action or proceeding, Freedom of Information (FIPPA) request, audit or program review, even if the retention period or disposition date specified has already expired.

6.3 Information assets must be retained for the full duration of their retention period, as defined by the Information Disposition Schedule. Once the retention period has been reached, the information asset is eligible for secure destruction or transfer to the archives. 

6.4 The retention period begins only after the Retention Trigger defined in the Information Disposition Schedule has occurred.

6.5 Steps for disposition of information
To determine the disposition of information assets in your custody and control follow these steps:
 

StepActionYesNo
1 - Consult the Information Disposition ScheduleConsult the Information Disposition Schedule for the retention and disposition of information that applies to your information assets. If you have questions, contact the Information Management and Archives (IAM)
2 - Determine FunctionIs there a “Function” that applies to the information assets in question?See step 3 Contact the Information Management and Archives (IAM). We will help you determine where your information fits.
3 - Determine ActivityIs there a “Activity” that applies to the information assets in question?See step 4Contact the IAM. We will help you determine where your information fits.
4-Identify the Responsible Unit(s)Is your unit identified as a “Responsible Unit” for the information determined in step 3?See step 5You are not identified as a Responsible Unit and your office is not managing the most complete version.  You can securely destroy your copies when no longer useful, according to methods in Section 7- Approved methods of destruction.
5- Retention triggerHas the “retention trigger” occurred yet?See step 6The unit must continue to manage the information assets until the retention trigger has been reached.
6- Determine the retention periodHas the “retention period” for the information assets in question been reached? As described in section 6.4: The retention period begins after the Retention Trigger defined in the Information Disposition Schedule has occurred. See step 7The unit must continue to manage the information assets until the retention period has been reached.
7-Disposition actionIs the “disposition action” destroy?See step 8The action is “send to archives”, meaning this information is to be transferred IAM and to be managed in accordance with Procedure 20-11. Contact the IAM.
8- Conduct destructionSecurely destroy of the information assets according to Section 7-Approved methods of destruction.   

  
7.0 Approved methods of destruction

The medium and the nature of the information will influence the destruction method to be followed.  Consult Policy 117- Information Classification and Handling to determine the University information sensitivity classification that applies. 

There are five accepted methods of destruction:

Confidential and internal information assets:

a.    Secure deletion: Secure deletion of file, directory, and data using methods that resist simple recovery methods, such as data recovery utilities and keystroke recovery attempts.  follow the methods recommended by Information Technology in SCHEDULE J - IT ASSET DISPOSAL

b.    Device cleanse: Cleansing of information storage devices before reuse or disposal (external server, laptop, tablet, cell and other IT assets) - follow the methods recommended by Information Technology in  SCHEDULE J - IT ASSET DISPOSAL

c.    Secure shredding : Secure shredding in padlocked recycling bins for confidential paper documents and, if in small quantities, for photographs, negatives, slides, video, USB key, DVD, CD, diskette, microfiche, microfilm, etc. Use a padlocked bin dedicated to confidential documents that are not paper if you destroy a large quantity. (Contact Facilities to obtain padlocked bins)

Public Information assets:

d.    Recycling: Recycling of public paper documents in the regular recycling bins.

e.    Multi-media disposal: Disposal in trash can of public photographs, negatives, slide, video, and DVD.