The purpose of this policy is to provide a consistent guide for managing disk space and protecting electronically stored data on Azusa Pacific University’s (APU) network servers. By implementing and maintaining a data retention policy, we will be able to better manage disk space, keep backup times acceptable and ensure the protection of APU’s data.
This policy affects all APU employees and students. Employees or students who violate this policy shall be subject to disciplinary action. This policy applies to all computer systems utilized by APU. This policy is effective upon release.
DEFINITION OF TERMS
- data – electronic information that is stored on any disks or tapes, including hard drives, magnetic tapes, floppy disks/removable media, CD/DVD, optical disks.
- server data – any data that is stored on an APU owned server
- client data – any data that is not stored on an APU owned server
- confidential business related data – any data that pertains to student records, employee information or financial data
All business related server data is protected in multiple ways, including redundant hardware and/or magnetic tape backups. All server data is the property of APU. All client data is considered unprotected and should be limited to non-critical, public information with little to no replacement value. Information about APU’s backup system can be found in the IT Backup Policy.
Confidential business related data may only be stored on APU servers and not on client computers, for example, student records may not be stored on desktop or laptop computers. All APU information should be stored on servers (L: or M: drives).
Employees: Network file storage is to be used for institutional documents only. Institutional documents and network file servers are the property of APU and employees should have no expectation of personal privacy associated with the information they store on these systems. Employees are currently given 100mb for their personal network file storage (L: drive) and 500mb for their departmental network file storage (M: drive)1. APU will refrain from accessing system user’s data unless there is a reasonable cause for doing so, APU may review data for any system user at any time for business, policy, security, legal or personnel actions. In the event that non-institutional related data or applications are found on a user’s network file share, the user will be notified and will be expected to delete it within 5 business days of notification. If the user is on vacation or “out of the office”, the users’ supervisor will be contacted.
Employees who leave APU will have their home directories written to CD within 10 days of IT notification of their termination date. This CD will be delivered to the employee’s supervisor. The supervisor is then responsible for the use or disposal of said data.
Students: Students will be given network file storage space on an APU owned server. This data is the property of APU and every attempt to protect privacy will be maintained, but observation of traffic flow and content may be necessary at the University's discretion for security and legal reasons. APU will refrain from accessing student’s data unless there is a reasonable cause for doing so. Students who leave APU will have their home directories removed within 30 days of IT notification.
E-Mail Retention: The e-mail system’s capacity and performance is designed to provide an effective messaging system. Many of the messages that traverse through the e-mail system are temporary or time-sensitive messages that should be discarded routinely. However, depending on the content of the e-mail, it may be necessary to retain e-mail messages for a longer period of time. APU’s e-mail systems will automatically purge messages from some folders within a mailbox after specified periods of time. Messages determined by employees and students to be necessary to keep for historical or other purposes should be archived and backed up by the employee or student in order to retain this data.
APU’s e-mail systems will automatically purge messages within the user’s mailbox after the following time periods:
Inbox and other folders created within the mailbox – 180 days
Sent Items – 90 days
Deleted Items and Drafts – 7 days
Calendar, Tasks and To Do will not be automatically deleted
APU’s e-mail servers are backed up on a regular basis with the backup tapes for these e-mail systems will only be kept for 30 days. These backups are only used for restoring from catastrophic server failures. Employees and students should not expect to be able to recover individual e-mail messages and/or mailboxes from these backups.
IT: It is IT’s responsibility to routinely review server capacity to ensure adequacy in meeting the storage needs for APU. It is not feasible to store electronic data on-line indefinitely due to storage costs. It is the responsibility of IT to educate users on how to perform storage management and provide the appropriate tools to do so.
Systems Administrators will take an active role in monitoring the disk space on all servers. Users who are taking up a greater than average amount of disk space will be notified and educated in storage management.
Deans and Directors: Deans and Directors will be assigned the responsibility of managing department-shared folders and the amount of data stored in them. They will also ensure that confidential data is stored appropriately.
Employees: Employees will store only institutional/business-related data that needs to be backed up on a regular basis on the network. Employees will be allowed a reasonable amount of personal storage space on their home directories and are responsible for being good stewards of said space. Employees will remove any files that no longer need to be shared or stored on the servers.
Students: Students will be allowed a reasonable amount of personal storage space on their home directories and are responsible for being good stewards of said space. Students will remove any files that no longer need to be shared or stored on the servers.