20.7.2. DESTRUCTION OPTIONS FOR CONFIDENTIAL OR SENSITIVE RECORDS
Confidential or sensitive information in master records, convenience copies, or transitory information records must be protected throughout the entire lifecycle of the records, including the destruction process. Master records that contain confidential or sensitive information must be approved for destruction by Records Management Services (RMS) and destroyed following the steps in 20.5.4. Destruction Procedures and Form in addition to following the procedures that apply to the destruction of all confidential and sensitive records.
B. Secure Destruction of Hard Copy Records and Removable Media Using a Commercial Vendor
Commercial vendors that provide secure destruction services are vetted by RMS to ensure they provide destruction that meets security standards. The Council on Competitive Government (CCG) vendor, ATI (formerly Austin Task), provides ongoing destruction service for hard copy and removable media on a weekly, bi-weekly, or monthly basis as well as on a single event basis. For detailed instructions on how to dispose of confidential information using the commercial CCG vendor, refer to 20.7.3. Contact and Payment Procedures for Document Destruction Vendor.
C. Secure Destruction of Hard Copy Records Using a University Mail Services
UT Mail Services offers secure document destruction services on a single event basis and does not provide recurring service. The UT Mail destruction service provides a shred level that meets the National Institute of Standards and Technologies (NIST) Guidelines for Media Sanitation (Publication SP-800-88) requirements for destruction of paper (Table A-1) as required by the Texas Department of State Health Services and other grant sponsors for projects with animal and human subjects. The UT Mail Services Shredding Services webpage provides more information and a link to an online request for service form
D. Secure Destruction of Hard Copy Records Using a Departmental Shredder
Departments may use shredders to destroy confidential or sensitive records internally, following university disposition policy requirements listed in 20.5. Disposition of Records – General Information. In order to shred confidential or sensitive documents within the department, each department must have shredding procedures developed in its records management plan. For more information, refer to 20.4.3. Records Management Plan.
- Submit a Request to Dispose of Records Form to RMS and obtain authorization to dispose of the records.
- Protect confidential and sensitive documents awaiting shredding through use of locked cabinets, closets, or other areas not accessible to unauthorized personnel.
- Only authorized personnel may shred documents, and their names must be listed in the department’s records management plan.
- Use a level 3 or higher shredder that produces shred no larger than strip-cut 1/16 inch or a cross-cut shredder that produces shred in the following ranges:
- 1/8 inch x 1 1/8 inches to 2 inches
- 1/4 inch x 2 inches
- 3/16 inch x 1 1/2 inches to 2 3/4 inches
- 5/32 inch x 1 inch
- 1/4 inch x 1 1/2 inches to 2 inches
- The shred produced by following these steps can be placed in blue recycle bins for normal processing by Facilities Services.
Note: Consult with Records Management Services (RMS) prior to using any options other than those listed above to destroy records containing confidential or sensitive information.
Part 20. Records Management - Table of Contents