Records should be organized in a manner that they are readily available within 24 hours of official request by auditors / inspectors, management, participants, etc.
Electronic databases should be redundant. That is, there should be mirror image in case of corruption of the original file(s). This can often be accomplished by campus server systems. Personal computers, USB flash drives, or other “temporary” forms of data storage should be avoided. Classroom records should be backed up with a roster (original, copy, or electronic archive); that is, rosters should serve as evidence of successful completion of training.
Learning management systems (LMS), such as the SumTotal LMS, are a preferred method for documentation, tracking, and reporting of training, online training, and training content. These software applications provide an easy way to retrieve and manage training records. Campuses may wish to formulate policy identifying these electronic databases as the official record of health and safety training.
Right of Access
In compliance with the Family Educational Rights and Privacy Act, with the exception of directory information, all records are confidential and available only to the participant(s). The following information has been designated as directory information by UC systemwide policy:
Directory information (available to public)
- Address (Local and/or Permanent)
- Telephone numbers
- Birth date and place
- Field(s) of study
- Date(s) of attendance
- Grade Level
- Enrollment status (i.e., undergraduate or graduate, full time or part time)
- Number course units enrolled
- Degrees and honors received
- Most recent previous educational institution
- Participation in officially recognized activities (i.e., athletics)
- Athlete information (name, weight, and height)
This information, in accordance with FERPA, may be released to any person who requests it unless specifically requested by participant(s) that it be restricted. The University may not disclose or confirm directory information without the participant’s consent if a social security number (SSN) or other non-directory information is used, alone or combined with other data elements, to identify or help identify the participant or their records. In other words, if a potential employer wants to confirm a participant’s dates of attendance and submits the participant’s SSN, the University may not use the SSN to help identify the participant. To do so would confirm the SSN, which is not directory information.
the training history related to the employee’s job duties. Employee’s training records should be assessable if needed in an accident related incident for federal, state, or local investigations. Many states are aggressive protectors of employee privacy and random or unauthorized access to personnel files can bring on severe penalties. Make sure that personnel training files are kept in a secure and assessable location. When asked by people outside the company to provide "verification" of certain employment information about your employees, make it a practice to confirm only the information your employees have authorized you to release. Employee authorization should be in writing and specify the information they wish you to reveal. Tell your employee the policy is designed for his/her protection.
Proprietary information is defined broadly as any information that gives the University a competitive advantage or could be damaging to the University if the disclosure of this information is out of control.
Proprietary documents need to be protected by appropriate labeling from the time they are created until they are released or are safely destroyed. Three commonly used proprietary labels are as follows:
- Proprietary: Internal Use OnlyUse this label for general information, such as schedule of classes, or course listings, that are distributed throughout the University.
- Proprietary/Confidential: Need-to-KnowUse this label for all pre-release product documentation and information. This covers all information that is distributed to product teams (manuals, release notes, research papers, or specifications).
- Proprietary/Confidential: RegisteredUse this label for highly sensitive information, where numbered copies are made and carefully controlled.
In general, most documentation should have the label "[Campus Name] Proprietary/Confidential: Need-to-Know." Be sure to remove the proprietary label before producing the final production version of the documentation. If you have any questions about proprietary labels, send them to counsel in your legal department.