Handling of Printed Information (paper, microfiche, microfilm)

How printed information should be handled is based upon the category of data that is contained in the document.  Printed information should be handled according to the highest classification level of data contained in the document.  For example, if a document contains both Public and Restricted information, then the document should be handled according to the Restricted classification.  Purdue Data Custodians are urged to contact the Data Stewards for guidance in cases that present handling questions or security concerns.

Actions

• Print Hard Copy of Information

• Storage of Printed Documents

• Duplication and Distribution of Paper Documents

• Mailing of Paper Documents via Campus Mail or External Carrier

• Fax Paper Documents

• Labeling Paper Documents

• Disposal of Printed Documents

Print Hard Copy of Information

This action covers printing documents from applications and databases.  Once the data is reproduced in paper form, Data Custodians should follow the handling requirements for printed information.   

Storage of Printed Documents

Duplication and Distribution of Paper Documents

This action covers the duplication of printed documents only. Copies should only be made as specifically needed.  Copies should not be distributed unless there is a business need to do so; and the recipient of a document should not further distribute it unless there is a business need to do so.  It is also important for employees to understand how the distributed materials will be used and disposed of.

Mailing of Paper Documents via Campus Mail or External Carrier

This action includes mailing paper documents via Purdue Campus Mail and via an external carrier such as the United States Postal Service or FedEx.  This handling requirement assumes a valid business need for the mailing of paper-based documents. 

Fax Paper Documents

This action covers sending and receiving faxed documents.  When sending faxed documents, documents may either be sent directly from their electronic form, or more traditionally, by sending a paper document through a fax machine.  This handling requirement applies to both types of fax transmission, but is primarily used to indicate sending faxes in the traditional, paper-based, manner. This handling requirement assumes a valid business need for sending or receiving a faxed document.  

When receiving faxed documents:  Unattended faxing is allowed for Sensitive and Restricted data so long as controls are in place to prevent unauthorized viewing or pick-up of the printouts.  Follow the handling requirements for “Print Hard Copy of Electronic Information.” 

When sending a fax containing Sensitive or Restricted data, the Data Custodian should contact the recipient to ensure that the fax machine receiving the data is secured using appropriate access controls, or that the recipient will promptly pick up the fax printout.    

Labeling Paper Documents

This action covers labeling of paper documents. Some areas may choose to label their documents in order to ensure appropriate handling within that Purdue area. 

Disposal of Printed Documents

To destroy a document means to physically destroy it beyond any ability to recover the data on the document.  Shredding a document is an appropriate destruction method.   The use of the University “Confidential Recycling Program” (aka “Blue Barrels”) is acceptable for disposal of all classifications of paper-based information. Information regarding this program can be found at: http://www.purdue.edu/buildings_grounds/recycling/recyclable.htm (see “Confidential Document Destruction”)