4.2.1 Active, Inactive, and Historical Records must be maintained in accordance with the Record Retention Schedule and this Policy. Expired Records must be destroyed in accordance with this Policy. The Specific record retention periods can be obtained from our Vice President, Legal Services. The CFO has the authority to extend the records retention period beyond those listed in the specific records retention periods.
4.2.2 The Record Retention Schedule designates the Records Custodian for each identified Altair Record.
4.2.3 If a record is not found under the Record Retention Schedule, it must be destroyed when no longer needed in the ordinary course of Altair business. However, if a team member believes a record not listed on the Record Retention schedule or an Altair Record should be retained beyond the time period specified on the Record Retention Schedule, the team member should not destroy the record without prior approval of Altair’s Vice President of Legal Services.
4.2.4 Historical records are of long-term value to document past events (e.g., purchase and sale agreement). This may arise from exceptional age and/or connection with some significant historical event or person associated with Altair. Historical Records are not listed in the Record Retention Schedule given the nature of its content and the events associated with the Historical Record (e.g., a letter or e-mail written memorializing an important event). Retaining these types of Historical Records is a responsibility shared by all Altair team members. Any team member who believes an Expired Record should be retained permanently for its historical value should consult Altair Archives. Records transferred to the Altair Archives may be restricted by the office of origin for up to 25 years. Longer restrictions may apply if required by federal, state, or local statute.
4.2.5 If a record fits within two categories, each having a different retention period, the longer period governs. In order to facilitate compliance with this Policy, all Record Retention Periods expiring during a calendar year may be extended to the last day of such calendar year. Thus, all Altair Records expiring during a calendar year should be destroyed as near as practicable to the last day of that calendar year.
4.3 Non-Altair Records
All Non-Altair Records (i.e., any communications not listed in the Record Retention Schedule, informal communications such as instant messaging or social media posts unless it contains an approval, direction to take or refrain from taking action or similar communications) should be immediately destroyed after use.
4.4 Copies of Altair Records
4.4.1 Departments and team members that are not the designated Records Custodian for an identified Altair Record are expected to only retain copies and drafts of such Altair Record to the extent necessary to conduct Altair business. Such Altair Departments and/or team members must destroy such copies/drafts once they are no longer needed to conduct Altair business unless subject to a Litigation Hold Notice.
4.4.2 The designated Records Custodian for an identified Altair Record should only retain originals of Inactive Records and destroy all copies and drafts.
4.5 Records Subject to CCPA, GDPR and other local regulations
Citizens of the EU and certain other countries, residents of California (and Virginia) have specific rights in their data including the right to have the records corrected and a corresponding right to be “forgotten” or “deleted.” Customers have the right to review their data and have errors corrected upon request.
4.5.1 Correction of simple errors (e.g., data entry errors including misspellings or incorrect initials, addresses, phone numbers, etc.) should be corrected immediately upon the customer’s request.
4.5.2 Errors in government records (e.g., a passport or driving license, court decree, etc.) request a copy of the supporting document and make the corresponding correction immediately on receipt.
4.5.3 A customer requesting to be “forgotten” or submitting a request to have their records deleted should be advised the employer will be notified (per contract requirements) and the data may still be retained for a period to facilitate audits and potential legal and other issues. Once the need to retain the data has passed, Altair will automatically and irretrievably destroy all data however, during the retention period, the data will remain confidential and protected.
4.6 Litigation Holds Notices
All Altair Records are subject to the litigation discovery policy. If there is any reason to believe that a claim may be asserted against Altair for which any Altair Records may be relevant, the records must not be destroyed without the prior approval of the Vice President, Legal Services.
4.7 Security – Confidential Information
Many Altair Records contain confidential information which is protected by Altair policies and procedures as well as, state and federal laws and regulations including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the Gramm-Leach-Bliley Act, and the Fair and Accurate Credit Transactions Act of 2003. This Policy shall be implemented in a manner consistent with all such policies, procedures, laws, and regulations, as those may be amended from time to time.
4.8 Records Management Responsibilities
Records management is the responsibility of all team members of Altair.
4.9 Altair Department Head.
The head of each Altair Department is responsible for:
4.9.1 Developing and maintaining practices and procedures that meet the specific requirements under this Section V and Section VI below.
4.9.2 Ensuring team members of the Department comply with this Policy.
4.9.3 Reporting any potential or actual non-compliance with this Policy to the Chief Executive Officer, President & Chief Operating Officer, Executive Vice President TMX Resources and Administration, Senior Vice President, Global Reporting and Compliance or Vice President, Legal Services.
4.9.4 Designating one or more Record Management Administrators (depending on organizational structure). Where a Department is small or has minimum records management obligations, the head of the Department may consider serving as the “Records Management Administrator[1];” where a Department is large or has complex records management obligations, the Department Head should consider designating more than one Record Management Administrator; and,
4.9.5 Designating an alternate Record Management Administrator in the event the current Records Management Administrator separates from Altair, changes departments or business units or is otherwise unavailable.
4.9.6 Where a Department serves as Records Custodian regarding an Altair Record, the Department is responsible for maintaining their designated Altair Record in compliance with the Record Retention Schedule.
4.10 Responsibilities of Records Management Administrator.
The Record Management Administrator must implement the Department’s established record management practices and procedures on a day-to-day basis. Specifically, the Records Management Administrator is responsible for coordinating retention, preservation, and destruction of Altair Records in accordance with this Policy and the Department’s records management practices and procedures; and Coordinating the Department’s efforts to comply and respond to any issued Litigation Hold Notice, internal or external investigations, court orders, or other requests for records in a timely fashion.
[1] An individual designated as having primary responsibility for ensuring compliance with this Policy for that group, department or business unit.
4.11 Responsibilities of Team members.
4.11.1 All team members are responsible for the Altair Records in their possession. Team members are responsible for reviewing the content of the records they use in conducting Altair business and complying with this policy.
4.11.2 The CTO Office is not responsible for determining whether an electronic record must be retained or destroyed in accordance with this policy.
4.11.3 Every team member is responsible for complying with this policy as well as the record management practices and procedures established by their Department. Failure to comply with this policy may result in disciplinary action (up to and including termination) and/or legal action. If a team member believes another Altair Member is violating this policy (e.g., destroying Altair Records required to be retained), such Altair team member should immediately contact the EVP, TMXR or report such incidents through the Altair team member’s supervisor.
4.12 Requirements for Department Record Management Practices and Procedures
A Department’s practices and procedures must cover all aspects of records management including maintaining, identifying, retrieving, preserving, and destroying Altair Records. Such practices must take into account business needs as well as legal and security requirements. In addition, such practices should allow for efficient access and retrieval of Altair Records.
4.12.1 Indexing System: Management of Active, Inactive and Archival Records
Departments shall implement and maintain a Department-wide centralized and/or uniform indexing system with which all team members of the Department must comply. The indexing system should be based on the nature of the Department’s business need. This will ensure efficient and streamlined accessibility, retrieval, and destruction. Thus, the same indexing system used for maintaining Active Records in the ordinary course of business should be followed for the centralized storage of Inactive Records.
4.12.2 Protection and Security of Confidential Information
Departments must implement practices that protect confidential information contained in Altair Records in accordance with relevant laws and Altair policies. Such protections must be applied in maintaining Active Records, the storage of Inactive and Archival Records, and the destruction of Expired Records. Thus, the level of security that applies to an Active Record must be maintained when such a record becomes an Inactive or Archival Record. See Section F below for further requirements for destroying such records.
4.12.3 Responding to Records Requests
Departments must implement practices that allow for efficient compliance and response to any Litigation Hold Notice, internal or external investigation, court order, or other requests for Altair Records in a timely fashion.
4.12.4 Physical Storage Facilities Practices
A Department’s storage facility practices must ensure the preservation of all Altair Records in their original condition while also ensuring efficient retrieval of such records. Departments should secure any physical storage facility to avoid unauthorized access (e.g., lock file cabinets in which customer files are kept). In addition, such facility and set up should protect such records from possible physical damage such as:
- Pest infestation
- Fire, smoke, or sprinkler damage
- Water damage (e.g., humidity, leaky pipes)
- Damage from magnets (e.g., digital data on magnetic storage media)
A comprehensive list of off-site storage facility requirements may be obtained from the Vice President, Legal Services. For off-site storage, Departments may only use an Altair-designated storage facility. For more information, contact Altair Procurement.
4.13 Retention Practices
Altair Records must be retained by the Records Custodian in the following manner:
4.13.1 Hardcopies must be retained in hardcopy form unless it is converted to electronic format in an Altair centrally managed system (e.g., AREV, GROW, etc.).
4.13.2 Electronic records, such as e-mails, pdfs, and other electronic documents that are not retained in an Altair centrally managed system (e.g., AREV, GROW, etc.) should be printed in hard copy form in a manner that preserves their original content and form.
4.13.3 Electronic records stored within an Altair centrally managed system (e.g., AREV, GROW, etc.) must comply with the requirements under Section VI.B and C above and other applicable Altair policies. The Records Custodian is responsible for contacting and consulting with the Vice President of Legal Services to ensure such compliance.
4.14 Destruction of Expired Records
If the Records Custodian believes that an Expired Record has historical value and should be retained permanently as a Historical Record, the Vice President of Legal Services should be consulted. Otherwise, the Records Custodian must destroy all other Expired Records in the following manner:
4.14.1 Hardcopy Destruction.
Expired Records in hardcopy form that do not contain confidential information should be recycled. Expired Records in hardcopy form that do contain confidential information should be shredded in a manner that renders them unreadable and that would prevent them from being reconstructed. Security of the Expired Records should be maintained until proper destruction is actually performed.
4.14.2 Electronic Records.
E-mails and other electronic documents (e.g., Word Documents, Excel, and PDFs) should be deleted.
4.14.2.1 The VP, Legal Services is responsible for contacting and consulting with the CTO Office to ensure that Expired Records contained in an Altair centrally managed system (e.g., AREV, GROW, etc.) are properly destroyed.
4.14.2.2 Devices or other media that store electronic records (e.g., jump drives, CDs, etc.) should be destroyed in a manner consistent with the Data Retention and Disposal Policy. The CTO Office and Altair’s designated off-site storage facility currently provide such services. Consult the CTO Office to arrange for such destruction.
4.15 Each data item that is stored is marked per data classification policy with the name of the record, the record type, the original owner of the data, the information classification, the data of storage, the required retention period, the planned date of destruction, and any special information (e.g., in relation to cryptographic keys).
4.16. Cryptographic keys, which are required for certain types of electronic messaging are retained as set out in our Information Security Policy
4.17 For all electronic storage media, Altair Global retains the means to access that data.
4.18 For all electronic storage media, Altair Global does not exceed 90% of the manufacturer’s recommended life.
4.19 The Vice President, Infrastructure Services is responsible for destroying data once it has reached the end of the retention period. Destruction must be completed within the calendar year but no more than 90 days of the planned retention period. Destruction is handled as follows:
4.20 Physical records are to be incinerated.
4.21 Electronic records are to be irretrievably erased based on current technology.
4.22 When records are scheduled to be destroyed, A Destruction Log must be completed. Once records are current, destruction may be done on an annual basis (e.g., year-end, fiscal year end, etc.)
