200 BACKUP OF ELECTRONIC RECORDS


200 BACKUP OF ELECTRONIC RECORDS POLICY


201 GENERAL PROVISIONS

201.1 Purpose:

This Policy is designed to establish guidelines for backing up certain electronic records, as well as the retention and destruction of any such backup.

201.2 Scope:

This Policy applies to electronic records that are stored on computer servers owned and maintained by the Archdiocese.

201.3 Electronic Records are Archdiocesan Property:

All electronic records generated or received by the Archdiocese are the property of the Archdiocese.  Employees do not have any personal or property rights to records, electronic or otherwise, created, received, or generated on behalf of the Archdiocese.  Similarly, no third party storage facility or entity has any personal or property rights to records, electronic or otherwise, stored by the Archdiocese at or with any such facility or entity.

201.4 Questions/Implementation:

Questions about the applicability or implementation of this Policy, including questions about the retention of any specific record, should be directed to the Director of Information Technology.

201.5 Coordination with Other Policies:

This Policy should be interpreted in accordance with any other electronic records retention policy of the Archdiocese.  In the event of a specific conflict as to the backup of electronic records, however, this Policy shall control.

201.6 Definitions:

Electronic Record – An Electronic Record includes recorded information, regardless of medium or characteristic, which is stored on a computer server owned and maintained by the Archdiocese.

Records Hold – A Records Hold is the cessation of destruction of any records that relate to the subject of the Records Hold.

Backup – a Backup, or the process of backing up, refers to the copying and archiving of computer data for later retrieval.


202 BACKUP AND RETENTION

202.1 Responsibility for Enforcing and Implementing Policy:

The Director of Information Technology is responsible for creating, updating, and implementing this Policy.

202.2 Creating and Maintaining Backups:

The Division of Information Technology will ensure that Backups of Electronic Records are maintained and purged in accordance with this Policy.

Procedure:

A) Backup of Electronic Records shall occur at the end of each month (“Monthly Backup”).

B) A Monthly Backup may be performed and maintained using a method and storage medium selected by the Division of Information Technology (including a medium other than the medium in which an Electronic Record was created).

C) A Monthly Backup should be stored in a secure off-site location.

D) Each Monthly Backup should be retained for at least three (3) years following its creation, with the caveat that a Monthly Backup for the month of December should be retained indefinitely.

202.3 Creating a Records Hold:

A Records Hold is necessary following the initiation or anticipated initiation of governmental or regulatory investigations and administrative or legal proceedings regarding the Archdiocese and/or its officers, directors, agents, or employees.  In the event any employee learns of any proceeding or anticipates the initiation of a proceeding, he or she should immediately inform the Division Director, who should then immediately contact the Director of Information Technology and Archdiocesan Legal Counsel to initiate a Records Hold.


203 DESTRUCTION OF BACKUP STORAGE

203.1 Periodic Destruction:

Except where a Department/Division formally adopts a longer retention period, all Monthly Backups should be purged in accordance with this Policy.

203.2 Ensuring Litigation Hold is not in Place Prior to Destruction:

The Director of Information Technology is responsible for ensuring that a Monthly Backup is not subject to a Records Hold prior to destruction.

203.3 Three-Year Destruction Schedule:

A Monthly Backup that has been retained for at least three (3) years since its creation should be purged using appropriate electronic data destruction procedures, except that a Monthly Backup for the month of December should not be purged.

203.4 Destroying Existing Monthly Backups:

Any Monthly Backups in existence as of the effective date of this Policy that were created more than three (3) years earlier should be purged using appropriate electronic data destruction procedures, with the caveat that a Monthly Backup for the month of December should not be purged.

203.5 Retained Records:

Absent a Records Hold, ordinary implementation of this Policy should result in the following Monthly Backups being retained: 1) those less than three years old and 2) Monthly Backups for the month of December (regardless of age).