Records must be stored in a location that is known, secure, and stable for the length of time indicated in the Records Retention Schedule. Electronic records must be retrievable through Tufts systems, such as shared network drives or Box, and not on personal drives or in email folders where they are inaccessible to others. Develop filing, classification, and/or indexing systems that all members of your office can understand and follow. Know the location of all records - paper and electronic. Document your records organization system, storage locations, and security procedures in your office's policies and procedures.
Offices and Work Areas
Use lockable file cabinets and desk drawers to store Level 3: Restricted Institutional Data and Level 2: Confidential Institutional Data. Be mindful of who has access to your offices and work areas, and lock them when unattended.
Closets, Attics, Basements, and Storage Rooms
University records must be stored in secure, stable environments. Be cautious when storing paper files in closets, attics, basements, and storage rooms that are not in or adjacent to your office. It can be difficult to control who has access these spaces, especially if they’re shared by multiple departments. These spaces, particularly basements, can become too humid or flood without your notice. This can quickly damage or destroy paper files. Consider offsite storage instead.
Secure offsite storage allows you to reclaim office space and recall infrequently accessed records on demand. Tufts has a university-wide contract with Iron Mountain. Departments are billed individually, but pay a discounted rate. To open an account for your department, contact Iron Mountain’s account representative for Tufts:
Customer Service Manager, Iron Mountain
Note: Tufts thoroughly investigated offsite storage options and determined that its contract with Iron Mountain provides the best value and security for departments at Tufts. Do not use unapproved vendors.
Departmental Data Storage (Q:)
Sometimes referred to as your departmental share, your Q: drive is a data storage area on the Tufts network that is accessible by other staff or faculty in your department. When you're connected to the Tufts network (or logged into Tufts VPN), you can drag and drop files to your Q: drive, create folders, and use it as a “Save as …” location the same way you work with files and directories on your computer’s C: drive, an external hard drive, or USB thumb drive.
Your Q: drive is a convenient location for sharing files that need to be edited or retrieved from multiple locations with other members of your department.
Benefits of storing files on Q: include:
- Nightly backup of all data located on the Q: drive
- Accessible from any Tufts network location or via Tufts VPN
- Only members of your department or those who have been granted access can access your departmental Q: drive (To restrict access to files on the Q: drive, a folder can be created and secured to ensure that only authorized individuals are able to access the information.) Be mindful of who has access to your departmental share as staff–particularly contractors, temporary employees, and student employees–join and leave your department.
For more information, see Departmental Data Storage (Q:).
Cloud Data Storage (Box)
Box is a web-based tool that allows users to easily store, access, and share large amounts of data on a network of internet-based servers (in the cloud). Box is a private cloud storage resource available to all members of the Tufts community. Review the Tufts Enterprise Box Service Use Policy before creating an account. The University has negotiated Terms of Service with Box, which means that it is an environment whose risks are measured and accepted by Tufts. The Cloud Computing Services Policy outlines best practices and approval processes for using cloud services at Tufts.
Benefits of storing files in Box include:
- Content stored in Box is accessible from any computer, tablet, or mobile device
- Includes online tools for collaborative work, comments, and notifications
- Unlimited storage (maximum file size of 1GB for website uploads)
- Real-time co-authoring and editing of files stored in Box
- Box files can be shared with people inside and outside of Tufts
Tufts information should not be stored in applications that have not been vetted for use at Tufts, such as Google Docs, Google Drive, Dropbox, and Survey Monkey. Unlike approved services, Tufts has no agreement with these vendors for the protection of Tufts information.
When working with University records on your mobile device (phone, tablet, laptop computer, etc.), protect them as you would if you were sitting at your desktop. You are responsible for complying with all related laws and regulations and Tufts policies, guidelines, licenses, and agreements. For more information, see the Secure Mobile Device Policy and Guidelines and Services for Working Off-Campus, Telecommuting, and Personal Devices.
Regulated Institutional Data, as defined in the Information Classification and Handling Policy, may never be stored on any personally-owned device. This includes Sensitive Personal Information (SPI) and Personal Health Information (PHI) for covered entities under HIPAA. Always store files with Tufts information on either a Tufts network drive, in Box (if permitted by the Tufts Box Use Guideline), or another Tufts-approved location. The one permitted exception to storing sensitive information on a personal device is the syncing of your exchange email to your personal device using the native email client on the device or by downloading the Outlook Exchange App to the device. Do not use Box Sync to sync Tufts information to a personally-owned device.
Eventually records are no longer needed, even occasionally, by the offices that created them. The Records Retention Schedule outlines which records must be destroyed once they have fulfilled their retention period and which records must be transferred to the Archives.
Destroying records at the end of their retention period serves several purposes:
- Maximizing efficiency by eliminating unused information
- Reducing the cost of physical and electronic storage
- Demonstrating compliance with Tufts policies and retention laws and regulations
- Minimizing Tufts’ exposure to the legal risks associated with retention and destruction
Do not use the Records Retention Schedule to destroy records that are currently part of–or that you are aware are going to be part of–any legal action or proceeding, litigation, audit, investigation, or review. For more information, see the Subpoenas for University Records Policy or contact University Counsel.
Records that are designated as Level 3: Restricted Institutional Data and Level 2: Confidential Institutional Data in the Information Classification and Handling Policy must be securely deleted or shredded, not thrown away. These types of records include, but are not limited to, personnel files, student records, protected health information, and financial data. In other words, only use the recycling bin to dispose of records intended for open distribution at the time of their creation, such as publications. All other records must be destroyed confidentially, as described below.
For general questions about information destruction or which records to destroy, please contact TARC at email@example.com or (617) 627-3737.
Iron Mountain Bins
Tufts has a university-wide contract with Iron Mountain. Departments are billed individually, but pay a discounted rate. Iron Mountain will work with you to determine how many 64-gallon bins your department needs, the locations of the bins, and a pick-up schedule. Iron Mountain takes the filled bins to its secure destruction facility and replaces them with empty bins.
To open an account for your department, contact Iron Mountain's account representative for Tufts:
Customer Service Manager, Iron Mountain
Note: Tufts thoroughly investigated confidential records destruction options and determined that Iron Mountain provides the best value and security for departments at Tufts. Do not use unapproved vendors.
Keep a record of the records that you destroy, noting the types of records, date ranges, and the date the records were destroyed. Many departments find it useful to create a spreadsheet to record this information. Keeping a detailed record of what you destroy will provide evidence of consistent records management in the event of an audit or investigation.
For small volumes of paper, use a cross-cut or micro-cut shredder. These shredders cut paper into tiny squares rather than strips. Approved shredders are available through W.B. Mason, using your Tufts Marketplace account. Shredded paper can be recycled.
Electronic records require a two-step process for confidential destruction. First, delete the contents of the electronic folder on your computer, then empty the trash or recycle bin. On a Mac, open Finder and select “Secure Empty Trash.”
To confidentially destroy email messages and their attachments, see Securely Deleting Email in Outlook.
Retiring Old Computers, Hard Drives, and Storage Media
Before any computer, hard drive, flash drive, copier, printer, scanner, fax machine, CD, or other storage media is retired, it should be securely wiped or destroyed. Computers and these other devices store data in a complex manner that is not readily apparent to end-users. It is much safer (and easier) to have your machine wiped than to assume that you can manually find and delete all the files on your computer with confidential or sensitive data.
To schedule pickup of a computer ready to be wiped and recycled, contact the TTS Service Desk at firstname.lastname@example.org or (617) 627-3376. The Service Desk can also answer questions about how to destroy data stored on specific media.