Overview

This policy addresses privacy and information retention issues raised by the College’s collection of video images and log files by the hardware and software that control access to many doors on campus. That hardware and software is known collectively as the card entry system.

Purpose

This policy governs the duration of time that the College will maintain electronic access records from the card entry control system. The policy also identifies parties responsible for the destruction of data and images.

Scope

The policy applies to all video images and access log files collected by the card entry systems that identify individuals, the doors that they used and/or the times at which they used them.

Policy

Generally, in July of a given year, the access records and videos dated June 30 of the previous year or earlier will be deleted by the Director of Public Safety. The Director of Information Technology will confirm the deletion. In general, then, such records and videos will be retained for a minimum of one year and a maximum of two years under this policy. Exceptions to this policy may be made if it is determined by the President or the President’s designee that certain access records and/or videos should be retained for a longer period of time, due to legal, safety, or other important considerations. Access to videos and access records will be restricted to Public Safety personnel who need to review such videos and access records to do their jobs, and to other College personnel on a need-to-know basis if they have specific permission from the President or the President’s designee.

Enforcement

The President or the President’s designee will enforce this policy.

Standards

COBIT DS11.2 - Storage and Retention Arrangements - Define and implement procedures for effective and efficient data storage, retention and archiving to meet business objectives, the organization's security policy and regulatory requirements.