Learning Management System Data Retention Policy

I. POLICY STATEMENT

The University of Texas at San Antonio (UTSA) administers a Learning Management System (LMS) software application to house course content (assignments, tests and results, student papers, etc.) and to facilitate communication between faculty and students.  The data stored within the LMS is retained in accordance with the UTSA Records Retention policy.  

II. RATIONALE 

This policy defines how long Learning Management System data is to be retained.

III. SCOPE 

This policy affects all users of the UTSA Learning Management System, including UTSA faculty and students, and staff members who are responsible for administering the LMS.

V. RELATED STATUTES, POLICIES, REQUIREMENTS OR STANDARDS

UTSA or UT System Policies or the Board of Regents’ Rules and Regulations

A.             UTSA Information Resources Acceptable Use Policy

B.             UT System Policy UTS 165, UT System Information Resources Use and Security

C.             UT System Policy UTS 178, Required Reporting of Significant Events (pdf)

Other Policies & Standards

D.            Title 1 Texas Administrative Code, Part 10, Chapter 202, Subchapter C

E.             Higher Education Opportunity Act of 2008

F.             Texas Education Code 51.942

G.            Texas Computer Crimes Act

 VI. CONTACTS

If you have any questions about OIT policy, Learning Management System Data Retention, contact the following office(s):

[one_half]Office of Information Technology (OIT)
(210) 458-4555[/one_half]

[one_half_last]Online Learning
(210) 458-4057[/one_half_last]

VII. DEFINITIONS

A full list of definitions related to Information Resources Acceptable Use can be found in UT System Policy UTS 165, Information Resources Use and Security Policy.

Data

Recorded data, regardless of form or media in which it may be recorded, which constitute the original data necessary to support the business of UT System or original observations and methods of a study and the analyses of such original data that are necessary to support Research activities and validate Research findings. Data may include but is not limited to: printed records, observations and notes; electronic data; video and audio records, photographs and negatives, etc.  There are three types of data that require special consideration:

• Confidential Data: Data that is exempt from disclosure under the provisions of the Public Records Act or other applicable state and federal laws.
• Protected Data: Data, such as Confidential or Restricted Use Data, which must be protected by a higher level of security.
• Sensitive Data: Digital Data maintained by an Entity that requires higher than normal security measures to protect it from unauthorized access, modification or deletion. Sensitive Data may be either public or confidential and is defined by each Entity based on compliance with applicable federal or state law or on the demonstrated need to (a) document the integrity of that Digital Data (i.e., that the Data had not been altered by either intent or accident), (b) restrict and document individuals with access to that Digital Data, and (c) ensure appropriate backup and retention of that Digital Data.

Domain Account

A user account that grants access to the university domain.

FERPA

The Family Educational Rights and Privacy Act of 1974, prohibits Financial Aid, Registrar, Fiscal Services, and many other UTSA departments from releasing any specific student education information without the student’s written permission. .

HIPAA

The Health Insurance Portability and Accountability Act was designed to protect your rights to medical information. Under the HIPAA rules, there are safeguards to protect your personal medical information. A doctor, medical center, or other provider may not disclose this information, particularly to someone who will use it for marketing or similar purposes.

Information Resources (IR)

Any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving email, browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and Data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information.

Information System

An interconnected set of information resources under the same direct management control that shares common functionality. An Information System normally includes hardware, software, information, data, applications, communications and people.

Local Computer Administrator Account

A user account where the user has special access privileges to their university-owned computer. Generally this type of access allows the user to install software on that machine without having to contact OITConnect.

PII

Personally Identifiable Information uniquely identifies a person. For IT purposes, this most often refers to demographic data, User IDs, passphrases and other credentials.

User

An individual, automated application or process that is authorized by the Owner to access the resource, in accordance with the Owner’s procedures and rules. The user is any person who has been authorized by the Owner of the information to read, enter, or update that information. The user is the single most effective control for providing adequate security.

VIII. RESPONSIBILITIES

A.     Faculty member

1. Reviews the policy and associated standard 

2. When appropriate, copies or backs up course materials before the retention period ends.

B.     Online Learning staff member

1. Reviews the policy and associated standard to ensure retention rules are being followed.

2. Checks file archiving process to ensure files are being properly backed up.

3. Provides assistance to faculty members who need to copy or back up their course data.

 IX. PROCEDURES

A. Online Learning staff member

1. On a regular basis, review the UTSA retention policy for changes.

2. On a regular basis, update the related standard to include the latest retention time frames and any other information that must be changed.

B. Standard for Learning Management System Data Retention

1.  Retention dates

2.  Additional information

X. SPECIAL INSTRUCTIONS FOR IMPLEMENTATION

None

XI. FORMS AND TOOLS/ONLINE PROCESSES

None

XII. APPENDIX 

None