• Home
  • Frequently Asked Questions

Frequently Asked Questions

Information Management:

  • What is information management?

    A comprehensive approach to information management ensures that information is kept secure and is available when you need it.

  • Why is information management important?

    Everyday at KU we create and use information in our research, teaching, classes and service to the State of Kansas. Stewardship of the University’s information assets is a shared responsibility across KU. Each of us plays a vital role. Information management will improve our handling and securing of private information, our management of university records, and will ensure the preservation of KU’s institutional memory for today’s decision-makers and tomorrow’s scholars.

  • How secure does my information need to be?

    An assessment of the information in question will help determine how private and/or secure it needs to be. The protection of certain kinds of information is regulated by law. You will also need to consider the business impact if the information is lost, stolen or becomes irretrievable.

  • Are other universities doing this?

    Many universities have developed or are beginning to develop strategies for information management, including The University of Notre Dame, Stanford, University of Texas, Purdue, Indiana University, and MIT.

Records Management:

  • What is a record?

    Generally, a record is information that either results from the conduct of an official activity, or that is employed in the course of planning and/or decision making prior to such activity. As an agency of the State of Kansas, KU creates and utilizes state government records. Consequently, the University is required to develop and to maintain a records management program that ensures the preservation of state government records.

  • Are paper records handled any differently than electronic records?

    Paper records and electronic records are basically the same but exist in different formats that require different methods of maintenance and preservation. Electronic records require that decisions are made during the entire life cycle of the record from its creation through disposition in order to ensure that the record is available for continued access and use.

    The intended outcome for handling records (no matter what format) should always be the same: keep what you need for as long as you need it; once it is no longer needed, check the University records retention schedule.

    The KU Records Retention and Disposition schedule outlines the recommended periods for retaining certain types of records and appropriate methods for disposing of them once the retention period has expired.

    Depending on the format your records are in (paper, electronic, etc.), you may need to use different tools or methods to appropriately handle them to achieve the intended outcome stated above. (For example, paper records may require locked file cabinets; whereas electronic mail archives may need to be encrypted.)

  • How long do I need to keep it?

    As a rule of thumb, never dispose of anything that is involved in a pending or threatened litigation. Retain all records from a closed grant for at least 3 years from the close (or as directed by the Granting agency). Retain employment records for the period of employment plus 5 years. For additional guidance, refer to the KU Record Retention schedule.

  • How do I dispose of paper records? How do I dispose of electronic records?

    First, check the KU Record Retention schedule for information on how long to retain certain types of records. This information will be periodically updated and expanded, so please check back to find out more on Record Retention at KU.

    Disposal of Confidential Information:
    Currently, there are two methods recommended to securely dispose of confidential, paper documents (or CD's, DVD's, etc.) including:

    1. shredding (cross cut or diamond cut shredder recommended) or pulverizing materials; or
    2. disposal in secure, locked shredding consoles (contract is currently available from Shred-it on the purchasing website or you may individually contract with another vendor for these services—please check with the purchasing department).

    More on disposal of confidential electronic files can be found at the IT Security website (www.security.ku.edu).

    More on effective shredding options can be found at the Privacy website.

  • How do I transfer records to the University Archives?

    Contact Archives by calling this 785-864-4334. A staff member will assist you.

  • Can I give my old records to the historical society or public library?

    Before you offer any record to a historical society, public library, or any other entity, you must contact your University Records Officer or Archivist. Permanent records must be kept either in your offices, in your University Archives, or in an authorized space designated for the storage of permanently valuable records.

Security and Confidentiality:

  • How do I report a data security breach (paper or electronic)?

    If you suspect a breach of private information or systems, immediately contact the KU Customer Service Center at 864-8080 and tell them you suspect a breach. They will assist you appropriately. Then report the incident to your Chair or Unit Director.

  • How do I report a lost or stolen device with private information on it?

    Immediately contact the KU Public Safety unit at 864-5900. Additionally, contact the KU Customer Service Center at 864-8080 and tell them you suspect a breach. They will assist you appropriately. Then report the incident to your Chair or Unit Director.

  • Who in my department is responsible for reporting a breach or loss of equipment?

    The person who discovers the loss or breach should immediately report the incident as described above. Additionally, the Chair or Unit Director should be notified of the incident.

  • What does FERPA cover?

    The Family Educational Rights and Privacy Act (FERPA) provides higher education students the right to have access to their education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. More information on the University’s FERPA-related policies is found at:

  • What does HIPAA cover?

    The Health Insurance Portability and Accountability Act (HIPAA) places significant privacy and security requirements on health care practitioners and researchers that handle individually identifiable health information.

    More information and resources can be found at the KU Privacy Office website.

  • What does GLB cover?

    The Gramm-Leach-Bliley Act (GLB) regulates the disclosure of non-public personal information by financial institutions. Institutions of higher education are covered by the law's definition of "financial institutions" as they participate in financial activities, (e.g. offering Federal Perkins Loans).

  • What is PCI DSS?

    The Payment Card Industry (PCI) Data Security Standard (DSS) places stringent requirements on the storage, processing and transmission of data elements found on payment cards. Data elements include: Primary Account Number (PAN), cardholder name, service code, expiration date, CVC2/CVV2/CID, and PIN/PIN block.

    The standards were developed by a group of companies including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The PCI standards include requirements for security management, policies, procedures, network architecture, software design and other protective measures.

  • Which of these laws trumps or preempts the other ones?

    It depends. If you are adhering to the most stringent privacy and security standards (HIPAA), then you may already be in compliance with the other laws. An assessment of the information in question will help determine how private and/or secure it needs to be. You will also need to consider the business impact if the information is lost, stolen, or becomes irretrievable. Please contact the Privacy Office or Office of General Counsel for more information on these laws and their interactions.

Contacts for Assistance:

  • Who do I call for help?

    As the information management program develops, additional resources (tools, services, people, policies, etc.) will become available to you. For now, to ensure your question gets in the right hands, please contact the Office of the Vice Provost for Information Services, 864-4999, or vpinfo@ku.edu.

  • How do I report inappropriate email?

    For information on spam and other email that may seem inappropriate, what KU is doing about it, how to move tagged messages out of your inbox, and how to report spam and other email abuses visit the IT Security Office website.

Faculty / Staff Training:

Office of the Provost
Feedback/Let Us Know

Do you have a concern, or would you like to offer your thoughts on a proposal put forward by this office?

The Provost Office offers an anonymous form so you can raise issues important to you or respond to issues and activities on campus. 

Let Us Know.

RT @Beak _Healthy: So you have an enrollment hold – now what? Watkins Compliance Coordinator can answer questions about these types of holds…

Policy Library Search

Visit the Policy Office for more information.

Green Office

Why KU
  • One of 34 U.S. public institutions in the prestigious Association of American Universities
  • 44 nationally ranked graduate programs.
    —U.S. News & World Report
  • Top 50 nationwide for size of library collection.
  • 5th nationwide for service to veterans —"Best for Vets: Colleges," Military Times