Records Retention, Management and Security
Student education records are official and confidential documents protected by the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99.) The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA defines education records as all records that schools or education agencies maintain about students. Access to and storage of records should follow FERPA and any local school district policy or guidance. Records containing personally identifiable information should not be removed from the school site.
New York State Education Law 2-d prohibits the unauthorized release of personally identifiable student, teacher, or administrator data (PII). Questions regarding record safety and security should be directed to your District Data Protection Officer or Administrator responsible for data security.
Records Retention - NYSED State Archives
Provides information on managing and storing both paper and electronic records. Includes guidance, samples, and webinars on record storage. Content includes information on laws and regulations, disaster assistance, retention and disposition schedules, and workshops/webinars. Information specific to electronic records is included.
The State Archives provides a wide variety of workshops over the course of two workshop seasons each year. Archives staff have developed workshops related to managing electronic records and managing email. You can search the current workshop schedule for information on when it will be offered by typing "email" in the search box. If you would like to request this workshop at another time or location, or if you are requesting advisement on this subject, please contact firstname.lastname@example.org.
This Retention and Disposition Schedule for New York Local Government Records (LGS-1) is a single, comprehensive retention schedule covering records of all types of local governments. It consolidates and revises the CO-2, ED-1, MI-1, and MU-1 Schedules. Local governments must adopt LGS-1 prior to utilizing it, even if they adopted and have been using the CO-2, MU-1, MI-1, or ED-1 Schedules. Governing boards of local governments will have a five-month period – between August 1st, 2020 and January 1st, 2021 (when the four existing schedules expire) – to adopt the LGS-1 by resolution. This is a model resolution.
Note: The only change in the Health Section from the previous Ed-1 schedule is the removal of the word cumulative in the first sentence and the addition of e. 1. Physician authorization to resume athletic activity after a traumatic brain injury under Student's Health Record under section 899 (ED-1, 137), must be retained permanently.
Record Retention & Disposition Schedule LGS-1 for Health
LGS-1 is the retention schedule for Health. This is a PDF document of information specific to only the Health Portion of the LGS-1 schedule. For additional information on records. Please note- the schedule refers to the "Summary Record" this is the same thing as the Cumulative Health Record.
Developing a Policy for Managing Email
Provides guidelines for writing policies and procedures that will guide a program for managing email. Agencies and governments should adapt the guidelines to meet their own needs and capabilities, and continue to update their policies on an as needed basis (The University of the State of New York The State Education Department New York, State Archives Government Records Services 2010)
Managing Confidential or Sensitive Records
This guidance is intended to provide advice on identifying, storing, and securing records that contain information that requires safeguarding or additional controls pursuant to and consistent with applicable law, regulations, or government-wide policies. Any content that contains personally identifiable information may fall into this category. Policy and procedures should address how information is protected from creation to final disposition and describe the staff’s responsibilities for handling confidential information during each stage. For example, the policy should cover the prompt reporting of any possible unauthorized access, use, or loss of information and the avoidance of email for transmitting confidential information (NYS Archives).
Page updated 6/4/21