You are here

Computer Services Managed System Data Retention Policy

Effective Date and Issuing Authority

Effective Date: November 20, 2014

Modified Date: May 13, 2015

Issuing Authority: Computer Services – Technical Support Services

Purpose

To establish guidelines for account deletion, retention and purging of electronically stored information (ESI). ESI includes but not limited to course material for Blackboard, email, contacts, calendar items for email, personal files, and other electronic documents stored on Temple infrastructure or hosted solutions (e.g. Owlbox, google drive and Microsoft OneDrive) and voicemail.

Definitions

Account: An account enables you to log in to the application and stores data pertaining to the user under this record.

Application owner: An application owner is the individual or group with the responsibility to ensure that the program or programs, which make up the application, accomplish the specified objective or set of user requirements established for that application, including appropriate security safeguards.

Data Steward: are appointed for each Role group and oversee the policies and procedures governing for their respective Role group. In effect, they are the final arbiters and advocates for the population with that Role.

Data Owner: Entity that can authorize or deny access to certain data, and is responsible for its accuracy, integrity, and timeliness.

Electronically Stored Information (ESI): ESI consists of any and all data stored, backed-up or maintained on a computer or Telecommunications system. It includes, but is not limited to, email and other relevant files associated with the email system such as contacts, calendar items, files of any type such as text, binary, audio, video, images, course material for Blackboard or files on Owlbox.

Policy

Computer Services and/or University departments that provide or manage application(s) and/or Telecom services for their users must adhere to back-up and Computer Services Managed System data retention policies to ensure that those policies and procedures are followed consistently. They include:

  • the amount of time that a particular item of ESI will be deleted upon account being deleted or disabled,
  • a notification plan if a user is being notified of the action being taken,
  • procedures for recovery after it has been deleted.

Responsibilities

The University Chief Information Security Officer (CISO) will establish and publish deletion and purging schedules for data on applications upon account being deleted. It is the responsibility of the application owner to comply and maintain the schedule. This will include, but is not limited to all systems and applications owned and managed by Computer Services.

Data retention and recovery

The timeframe for deleting system or application data is 30 days after the account has been deleted on Enterprise Directory (ED) or Active Directory (AD).

If longer records retention is required due to legal, code of conduct or judicial investigation, please contact Temple University’s Office of Legal Counsel.