HBP Part 20.7. Records that contain confidential or sensitive information - general information

Handbook of Business Procedures

Date published: October 23, 2012
Last revised: February 15, 2023
Issued by: Records Management Service


A. Introduction

Departments of The University of Texas at Austin have a shared responsibility with Records and Information Management Services (RIMS) to systematically control the records of the university from their creation to their final disposition, whether that is destruction of the record or transfer of the record to archives. This includes protecting controlled and confidential information.

Any record can contain controlled or confidential information, whether it is a master record, a convenience copy, or transitory information. The Public Information Act, Texas Government Code Chapter 552, defines confidential information in regard to the records of Texas public universities and state agencies. Other information, while not confidential, is considered controlled information and should be protected in the same manner as confidential information. Records that contain controlled or confidential information must be protected and disposed of following the guidelines in:

B. Records Containing Confidential Information

The university is not required to produce confidential information in response to public information requests that is specified as an exception in Texas Government Code, Chapter 552. Public Information, Subchapter C. Information Excepted from Required Disclosure. These and other exceptions enacted through federal laws (such as FERPA and HIPAA), state laws, court decisions, and the Texas Attorney General’s opinions are considered to be confidential by law, and their confidentiality must be protected from creation through final disposition. For more information, refer to 20.7.1. Managing Controlled or Confidential Records.

For more information about university requirements for protecting controlled and confidential information, refer to Extended List of Confidential Data. However, this list is not all-inclusive. Each department is responsible for exercising good judgment in determining whether a record contains controlled or confidential information. If in doubt, treat the document as confidential.

C. Records Containing Controlled Information

The information in some records may not legally be considered confidential, but may disclose information that would not be made available in the normal course of business. While such a record would be produced for a public information request, it must still be protected during its lifecycle. Controlled records include salary information and payment vouchers.

Note: Controlled or confidential information should never be placed in the trash, in blue recycling bins, or in any covered recycling bins provided by Facilities Services.


Part 20. Records Management - Table of Contents