Records Management FAQ

Download this information in PDF format.

Note: Before you attempt to access records, read and complete the  Information Security Awareness Course for Georgia State Employees [PDF].

Personal Cubicles & Offices

  • Keep confidential information off of your desk and work area, unless you’re working with them, especially in medium to high traffic areas.
  • Private offices should be locked when unattended and/or all confidential information should be locked in file cabinets &/or in desk drawers.
  • When meeting with students or guests, remove all confidential information from sight – preferably locked up, in case you need to step away for a moment.
  • Use small (crosscut) shredders for shredding any notes, photocopies, printouts or other unneeded documents containing confidential information.  NEVER THROW CONFIDENTIAL INFORMATION IN TRASH CANS.

Offices/Departments

  • Use lockable file cabinets or shelving units.
  • If possible, have a secured folder room with controlled access.
  • Use an out card system to keep track of folders as they are removed from file cabinets.  Include the file name, the date taken and the person taking the file.
  • The processing section of the office (containing confidential information) should have secure keypad entry for staff & faculty use only. Visitors should only be allowed in the secured area with an escort.
  • If keypad entry is the main entry into your office, keyed deadbolt locks should be used after hours or when the office is unattended.
  • Keep an office shredder (crosscut only) by office copiers and/or shared printers for shredding misprinted copies with confidential information.
  • For large quantities of confidential documents, microfiche, computer disks, etc., contact a shredding company that provides on-site confidential shredding. (Have a staff member or student assistant, watch the process, making sure all documents are shredded on site.)  Locked containers can be left in your office, with prearranged pick-ups with a signed contract with the vendor.

Basic Tips for Electronic Records Security

  • Do not place confidential information on the  subject line of an e-mail.
  • Place privacy screens on computer monitors to avoid easy viewing by others.
  • Use password protection on all computers.
  • Confidential information should be stored on university network servers, never on personal hard drives or computer desktops.
  • All computer equipment should be locked down.

See the IS&T Security site for more detailed information on computer security awareness.

Records management provides a step by step process for controlling records (regardless of storage media) from creation (or receipt) to end. It includes processing, distribution, use, retrieval, maintenance and disposition. The policies and procedures used in regulating these processes is a records management program.
It is important that we here at Georgia State University strive continuously to meet the records retention requirements set forth by the University System of Georgia and the University. We need to meet these requirements in order to carry forth in complying with federal and state regulations and in meeting the requirements of our accrediting bodies.
The Georgia Records Act (O.C.G.A. 50-18-90) defines “records” as “ all documents, papers, letters, maps, books (except books in formally organized libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or in performance of functions by any agency.”  Notice that documents or files on a computer can also be records.

Record Responsibilities
Records produced or received by any agency or employee of the University in the transaction of University business become University property.  Records having permanent or long-term value must NOT be destroyed.  Records of temporary value can only be destroyed in accordance with the records management program.

According to the Open Records Act (O.C.G.A. 50-18-70), public records are “all documents, papers, letters, maps, books, tapes, photographs, computer based or generated information, or similar material prepared and maintained or received in the course of the operation or a public office or agency.”
The Georgia Records Act (O.C.G.A. 50-18-90) defines a vital record as “any record vital to the resumption or continuation of operations, or both; to the re-creation of the legal and financial status of government in the state; or to the protection and fulfillment of obligations to citizens of the state.”
Each department should have one person designated as the Records Management Coordinator to oversee the management of the department’s records. This individual should work closely with the department head, as well as the University Records Management Officer, the University Archivist, the University Legal Affairs Office & IS&T in carrying out Records Management policies and procedures.