Approved Date – 02/22/2021
Published Date – 02/22/2021
Revised Date – 02/23/2023
Ensure that data and electronic records belonging to the District of Columbia Government (“District”) are protected, properly maintained, and securely disposed of when they have reached their end of life.
DC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer ("OCTO") with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District government. This document can be found at: https://code.dccouncil.us/dc/council/code/sections/1-1402.html.
This policy applies to all data and records belonging to the District and all District Government Workforce members (including employees, contractors, vendors, consultants, temporary staff, interns, and volunteers) performing official functions on behalf of the District Government and/or any District Government agency, organization, and entity (e.g. subordinate and independent agencies which receive enterprise services from the District of Columbia Office of the Chief Technology Officer ("OCTO")). In addition, this policy applies to any provider and third-party entity with access to the District's information, systems, networks, and applications.
District agencies and departments must develop or adhere to a strategy which demonstrates compliance with this policy and its related standards. The following outlines the requirements for this policy.
The District's agencies must develop and review or update annually and after change to the policy, a procedure in support of this policy with the following requirements.
4.1. Data and Records Retention
District agency must create a Records Retention Schedule (“Schedule”) which has been approved by the District’s Office of Public Records.
4.1.1. The Records Retention Schedule must, at a minimum, contain the following details:
- Record Number
- Record Title
- Record Description
- Approved Retention Period
4.1.2. All datasets of an agency should be included in the agency’s Record Retention Schedule.
4.1.3. No data or records belonging to the District or any of its agencies shall be disposed of or deleted if such agency does not maintain an approved Records Retention Schedule.
4.1.4. If an agency has an approved Records Retention Schedule but the agency owns data or records that are not included in the approved Schedule, such data or records must not be disposed of or deleted until the Schedule has been updated to include all such data or records.
4.2. Records Retention Schedules Review
Under DCMR, title 1, section 1504.1(h), each agency must review its Records Retention Schedule annually to determine if additional datasets need to be added to the Schedule.
4.3. Disposal of Data and Records
The disposal of the District’s data and records must be done per the retention periods provided in the Records Retention Schedule.
4.4. Suspension of Data and Records Retention Schedule
The retention period specified in the Records Retention Schedule shall be suspended in the event of any of the following, which may require the District to preserve the affected data or records:
4.4.1. The District Government or any of its agencies is served with a subpoena or request for documents.
4.4.2. There is a governmental investigation or audit concerning the District Government or any of its agencies.
4.4.3. There is the commencement of litigation against or concerning the District Government or a District Government agency.
Exceptions to this Policy shall be requested in writing to the Agency’s CIO, and the request will be escalated to OCTO’s Chief Information Security Officer (“CISO”), the Chief Data Officer (“CDO”) and the Office of Public Records’ Public Records Administrator.
The definition of the terms used in this document can be found in the Policy Definitions website.