Data Retention

Policy Summary: CAMS Institute LMS Data Retention

The CAMS Institute Learning Management System (LMS) Data Retention Policy governs how long data on camscourses.online will be kept and how it will be securely disposed of.

1. Primary Goals

The policy's main objectives are:

  • Legal Compliance: To adhere to legal requirements, particularly the Protection of Personal Information Act (POPIA).

  • Data Security: To protect the personal information of all users (students, faculty, staff).

  • System Efficiency: To manage the LMS effectively by removing data that is no longer necessary.

2. Key Retention Periods (Maximum Retention)

The retention periods are based on the need for the data, generally starting from the Course Completion Date or the End of the Student Relationship.

Data Type Retention Period Why It's Kept
Student Profile Data (Name, ID, Contact Info) End of Relationship + 1 Year To handle post-course inquiries and institutional continuity.
Student Submissions/Grades (Assignments, Quizzes) Course Completion + 6 Years To address academic appeals, grade disputes, and legal limitation periods.
Course Content (Lectures, Materials, without student data) Course Completion + 5 Years For faculty reuse, updating, and historical reference of course design.
Activity/Access Logs (Logins, content accessed) Current Academic Year + 1 Year For security auditing, troubleshooting, and system monitoring.

3. Key Procedures & Responsibilities

  • Secure Disposal: Data must be destroyed in a manner that prevents recovery once the retention period expires.

  • Legal Hold: Destruction must be suspended immediately if the data becomes subject to an audit, investigation, or legal action.

  • LMS Administrator: Responsible for executing the deletion process, monitoring compliance, and maintaining a Register of Destruction to log all disposal actions.

  • Faculty/Instructors: Must export any necessary course content before deletion and are strictly forbidden from retaining student personal information on non-secure, local devices.

CAMS Institute Learning Management System (LMS) Data Retention Policy

1. Purpose and Scope

This policy defines the necessary periods for retaining and securely disposing of data collected and stored within the CAMS Institute Learning Management System (LMS), accessible via camscourses.online.

The primary goals are to:

  • Comply with legal and regulatory obligations, notably the POPIA and other applicable laws.

  • Protect the personal information of students, faculty, and staff.

  • Ensure CAMS Institute retains educational records for necessary institutional purposes.

  • Maintain the security, performance, and efficiency of the LMS by eliminating unnecessary data.

This policy applies to all data generated and stored within the LMS, regardless of format (e.g., text, files, electronic records, logs) and encompasses data related to students, faculty, and courses.

2. General Principles

  • Necessity: Data will not be kept longer than is necessary to fulfil the purpose for which it was collected or as required by law.

  • Secure Disposal: All data scheduled for disposal will be destroyed in a manner that prevents its reconstruction in an intelligible form.

  • Official Repository: The LMS is primarily a delivery and tracking platform. Official, permanent records (e.g., final grades, official certifications) may be retained longer in the institute's official student record system, which is the definitive repository.

  • Suspension of Destruction: Data destruction will be suspended immediately if the data is subject to a legal hold (e.g., in the event of litigation, audit, or official investigation).

3. Data Retention Schedule for the LMS

The retention periods for data within the camscourses.online LMS are classified by data type:

Data Type Description Retention Period Action at End of Period Legal Basis / Purpose
Student/User Profile Data Name, email, ID, demographic data, contact info. End of Student Relationship + 1 Year Secure Deletion To handle post-course inquiries (e.g., grade queries, transfer records) and institutional continuity.
Course Content Instructor-uploaded materials, lecture notes, videos, quizzes (without student data). Course Completion Date + 5 Years Secure Deletion or Archive Faculty often need to reuse and update content for subsequent courses and retain historical course design data.
Student Submissions/Grades Assignments, forum posts, quiz results, final calculated grades within the LMS. Course Completion Date + 6 Years Secure Deletion To address grade disputes, academic appeals, and provide a record of student performance beyond the immediate course term. This aligns with standard litigation periods.
Activity/Access Logs Login/logout times, content accessed, IP addresses. Current Academic Year + 1 Year Secure Deletion System auditing, security monitoring, and troubleshooting.
Enrolment/Course Access Records of a user's enrollment in a specific course. Course Completion Date + 6 Years Secure Deletion Provides proof of participation for historical reference and administrative tasks.
Communication Records Internal LMS messages, discussion posts. Course Completion Date + 6 Years Secure Deletion Context for grading, participation, and academic integrity purposes.

Note: The "End of Student Relationship" is defined as the date of course completion, graduation, or formal withdrawal from CAMS Institute, whichever is latest.

4. Responsibilities

  • System Administrator (LMS Manager):

    • Implementing and managing the technical procedures for secure data deletion and archiving.

    • Monitoring the LMS system for compliance with this policy.

    • Providing a Register of Destruction to document all deletion events.

  • Faculty/Instructors:

    • Ensuring that any course content they wish to keep beyond the stated retention period is exported and stored securely outside the LMS (e.g., on an institute-approved secure cloud drive) before the deletion date.

    • They must not download or retain student personal information or student work on local or non-secure devices.

  • Data Protection Officer (DPO) / Designated Officer:

    • Reviewing and updating this policy annually.

    • Approving any exceptions to the standard retention periods.

5. Data Disposal Procedures

When the defined retention period for a data type expires, the following steps will be taken:

  1. Review: The LMS Administrator will identify all data records that have met or exceeded their retention period.

  2. Notification: Instructors/Relevant Departments will be notified in advance (e.g., 90 days) of the scheduled course deletion, providing them an opportunity to export necessary course content.

  3. Deletion: Data will be deleted using methods that ensure non-recoverability (e.g., hard deletion from the database, secure file erasure).

  4. Logging: The date, type, and volume of data destroyed will be recorded in the Register of Destruction.

  5. Backups: Deleted data will be removed from all active and archival backup systems in line with CAMS Institute's overall backup retention schedule, but not longer than one year after the primary deletion.

Back
Back to top