Information and Records Management Policy

Print version

Application

1. This policy applies to all staff of the University of Waikato.

Scope

2. This policy applies to all information and records held by the University which fall under the Public Records Act 2005, regardless of format or storage medium.

Purpose

3. The purpose of this policy is to:
   1. set out a framework of principles for ensuring that information and records held by the University are consistently maintained and managed in accordance with legislative requirements, and
   2. establish responsibilities and accountabilities for staff with respect to information and records management.

Related documents

4. The following documents set out further information relevant to this policy:
   • Computer Systems Policy
   • Corporate Data Management Policy
   • Critical Event and Business Continuity Policy
   • Disposal Authority for New Zealand Universities (DA702)
   • Email Guidelines
   • Independent Contractor Policy
   • Information and Records Management Standard
   • Intellectual Property and Copyright Policy
   • Personal Information and Privacy Policy
   • Public Sector Archival Selection Statement
   • Staff Code of Conduct

Related legislation

5. This policy takes account of the following legislation:
   • Education and Training Act 2020
   • Financial Reporting Act 2013
   • Health and Safety at Work Act 2015
   • Local Government Official Information and Meetings Act 1987
   • Official Information Act 1982
   • Privacy Act 2020
   • Public Records Act 2005

Staff may also be required to comply with other legislation relevant to particular business activities when managing information and records.

Definitions

6. In this policy:

   archive means a record that has been identified as having long-term value for New Zealand because, in line with the Public Sector Archival Selection Statement, it:

   1. provides evidence of New Zealand public sector authority, functions and activities
   2. provides evidence of the Crown’s fulfilment of or failure to fulfil te Tiriti o Waitangi the Treaty of Waikato principles, and/or
   3. contributes to individual and community knowledge, identity and memory.
   
   

   high-risk information means sensitive or confidential information which the University of Waikato must take special care to protect, or which poses a legal, financial or reputational risk if mishandled. It includes personally identifiable information (PII) as set out in the Personal Information and Privacy Policy

   high-value information means information that is critical to the University of Waikato’s core business, strategic direction and institutional memory. It provides evidence of key decisions, actions, rights or entitlements, and obligations that demonstrate public accountability and provide transparency. This information often has long-term historical, cultural or legal significance and is critical to the ongoing operation of the University

   information means knowledge, meaning or intelligence acquired through investigation, experience, study or instruction

   official record means the complete, final or authorised version of a record

   record means information, whether in its original form or otherwise, including (without limitation) a document, a signature, a seal, text, images, sound, speech, or data created, received and maintained by, or on behalf of, the University of Waikato in the conduct of its affairs, which may be compiled, recorded, or stored, as the case may be:

   1. in written form on any material
   2. on film, negative, tape, or other medium so as to be capable of being reproduced, or
   3. by means of any recording device or process, computer, or other electronic device or process.
   
   

   record excludes:

   • learning, assessment and research materials generated by students, including raw data, analysed data, working notes and publications
   • teaching and research materials generated by staff, including raw data, analysed data, working notes and publications.
   
   

   staff means all University of Waikato employees, whether permanent, fixed term or temporary, and includes contractors, secondees, interns and others who form part of the University’s workforce from time to time or perform some if its activities or functions, and all persons granted access to University information and records, whether through a partnership, contract or other arrangement

   University means the University of Waikato and any entities in which it has an ownership stake of 50% or more.

Principles

7. Staff must create records to document substantive activities and administrative and business transactions involving the University.
8. University information and records management processes must comply with all relevant legislation.
9. Information and records created or received as part of university business are the property of the University of Waikato, regardless of physical location, source or medium.
10. Information and records created by independent contractors on behalf of the University are the property of the University of Waikato unless there is an explicit agreement between the parties specifying any exclusion.
11. An official record must be stored and managed in the appropriate electronic or hard copy records system with appropriate classification and contextual information.
12. Information and records should only be restricted if their are valid legal and business reasons for doing so. 
13. Information and records that have been defined as confidential must be protected from unauthorised access, use and disclosure.
14. High-value and high-risk information must be identified, documented, preserved and secured as a priority; this should be included in business continuity planning where relevant.
15. All information and records must be secured against unauthorised access, modification, theft and vandalism to ensure they remain trustworthy, accurate, complete, unaltered and accessible; the record creator is responsible for applying restrictions and ensuring security. 
16. Information and records must be retained and properly preserved in an accessible format and in accordance with the Disposal Authority for New Zealand Universities (DA702) and Archives New Zealand's Information and Records Management Standard.
17. Disposal of information and records must be authorised, documented and managed in accordance with the Disposal Authority for New Zealand Universities (DA702) and security and environmental requirements.
18. Information and records identified as having long-term value as archives under the Disposal Authority for New Zealand Universities (DA702) must be managed in ways that support their ongoing preservation and usability.
19. Archives must be classified as either open or restricted access.
20. Archives must be transferred to Archives New Zealand or another approved repository once they have been in existence for 25 years or a deferral of transfer must be sought.

Responsibilities

8. The Vice-Chancellor has general responsibility for compliance with the Public Records Act 2005 and has delegated this responsibility to the University Librarian.
9. The University Librarian is responsible for:
   1. establishing and implementing the University's information and records management processes
   2. developing information and record management training programmes and ensuring that all relevant staff receive appropriate training
   3. developing and implementing monitoring and auditing processes for information and records management systems to ensure compliance, security and efficiency
   4. ensuring that restrictions on access to any information and records are applied as classified
   5. appraising information and records items for historical or archival value in accordance with the University's legal and business requirements.
10. Pro Vice-Chancellors, Deputy Vice-Chancellors and equivalent are responsible for ensuring records management practices within their areas of responsibility comply with this policy.
11. The Council Secretary is responsible for ensuring that Council processes comply with this policy.
12. Line managers are responsible for:
    1. ensuring that their staff comply with this policy
    2. assigning information and records management responsibilities in their area of responsibility
    3. ensuring that appropriate information and records are created and maintained for their areas of responsibility
    4. ensuring that their staff have adequate training in the systems they use to manage information and records
    5. ensuring that no records are destroyed, altered, sold or transferred without the appropriate authorisation.
13. Job managers for independent contractors are responsible for ensuring that independent contractors comply with the University's information and records management processes in relation to the contracted work, including specific provisions for the creation, management and disposal or information and records on behalf of the University.

Responsibility for monitoring compliance

14. The University Librarian is responsible for monitoring compliance with this policy, by way of an annual report to the Vice-Chancellor.
15. Breaches of this policy must be reported to the Vice-Chancellor, and may result in disciplinary action under the Staff Code of Conduct.