Section 1, Part 1. General Administration Function (Function-based arrangement)

Transcription

1 Retention Guidelines for Common Administrative Records of the Government of Canada Section 1, Part 1 General Administration Function (Function-based arrangement) Revised, 21 April 2011

2 Table of Contents Section 1 - Introduction 1.1 General 1.2 Disposition 1.3 Scope 1.4 Offices of Primary Interest and Offices of Collateral Interest 1.5 Personal Information 1.6 Retention Period Guidelines 1.7 Guidance Section 2 General Retention Guideline General Administration Function 2.1 Policy and Procedure records 2.2 Routine records Section 3 Exceptions to General Retention Guideline 3.1 Management of Government Information Access to Information and Privacy Records Management Management of [Information] Technology Library Services Other Information Management Activities and Services 3.2 Security Security 3.3 Administrative Support

3 Section 1 - Introduction 1.1 General The following guideline provides guidance to institutions regarding the establishment of minimum retention periods for those common administrative records which support the General Administration Function of the Government of Canada. This guideline should be used in accordance with instructions contained in the General Introduction to the Retention Guidelines for Common Administrative Records of the Government of Canada and in conjunction with Multi-Institutional Disposition Authority (MIDA) 98/001, General Administration Function. 1.2 Disposition Nothing in this guideline should be seen as constituting an authority or requirement to dispose of records. For direction regarding the disposition of common administrative records related to the General Administration Function, institutions should consult the Library and Archives Canada s Multi Institutional Disposition Authority (MIDA) 98/001, General Administration Function, 1.3 Scope This guideline applies to all common administrative records (i.e. administrative records which are common to or shared by all federal government institutions) which are collected, created or received by institutions in support of the administration of the General Administration Function of the Government of Canada, regardless of how the records are organized or controlled within each institution. The General Administration Function encompasses the functions, sub-functions, processes, activities, and transactions of administrative business concerning the management of general administration services commonly conducted in and across all federal government institutions to facilitate the application of operational policies and the delivery of programmes and services. The main legislation underpinning the General Administration Function includes the Library and Archives of Canada Act, the Access to Information Act, and the Privacy Act. The General Administration Function includes the following three (3) sub-functions: management of government information; security, and administrative support. In applying this retention guideline, institutions should take care to ensure that: * the records are not operational in nature; * the records are not of a mixed operational and administrative character; * the records do not support an administrative function uniquely or specifically assigned to an Office of Primary Interest (OPI) or Office of Collateral Interest (OCI) (See definition of OPI and OCI below); * the records are not otherwise excluded from the application of MIDA 98/001 by virtue of the definitions and scope statement contained in the Appendix I of MIDA 98/001 * the records are not dated earlier than 1946 * all administrative actions have been completed for a record before applying the applicable retention guidance 1.4 Offices of Primary Interest and Offices of Collateral Interest This retention guideline does not apply to those records of Offices of Primary Interest (OPI), Offices of Collateral Interest (OCI) and central agencies that are collected, created or received in the pursuance of their mandated role in administering General Administration on behalf of the Government of Canada. Examples of such government bodies include Public Works and Government Services Canada, Treasury Board Secretariat, the Privy Council Office, and the Offices of the Information and Privacy Commissioners, and any other institution mandated to perform, in full or in part, a General Administration function on behalf of the Government of Canada. Similarly, in the area of security, this guideline does not apply to organizations such as the Canadian Security Intelligence Service, the Royal Canadian Mounted Police, the Communications Security Establishment, Treasury Board Secretariat and the Privy Council Office (See MIDA 98/001, Appendix I, Section B Scope of the Authority ). This retention guideline, however, does apply to such organizations when those records are collected, created or received in support of General Administration Functions and activities that are common to or shared by all federal government institutions. 1.5 Personal Information The retention of personal information contained in records that has been used by a federal institution in the course of its business is governed by Section 6 of the Privacy Act, and Section 4 and 7 of the Privacy Act Regulations.

4 Section 4. (1) of the Privacy Act Regulations states that personal information that is used for an administrative purpose (i.e. the use of the information in a decision making process that directly affects that individual) must be retained for a minimum of two (2) years unless the individual consents to its earlier disposal: 4. (1) Personal information concerning an individual that has been used by a government institution for an administrative purpose shall be retained by the institution (a) for at least two years following the last time the personal information was used for an administrative purpose unless the individual consents to its disposal; and (b) where a request for access to the information has been received, until such time as the individual has had the opportunity to exercise all his rights under the Act. Guidance on the retention for records that contain personal information and have been subject to an Access to Information request is provided in Section 7 of the Privacy Act Regulations, which states; 7. The head of a government institution shall retain for a period of at least two years following the date on which a request for access to personal information is received by the institution under paragraph 8(2)(e) of the Act (requests made by an investigative body specified in the regulations) (b) a record of any information disclosed pursuant to such a request. In establishing retention periods for records containing personal information that are generated in support of the General Administration Function, federal institutions should ensure that the Privacy Act and Privacy Act Regulations are applied. 1.6 Retention Period Guidelines When records are covered by an existing MIDA the retention information offered takes the form of retention guidelines expressed in months, calendar years and fiscal years. In the absence of specific retention guidance and unless, the five year retention period for policy and procedures and the two year retention period for routine records should be applied to similar records related to each sub-heading/activity listed in this function. Please refer to the General Retention Guideline provided at the beginning of the "General Administration Function" table for additional information. 1.7 Guidance For advice and assistance regarding the retention guidelines, please contact Recordkeeping Liaison Centre. (a) a copy of every request received; and

5 Section 2 General Retention Guideline General Administration Function. General Retention Guideline 2.1 Policy and Procedures 5 years after superseded Routine 2 years NOTE: In the absence of specific retention guidance and unless, the five-year retention period for policy and procedures and the two-year period for routine records should be applied to similar records related to each sub-function listed in the tables below. Retention periods should always be interpreted and applied after all administrative actions are completed, i.e., 2 years after all administrative actions are completed. Any activities or sub-functions that fall outside the General Retention Guideline for policy and procedures, and routine will be identified in the tables below. Caution: For purposes of maintaining an audit trail of transactions in accordance with the Policy on Electronic Authorization and Authentication and the Policy on Internal Audit, it may be prudent to retain those records for a standard period of time; that is, 6 fiscal years for all financial transaction records. Each institution should carefully consider their practices and decide which records should be kept for the 6 year period. TBS 1996 Policy on Electronic Authorization and Authentication and states that the electronic authorization and authentication system and processes should be designed to ensure complete auditability. The audit trail should include data and files required to reconstruct the sequence of events and transactions processed TBS Policy on Internal Audit April 1, states that Deputy heads of all departments are responsible for ensuring that the audit committee receives all of the information and documentation needed or requested to fulfil its responsibilities, subject to applicable legislation.

6 Section 3 Exceptions to the General Retention Guideline General Administration Function: Function/Description 3.1 Management of Government Information This sub-function generally encompasses the business processes and activities which produce records created by government institutions within the context of the life-cycle of information; that is, from its creation, organization, retrieval, use, access, storage, and protection, to its disposal. More specifically, this sub-function includes ten core programs or activities which are common to all government institutions: Access to Information; Protection of Privacy, Records Management, including the Essential Records Program; Management of [Information] Technology; Library Services; Correspondence Management; Forms Management; Manuals Management; Mail and Messenger Services; Correspondence Management; and Photocopying and Printing Services Access to Information and Privacy This programme/activity generally includes the business processes and activities which produce records created by government institutions in relation to the administration of the Access to Information Act and Privacy Act. More specifically, it includes individual requests for access to records under the acts. Access to Information - individual Case Files Minimum 2 years following the date on which a request was responded to and a subsequent complaint, if any, was fully processed. 2 See Treasury Board s publication Info Source: Sources of Federal Employee Information for additional information on this standard bank. - reports, registrations 2 years Protection of Privacy - individual Case Files Minimum 2 years following the date on which a request was responded to and a subsequent complaint, if any, was fully processed. 3 See Treasury Board s publication Info Source: Sources of Federal Employee Information for additional information on this standard bank. - reports, registrations 2 years Records Management

7 Function/Description This programme/activity generally includes the business processes and activities which produce records created by government institutions to manage their corporate records. More specifically, it includes the essential records programme, and the micrographic and imaging programs, and comprises elements such as developing, adopting and implementing classification systems; procedures and techniques for maintaining records; records inventories and records disposition authorities; it excludes the actual records that are designated as essential and which must be covered by Institution- Specific Disposition Authorities, and the actual records which are microfilmed or imaged. Master Numerical Index Cards or Master Control Records Records Disposition Authority Files Records Inventory Files (including lists, indices and registers of files or records destroyed) 2 years after superseded 2 years after Records Disposition Authority files are superseded or amended by the Librarian and Archivist of Canada years after files or records are destroyed Management of [Information] Technology This programme/activity generally includes the business processes and activities which produce records created by government institutions relating exclusively to common administrative functions for the management of technology. More specifically, it includes electronic systems development, maintenance, and technical assistance for office systems and databases that support common administrative function; it excludes activities or records that support operational functions or operational automated information systems, or any mixture or operational and administrative functions Library Services This programme/activity generally includes the business processes and activities which produce records created by government institutions relating to the delivery of library services, sometimes referred to as documentation or reference services. It excludes the activities and records which form the actual intellectual holdings of these libraries, documentation, or reference centres. The disposal of grey literature and other reference support materials, including pamphlets, unpublished reports (no ISBN number), various media such as posters and films, may be the subject of another MIDA Other Information Management Activities and Services This programme/activity generally includes the business processes and activities which produce records created by government institutions relating to correspondence management; forms management; manuals management; mail management; mail services; photocopying and printing services.

8 Forms Management Function/Description - Individual function files 1 year after superseded or obsolete Mail and Messenger Services - Mailing Lists 1 year after superseded - Registers and Registration Related to Mail, Postal and Messenger Services 1 year Photocopying and Printing Services - Duplication and Publication Job Files 1 year after job completed 3.2 Security Function/Description This sub-function generally encompasses the business processes and activities which produce records created by federal institutions relating to the primary components of security such as classification and designation; security and risk management; control of access; personnel security; safeguards; and security breaches and violation. More specifically, this sub-function includes the classification of sensitive information in the national interest; the administration of security clearances on government employees and contractors; all aspects of physical security related to sensitive or classified information; the secure handling of information assets Security Breaches Electronic network monitoring logs Identification and Building-Pass cards 6 months 2 years after last administrative use. See Treasury Board s publication Info Source: Sources of Federal Employee Information for additional information. 2 years after expiry. See Treasury Board s publication

9 Function/Description Info Source: Sources of Federal Employee Information for additional information on this standard bank. Physical Security - Buildings, contingency planning, equipment, grounds, guards, etc - Routine correspondence 2 years or 1 year after requirement ceases Regulations and orders 5 years after superseded or revoked 5 Reliability Checks and Security Clearances - Individual Case Files 2 years after employee leaves the institution for which the clearance was undertaken. See Treasury Board s publication Info Source: Sources of Federal Employee Information for additional information on this standard bank. Reliability Checks and Security Clearances - Visits and visitors Reports and returns Inspections, surveys etc. Function/Description 3.3 Administrative Support 1 year 5 years This sub-function generally encompasses the business processes and activities which produce records created by government institutions relating to the most routine aspects of the General Administration Function. More specifically, it includes the management of travel and administrative support services such as word processing, stenographic, and translation services. Books, Pamphlets and Publications Compiling, Editing, Printing, Binding, Selling and Distributing - Individual publications 1 year after publication appears or is cancelled Office Services 6 Drafting services - Individual drafting items 1 year after drafting is completed General and internal office procedures and services, including information processing Routine correspondence 1 year Secretarial and Stenographic Services Routine correspondence 1 year after services provided Word Processing, Typing and Transcribing Services 1 year after services provided

10 Function/Description Routine correspondence 1 year after services provided Parking - applications and permits issued to individuals or to/by institutions 2 yrs after permit expire.see Treasury Board s publication Info Source: Sources of Federal Employee Information for additional information on this standard bank. Telecommunications Services Translation Services - Routine correspondence relating to requisitions for 1 year after services provided. Travel Arrangements for tickets, passage, taxi services, fares and tariffs, etc.) Baggage - Lost, Damaged or Unclaimed 1 year 1 year Effects (Air, rail, road and water ) - Property and goods - Routine correspondence 1 year Freight and Express (Air, rail, road and water) Routine correspondence 1 year Freight and Express - Rates, Tariffs, Schedules, etc. Hotel Reservations Until superseded or revoked 6 months Personnel (Air, rail, road and water) Routine correspondence 1 year Visits and tours - Routine correspondence 1 year - Routine itineraries 6 months 1 References to active and dormant periods (A-2, D-3) will be removed and are left to the discretion of the institution. 2 As per the Privacy Act, under Privacy Regulations, Section 7,the head of a government institution shall retain for a period of at least two years following the date on which a request for access to personal information is received by the institution under paragraph 8(2)(e) of the Act

11 (a) a copy of every request received; and (b) a record of any information disclosed pursuant to such a request. Section 8 (2)(e) of the Privacy Act deals with requests made by an investigative body specified in the regulations. 3 As per the Privacy Act, under Privacy Regulations, Section 7,the head of a government institution shall retain for a period of at least two years following the date on which a request for access to personal information is received by the institution under paragraph 8(2)(e) of the Act (a) a copy of every request received; and (b) a record of any information disclosed pursuant to such a request. Section 8 (2)(e) of the Privacy Act deals with requests made by an investigative body specified in the regulations. 4 Former retention guidance provided stated Until superseded or amended. Suggested retention change to 2 years in keeping with the change in the subject heading from RDA s to RDA files (the former of which are not considered common administrative records). 5 Former retention guidance provided stated Until superseded or revoked. New retention guidance of 5 years after superseded or revoked applied as regulations and orders can be linked to Policy and Procedures and should therefore inherit the same retention period. 6 Previously Duplication and Reproduction Services - Requisitions identified under this heading (retention period, 6 months). As requisitions are financial in nature the LAC teams feels they fall more appropriately under the retention guidance provided for the Comptrollership function for financial records, which is 6 yrs. As such, this item is not part of the General Administrative function and should be pulled. The Comptrollership Function suggests a standard retention period of 6 fiscal years for financial transaction records such as vouchers, invoices, claims etc... This retention is applied after all administrative actions have been completed. Also, what LAC is currently investigating, is whether there are any legislative or policies in place which bolster the need to apply the same retention period to common administrative records that support or document a financial action. References: the 1996 Treasury Board Policy on Electronic Authorization and Authentication Appendix A, Guidelines, iii Audit states that The electronic authorization and authentication system and processes should be designed to ensure complete auditability. The audit trail should include delegation matrices, user profiles and all the electronic authorization and authentication data and files required to reconstruct the sequence of events and the transactions processed and the Treasury Board Policy on Internal Audit (takes effect on April 1, 2006 and will replace the 2001 Policy on Internal Audit) under section 5. Policy Requirements, 5.5 states that Deputy heads of all departments are responsible for: under "Ensuring that the audit committee receives all of the information and documentation needed or requested to fulfill its responsibilities, subject to applicable legislation."