*Following initial publication of this policy in December 2025, it was reviewed by the NJ Department of the Treasury, specifically Records Management Services (RMS). RMS advanced modest revisions in accordance with Title 47, NJ Public Records Laws, and a change of the Policy’s name from “Secure Handling & Disposal of Documents” to “Enterprise-wide Public Records Retention & Disposal.”

Policy Statement

In accordance with Title 47, New Jersey Public Records Law, Ramapo College recognizes that all of the records, regardless of their medium, which are created, maintained, received or distributed college-wide are deemed to be Public Records. Therefore ensuring the legal and secure scanning, storage, retention and disposal of hardcopy, digital, electronic and scanned Public Records—including but limited to those containing Personal Identifiable Information (PII).

Reason for Policy

Ramapo College recognizes its legal responsibility to ensure the secure scanning, storage, retention and disposal of all documents regardless of their medium, including those containing Personal Identifiable Information (PII).

This policy establishes the standards and procedures necessary to safeguard sensitive information, maintain compliance with applicable data protection regulations, and uphold internal records retention and information security requirements.

This policy does not supersede Policy 642 Records Retention or the State of New Jersey Public Records Law’s records retention and disposition requirements.

To Whom Does the Policy Apply

This policy applies to all College departments and all the records they scan, store, retain or manage —particularly those containing sensitive or confidential information—using enterprise systems, including but not limited to Banner and its Document Management module.

Contact

Information Technology Services

Supplemental Resources:

• Procedure 412: Enterprise-wide Public Records Retention and Disposal
• Policy 642: Records Retention
• Policy 410: Data Protection (PII)

I. Banner Document Management (BDM) Record Guidelines

These guidelines apply to records scanned into Banner Document Management (BDM), the College’s official document management system.

a. System of Record

• Once a document is successfully scanned into BDM, it becomes the institution’s official system of record for that document. This aligns with the purpose of BDM as an enterprise records management system designed for secure, compliant document storage.

b. Document Validation

• Prior to uploading, staff must ensure that the scanned document is authentic and complete.
• All required signatures are obtained and are legible.
• Documents must include all required fields and identifiers (e.g., student ID, employee name, date).
• If a document is incomplete or questionable, consult with the appropriate department before uploading.

c. Redaction and PII Handling

• Personally Identifiable Information (PII) that is not required for the business purpose or system function should be removed prior to scanning, uploading, or attaching, with the exception of retaining only the last four digits of a Social Security Number or R Number, if necessary.
• Departments must use care when handling documents that contain PII to prevent unauthorized disclosure.
• Scanners and users should follow all data security protocols when managing sensitive information.

d. Scanning and Uploading Standards

• Documents must be scanned via your unit’s designated BDM scanner only.
• Preferred file format is PDF; mobile device scans may use JPEG when appropriate and approved.
• Ensure scanned or uploaded images are complete, legible, clear, and properly aligned.
• Validate that the number of pages scanned matches the physical document.

e. Storage Restrictions

• Documents scanned, attached, or uploaded to BDM must not be stored separately on local drives or personal folders.

f. Retention and Disposal

• Because documents stored in BDM become the official public record, any hardcopy documents scanned, attached, or uploaded to BDM may be disposed after submission and receipt of authorization of a Request and Authorization for Records Disposal through the Artemis online Records Management System – the Department of the Treasury, Division of Revenue and Enterprise Services, Records Management Services. Documents uploaded to BDM and stored within the Banner system are centrally backed up and retained in accordance with the Records Retention time periods as per the State of New Jersey, Records Management Services’ record retention and disposition requirements.

g. Security and System Standards

• System access must be tied to individual user accounts; shared accounts are prohibited unless explicitly approved by the system owner with appropriate logging and accountability in place.
• When an employee departs from a department, the unit manager is responsible for terminating (or notifying ITS to terminate) their access to all scanning and document management systems or devices.

II. Scanning Guidelines for Non-BDM Related Documents

These guidelines apply to non-BDM related activities, such as saving files on shared network drives, cloud drives, saving files from email, etc.:

• If the original document is electronic, it can be saved onto the network drive, which is backed up once a day.
• If the original document is on paper, the paper copy must be retained in accordance with the Records Retention time periods as denoted in Records Management Services’ records retention schedules.
• Scanned copies cannot be modified and while not the official record, they are Public Records and subject to the time periods as denoted in Records Management Services’ records retention schedules.
• For security reasons, files should not be saved on desktop or local computer folders (folders that are not on the network drive). As an example, if a computer crashes, any locally stored data will be lost, as desktop storage is not backed up.

Security and System Standards

• Devices such as network-connected scanners, printers, fax machines, and copiers may store digital images of scanned documents. These devices should be configured to automatically delete stored data or must be manually cleared on a regular basis, or if the data should remain, the device must encrypt the data.
• Departments are encouraged to implement or request automatic memory wipe settings on multifunction devices (i.e. printers) where feasible, if not already done so by default.

III. All Documents: Legal and Regulatory Alignment

All files—regardless of where they are stored, presented, or accessed—must comply with all applicable federal, state, and institutional regulations governing the handling of sensitive and protected information. This includes, but is not limited to:

• FERPA (Family Educational Rights and Privacy Act)
• HIPAA (Health Insurance Portability and Accountability Act)
• GLBA (Gramm-Leach-Bliley Act)
• Title 47, New Jersey Public Records Law
• Public Records Requests and Litigation Holds

Departments are responsible for ensuring that all documents scanned, uploaded, or attached into College systems are managed in compliance with these legal requirements. For this reason, each office should develop the processes, procedures, and policies to support Banner Document Management. For guidance on how specific laws or regulations apply to a particular office’s records, or for assistance interpreting retention or access issues, please contact the Records Custodian or the Office of the General Counsel.

IV. All documents: Disposition

All records maintained by the College —whether in BDM, scanned, hardcopy, or other formats are deemed to be Public Records and must be retained and disposed in compliance with Title 47, New Jersey Public Records Law’s record retention and disposition requirements. See Policy 642: Records Retention.