ÐÓ°É´«Ã½

Purpose

• To manage and protect University Records created in the conduct of University activities in accordance with relevant legislation, University policy, standards, guidelines and procedures; and,
• To provide a framework for the University’s Information Management and Protection Program; and,
• To support information access and privacy and enterprise risk management services throughout the University.

Scope

All Units and all Official and Transitory University Records.

Exclusions:

• Materials acquired for the purpose of creating or augmenting the University’s library collections;
• Archival or published materials collected as reference material to support teaching and research programs;
• Personal Health Information that is subject to the , as amended;
• Teaching materials; and,
• Research data and materials, including unpublished data and manuscripts.

Definitions

Academic Staff Member (ASM) - A member of the University Community whose employment is governed by the MUN-MUNFA Collective Agreement.

Artificial Intelligence (AI) - Information technology that performs tasks that would ordinarily require biological brainpower to accomplish, (e.g., making sense of spoken language, learning behaviours, or solving problems). (Sources: Government of Newfoundland and Labrador, ).

ATIPPA - The .

ATIPP Request - A request made under the , as amended, for access to a record, including a record containing personal information about the applicant, or correction of personal information.

Cloud – Internet-based computing provided by a third party for computer processing resources and/or data storage.

Important Decision - A decision that has a significant or long-term impact on the high value activities taken by the University in the fulfillment of its mandate.

Information Management - Encompasses records management and refers to the systematic process of creating, using, storing, managing or preserving the University's data, information and records in accordance with this policy, throughout all stages of the information Life Cycle.

Information Management and Protection Lead - A designated employee selected by the Unit Head to oversee operational matters related to the Information Management and Protection Program and to liaise with the OCIO in matters related to implementation of, and compliance with, the policy.

Information Management and Protection Program – A program of policies, procedures, standards, schedules, guidelines and practices that provides an efficient system for the management and protection of information, in compliance with relevant legislative, regulatory and policy requirements.

Information Asset - An information asset is a collection of recorded information, defined and managed as a unit so it can be understood, shared, protected and used effectively.

Information Risk Assessments – A risk-based approach to classifying University information and identifying the appropriate controls required to ensure the information’s confidentiality, integrity and availability throughout1 its Life Cycle.

Instructor - As defined by the MUN-NAPE 7405 Collective Agreement.

Life Cycle – The stages through which information is managed. Information must be managed and protected in a manner that addresses requirements for confidentiality, integrity and availability throughout all Life Cycle stages, including the creation, use, storage, and disposal or preservation of information.

Member of the University Community â€“ An employee or other individual acting at the request of and on behalf of the University.

MUNCLASS - The University's Retention and Disposal Schedules (RDS) that allow for the legal destruction of Official University Records.

OCIO – Office of the Chief Information Officer.

Official University Email Account - An account with an email address ending with "mun.ca" (or a ÐÓ°É´«Ã½-sanctioned domain) provided to eligible Members of the University Community. This email account may be granted to other individuals and entities who have been identified as requiring email privileges at the University.

Official University Records – University Records created, received or held as evidence of the University’s organization, policies, decisions and operations.

Research Scientist - As defined by the MUN-NAPE 7405 Collective Agreement.

Retention and Disposal Schedule â€“ An approved Retention and Disposal Schedule prescribes retention periods and requirements for the legal disposal of Official University Records. It provides direction to ensure that Official University Records are retained for as long as necessary based on their operational, fiscal, legal and historical value. It also prescribes the appropriate disposition of Official University Records either destruction or preservation.

Transitory University Records – University Records that are of temporary usefulness having no ongoing value beyond an immediate and minor transaction, as convenience copies, or as draft for subsequent University Records. Transitory University Records may be securely disposed of without a Retention and Disposal Schedule.

Unit – Academic or administrative unit, as defined in the University Calendar, or any board or other body appointed or elected to carry out University business.

Unit Head – Refers to Dean, Director and other senior administrators at a comparable level or above, including the President, Vice-Presidents and Associate Vice-Presidents.

University - ÐÓ°É´«Ã½.

University Archives – Refers to the archives designated as per , as amended, as the repository for Official University Records of archival value.

University Records – All recorded information, regardless of physical characteristics or format. For the purposes of this policy, University Records are categorized as either Transitory University Records or Official University Records.

Policy

1. The University is subject to legislation which relates to its Information Management and Protection Program including: the , as amended, , as amended, and the , as amended. The Information Management Policy provides direction for legislative compliance.
   
   
2. Information is a vital asset, supporting academic and research excellence, and efficient management of services and resources.  Effective management of information enables achievement of the University's strateic objectives by:
   a) increasing transparency and accountability by documenting Important Decisions while protecting the rights and provacy of individuals,
   b) enhancing the efficiency of programs and services,
   c) enabling optimal decision-making and,
   d) managing risk to the University by protecting its Information Assets and encuring compliance with legislation, University policy, standards, guidelines and procedures.
   
   
3. Information management is a shared responsibility:
   a) Members of the University Community are responsible for the University Records they create or that are in their custody.
   b) The OCIO is responsible for the Information Management and Protection Program of the University.
   c) Each Unit Head shall be responsible to ensure adherence to this policy.
   d) Each Unit Head shall designate an Information Management and Protection Lead.
   
   
4. University Records are the sole property of the University and must be managed throughout their Life Cycle by Members of the University Community who create or receive them.
   a) University Records must be protected in accordance with the Security Measures section of the and the policy.
   b) Official University Records must be created in a manner and format that is accessible and must be retained only in University-approved repositories as required to support the University’s compliance with relevant legislation and policies.
   c) Official University Records may not be removed from the control of the University, destroyed or otherwise disposed of except in accordance with a Retention and Disposal Schedule as outlined in the .
   d) Transitory University Records may not be removed from the control of the University, but when no longer required, must be securely disposed in accordance with the .
   
   
5. The University may use external services, such as commercial record storage and Cloud storage and services, in accordance with related University policy. When considering the use of such external services to store Official University Records, Information Risk Assessments must be completed.
   
   
6. An Official University Email Account is provided to eligible Members of the University Community to support the academic and administrative activities of the University. An Official University Email Account is a service that supports the creation and receipt of University Records.
   1. Eligible Members of the University Community, as determined by the CIO and defined here (May 12, 2026: Page under development to be linked when published), are provided with an Official University Email Account, which they are required to use to conduct all official University email correspondence. A person conducts official University email correspondence where they send or receive emails in the course of their employment with the University, by virtue of their position within the University, or when otherwise acting at the request of or on behalf of the University.
   2. Eligible Members of the University Community are provided with an Official University Email account for the duration of their employment or while acting at the request of and on behalf of the University. Access to the Official University Email Account will be terminated when they are no longer employed or acting at the request of and on behalf of the University.
      1. Information/University Records stored in an Official University Email Account where access is terminated will be retained based on the official email retention schedule found in MUNCLASS.
      2. Notwithstanding Section 6(b), Members of the University Community who have departed or retired from the university on or before April 29, 2026 and who continued to have access to their Official University Email Account on April 29, 2026, may continue to access and use their Official University Email Account on an ongoing basis, provided they access their Official University Email Account no less than once a year. This legacy access remains subject to all relevant University policies and applicable laws, as they exist from time to time. The University reserves the right to modify, replace, discontinue, or deny this legacy access, including on a case-by-case basis and will provide notice of any such changes.
         Effective April 29, 2026, a, ASMs, Instructors, and Research Scientists can elect to retain their Official University Email Account upon departure or retirement from the University as defined in the Procedure for Managing Exiting Employees. Official University Email Accounts are not intended for personal use.
   3. Official University Email Accounts are not intended for personal use.
   4. The University retains the right to temporarily or permanently disable access to an Official University Email Account for reasons including but not limited to cyber security risks, inappropriate use, and legal requirements.
   5. The University reserves the right to access, examine and disclose any information transmitted or stored in an Official University Email Account where the University has reasonable grounds to believe such actions are necessary for safety, security, or operational purposes or to comply with the University’s legal obligations. Such access will be compliant with all federal and provincial legislation and University policies and procedures. Any personal information not related to the issue will be protected to the extent reasonably possible.
   6. Official University Email Accounts are subject to ATIPPA. The University may be required to provide email correspondence in response to an ATIPP Request. Official University Email Account holders shall comply, promptly and completely, with any request from the University to deliver to the University any records in their custody and control that are potentially responsive to an ATIPP Request.
   7. Email sent or received in the conduct of University business is subject to all policies, procedures, guidelines and standards governing University data and information. It is the responsibility of Members of the University Community to retain, manage, dispose and/or archive email in accordance with the MUNCLASS classification and retention plan, and unit directives and practices.
      
      
7. Members of the University Community shall not use AI technology with University Records unless it has been approved by the OCIO and is used in compliance with the University's policies and Procedures.
   
   
8. In the event of any of the following circumstances, disposal of relevant University Records must be suspended:
   a) Notice of litigation or criminal investigation,
   b) Notice of an audit,
   c) Receipt of an ATIPP Request,
   d) When there is reasonable belief that litigation or criminal investigation may occur, and
   e) Initiation of a grievance or investigation pursuant to a University policy or collective agreement.
   
   
9. Members of the University Community leaving the University, changing positions within the University, or transitioning from one Unit to another shall manage all University Records in accordance with the .
   
   
10. If, as a result of developing Retention and Disposal Schedules, records are identified as having archival value, they should be transferred to the University Archives.

NON-COMPLIANCE:

Failure to comply with this policy and related procedures may result in prosecution as outlined in Section 8 of the , as amended.

Related Documents

policy


policy

Procedures: