What are retention schedules?
Retention schedules are documents that articulate how long information within a records series, or data set, should be retained by your office. They are often organized by series, and provide you with information regarding what should be done with records or data in your care once it has reached the end of its retention period.
Where do I find retention schedules?
Official retention schedules are stored by the University of Toronto Archives and Records Management Services. More information is available from them at http://archives.library.utoronto.ca/dbtw-wpd/textbase/webschedule/
ISEA’s retention schedules
ISEA has officially created retention schedules for:
- ISEA Logs
- Bill C-11 incident reports
These retention and disposition practices take into consideration consultations with ISEA staff, archives and records management professionals, the operational resources and requirements of ISEA, in addition to relevant legislative requirements (e.g., FIPPA, Bill C-11).
In the event that data appears subject to two different retention periods, departmental practice should be to retain the log for the longest time period applicable. For example: A web access log may include personally identifiable data. If there was an internal request for information about when a person accessed the web application, then the request and specific data relating to the request might be considered to be subject to FIPPA legislation. This legislation would require a different retention period.
The following retention schedule recommendations are broken down by log or data type.
Logs
Debug Logs
Logs captured or created during the process of troubleshooting system errors.
- Retention period: As long as operationally necessary.
- Final disposition: Destroy as issue resolved.
Access Logs
Logs captured or created during an authorization or authentication process. Examples of access logs include but are not limited to audit logs, and activity logs that include indicators of access.[1]
- Retention period: A minimum of 90 days.
- Final disposition: Destroy after 90 days, unless required internally or by law for investigative purposes.
Operational Logs
Logs captured or created as a result of everyday business operations. Examples of operational logs include but are not limited to network logs, system performance logs, and transaction logs.
- Retention period: A minimum of 60 days.
- Final disposition: Destroy after 60 days, unless otherwise required for departmental operations or as required by legislation.
Bill C-11 Incident Reports
Bill C-11 Incident Reports must be tracked internally by ISEA in different stages.
The complainant has 6 months to pursue legal action against individuals identified in the Incident Reports. In the event that the complainant takes legal action against the individual identified in the report, ISEA must retain these reports for an additional 12 months from the date they receive notice that court proceedings are being launched.
Bill C-11 Incident Reports (Identified)
Reports containing personally identifiable forensic information extracted from logs that are created in response to Bill C-11 notices. These reports successfully link an IP address associated with an inflation to a UTORid. This records series excludes all incident reports that are not related to Bill C-11.
- Retention periods:
- A minimum of one year after last use if no legal action is taken (subject to FIPPA requirements regarding the retention of information containing PII).
- Maximum potential retention period of 18 months in the event that court proceedings are launched.
- Final disposition:
- If court proceedings are not launched, destroy 12 months after receipt of initial notice from complainant.
- If court proceedings are launched, destroy 12 months after the date that the complainant first takes legal action against the individual identified in the incident report.
- Must destroy after 18 months.
Bill C-11 Incident Reports (Unidentified)
Reports containing forensic information extracted from logs that are created in response to Bill C-11 notices. These reports may contain an IP address, but will not contain personally identifiable information. This record series excludes all incident reports that are not related to Bill C-11.
- Retention period:
- 6 months after last use.
- Final disposition:
- Must destroy after 6 months.