- Service Design and Guidance
- UW Sourced
- UW-IT Governance Sourced
- State and/or Federal Sourced
- UW Medicine Sourced
- Vendor Sourced
A list of guidance offered by the Productivity Platforms Service Management team. The information on this page should not be considered comprehensive nor exhaustive, but instead as a starting point to assist with adherence to UW and Washington state policies, compliance, and regulatory requirements. Please consult with the UW offices that are responsible for documenting and distributing policies and related information, including but not limited to the following:
- UW Privacy Office
- Records Management Services
- Office of the Youth Protection Coordinator
- UW Compliance and Risk Services
- UW Medicine Compliance
- UW Google and Youth
- Data Retention Policy
- UW Google Account & Data Deletion
- Google Consumer Services and Third-Party Services
- Google Consumer Services
- Unmanaged Content in UW Google Shared Drives
- UW Office 365 Account & Data Deletion
- Productivity Platforms are designed for collaboration
- File Ownership and Preserving Data
- Why Productivity Platforms deletes unmanaged content
Any use beyond students directly enrolled in University of Washington, Continuum College, or programs with specific contractual languages and policies placing them entirely under UW policies and governance, is not likely to meet compliance standards such as FERPA.
Additional key articles and guidance provided by the UW Office of the Youth Protection Coordinator and UW Privacy Office to review:
- APS 10.13 Policy Resource Guide
- Guidance for virtual youth programs
- Appropriate Collection and Use of Youth Data
A single data retention policy does not apply to the UW Google service due to the broad scope of administrative, academic, and personal information created and stored via this service. Consequently, users of this service are responsible for managing and deleting their UW Google documents in accordance with University of Washington retention guidelines. For more information, please refer to the UW Records Management Services website.
Access to UW Google is contingent upon an active affiliation with the University of Washington. Upon departure from the UW, a UW Google account and data associated with a UW NetID will be deleted according to the timelines defined on the UW Google Account & Data Deletion page.
Access to UW Google is contingent upon an active affiliation with the University of Washington. Upon departure from the UW, a UW Google account and data associated with a UW NetID will be deleted according to the following timelines. (Continue reading)
While Google offers additional Consumer and Third-Party Services, please be aware that these services are not subject to the same agreements we have in place for the UW Google Core Services (above), and most importantly, are not considered compliant with the Family Educational Rights and Privacy Act (FERPA). Click to read more about FERPA for UW students and FERPA for UW faculty and staff.
UW-IT does not support Google Consumer Services and/or products. Please see the UW Google page for a list of the Google Core Services that UW-IT does support.
All UW Google Shared Drives must have a current UW employee in the Manager role or will be subject to deletion without an option for data recovery. Please review the Shared Drive Deletion Policy.
Access to UW Office 365 is contingent upon an active affiliation with the University of Washington. Upon departure from the UW, a UW Office 365 account and data associated with a UW NetID will be deleted according to the following timelines. (Continue reading)
Applies to Both Services
Both UW Google and UW O365 platforms are designed as collaboration services with a fair amount of storage for a variety of file types and sizes. However, using either platform as a place for maintaining system backups and images, high-capacity storage, or many of the other creative utilization scenarios implemented by UW members is not recommended. The UW offers much more robust, responsive, and storage-centered solutions. For more information about these solutions, please choose from the links below to get started:
When saving and storing files, it is important to keep in mind that the UW must maintain compliance with state and federal laws and regulations relating to the preservation and destruction of information created and received by the UW.
- It is the general policy of the UW to:
- Create only the records it needs
- Retain records according to legally approved records retention schedules
- Maintain active and inactive records in appropriate storage equipment and locations
- Discard records when no longer required
- Preserve records of historical significance
- Identify and protect vital records
This policy applies as well to files that have been shared with you. Among the files that others share with you may be records that are subject to records retention requirements and should be preserved or deleted according to a legally approved records retention schedule. These records may also be responsive to an audit, public records request or litigation and as such must be maintained until the matter is resolved.
If you have specific questions about Records Management at UW, please contact Records Management Services.
If you have specific questions about Records Management at UW Medicine, please contact UW Medicine Records Management Services (RMS).
Unmanaged content (data) is a compliance and regulatory risk which is why the Productivity Platform team follows published lifecycle protocols that include data deletion. The information below provides an overview of the factors guiding the published lifecycle protocol:
- Data in our systems need to have data retention and access controls maintained or removed per a published lifecycle for data that falls out of that state.
- Data should not be retained without active access management, less we risk violating APS 2.6.5 and APS 2.6.1 and other similar compliance standards, for extended periods of risk exposure or in cases where control of access cannot reasonably be reestablished. This also is in support of UW Privacy goals, FERPA and HIPAA compliance requirements.
- Data should not be retained without active records management from either responsible individual(s) or an automated process, for extended periods of risk exposure or in cases were control of data lifecycle cannot reasonably be reestablished. This also is in support of UW Privacy goals, FERPA, and HIPAA compliance requirements.
- Data cannot be retained in a way that is not visible to the end users, responsible for responding to Public Records Requests or other eDiscovery activities, until such time as such processes and staffing resources are implemented that allow retrieval of hidden data that is retained, and records retention can be handled centrally or in an automated fashion per point #2. Retaining data for which the UW does not have process and staffing to return as required by law or court order opens the UW to substantial risks and liabilities.
- User held data should be treated as “confidential” and not released or transferred to others unless there is a specific and documented process followed that assures privacy, consistency, fairness, and compliance.
- APS 10.13 Policy Resource Guide
- Guidance for virtual youth programs
- Records Management Services > Retention Schedules
- Records Management Services > UW Google Changes
- Graduating Students: Preserve your UW Work
- UW Privacy Office > Access and Use Agreement
“Administrative Policy Statement 10.13 Requirements for University and Third Party Led Youth Programs protects the well-being of youth (i.e., individuals under age 18) involved in UW programs, activities, events, and research, and safeguards them against harm. It is everyone’s responsibility to protect youth from harm. Those who have interactions with youth as part of their UW duties must follow the specific requirements …” (Continue reading)
“Virtual interactions can allow youth programs to reach to wider audiences and engage participants in creative and effective ways. However, online interactions pose new and different risks to youth which must be considered in program design and implementation.” (Continue reading)
“A retention schedule is a list of the types of records (record series) created, received, and used by an institution along with information on how long to keep them and when to delete them. Records Management Services creates the retention schedules that are legally-approved for use by the UW.” (Continue reading)
“As a state agency, any recorded information created, received, or used by University employees is considered a record. Each office and each employee at the University of Washington has the legal responsibility to demonstrate the proper care and management of their records. Every record has a specific amount of time it needs to be kept before it can be destroyed, also known as the retention period. The retention period is based on the content of a record, not the format.” (Continue reading)
“After you leave the UW, the documents and data that you created or have stored using UW services will be permanently deleted.
Your work may be useful at some point to create a portfolio for a job search or grad school application. You might also find that you own critical files for ongoing UW work or research that need to be transferred to another person at UW.
Therefore, it’s important to take time to before you graduate go through the UW services (UW Google Drive, UW Office 365 OneDrive for Business, Canvas, etc.) you have used as a student and transfer any documents and data that you wish to preserve.” (Continue reading)
“The Access and Use Agreement for UW Data and Information Systems (‘Agreement’) helps raise employees’ awareness of their privacy and information security responsibilities, as articulated in University policies. This is an important part of promoting privacy and information security best practices that help protect University data and systems.” (Continue reading)
“Data associated with cloud services such as UW Office 365 and UW Google is subject to the same policies that regulate all other types of electronic records at the UW. As a result, contracts are in place with the vendors to address many important legal, regulatory, and compliance issues.” (Continue reading)
“When does my access to IT services expire?” (Continue reading)
“The Family Educational Rights and Privacy Act (FERPA) of 1974 is a federal law that protects the privacy of student education records. FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education.” (Continue reading)
“The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.” (Continue reading)
“This is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information. Because it is an overview of the Security Rule, it does not address every detail of each provision.” (Continue reading)
“The University of Washington has signed an agreement with Microsoft that satisfies the requirements for appropriate legal agreements. UW Medicine workforce may use UW-supported Office 365 including UW OneDrive for Business (not OneDrive), Lync, and Azure. No other institutional agreements satisfy UW Medicine’s requirements for appropriate legal agreements. This includes Google apps.
Due to the frequency of change, please follow the link here to read the policy in full.
If you need further assistance, please contact UW-IT at email@example.com or 206-221-5000.