Document Retention and Records Management Policy

Document Retention Policy

It’s necessary to retain documents for their legally required time periods, but it’s also important to purge documents that you are no longer required to keep on file. After creating a document retention policy program, implementation is critical to achieving results.

From time to time, the President may issue a notice, known as a “legal hold,” suspending the destruction of records due to pending, threatened, or otherwise reasonably foreseeable litigation, audits, government investigations, or similar proceedings. No records specified in any legal hold may be destroyed, even if the scheduled destruction date has passed, until the legal hold is withdrawn in writing by the President. A carefully conceived and well-implemented document retention policy has long been an important component of an effective corporate compliance program.

Inquiries about extant schedules can also be directed to the Records Management Division of the Department of General Services. Each office/department is in charge of implementing the processes and procedures outlined in these guidelines, as well as ongoing compliance. The office/department is authorized to modify these guidelines to ensure legal compliance and inclusion of appropriate record categories.

Document Retention Policies for Nonprofits

If a recently terminated employee files a lawsuit against your business for wrongful termination, anything related to the former employee’s employment—including any related policies—needs to be retained. Engage all organizations in document retention policy execution. One of the most important functions computers perform for modern day business is the storage of information, and virtually every organization or company regardless of its size uses computers to conduct business on a daily basis.

How long should you keep bank statements and canceled checks?

How long must a bank keep canceled checks / check records / copies of checks? Generally, if a bank does not return canceled checks to its customers, it must either retain the canceled checks, or a copy or reproduction of the checks, for five years.

Retention schedules outline the different types of records managed by your organization and how long they need to be kept. They will serve as a reference, but will need to be routinely updated as new documents get added, and old documents are redirected or discarded. Even if an organization retains all the data that’s legally required, the organization must be able to produce that data if it’s requested by auditors. Retaining only the minimally required volume of data makes it easier and less time-consuming to locate this data, thereby reducing the chances that an organization is fined for its inability to produce data that’s required to be retained. ➜ eSignature integrated workflows to automatically create user Vaults, in addition, to automatically depositing signed documents within Vaults reducing back-and-forth exchanges, while improving retention and accessibility. Importantly, our automated eSignature workflows automatically route and file signed documents in the correct file location they need to be stored, saving significant time, money, and compliance headaches.

A document retention policy can be challenging to develop and manage but is essential to creating compliance and operational efficiencies. Defensible disposition refers to the ability of an identified and applied retention period to effectively provide for the defense of the record, and its eventual destruction or accessioning when scrutinized within a court of law or by other review. Once your retention schedule has been approved, you may also transfer short-term, inactive records to the State Records Centerfor temporary storage. Once the State Archives has approved your retention schedule, you may request authorization to dispose of any records that have met their retention requirements. Note that you must obtain authorization before you dispose of any records. An appropriate records retention policy assures maintenance of records needed for ongoing operations. Conversely, records that are no longer useful should be discarded or archived to increase efficiency.

Your nonprofit may want to include a preamble to its policy, emphasizing the connection between a document retention policy and the fiduciary duty of the board of directors. This language is from the Minnesota Council of Nonprofits, Principles and Practices for Nonprofit Excellence. Document retention policies are one of several good governance policies that the IRS highlights on the IRS Form 990 by asking whether the filing nonprofit has adopted a written record retention policy. You must retain handbooks, the employee’s file, manager’s notes, employee’s email, and related data, without limitation, until the legal matter is resolved. If your standard policy is to delete former employees’ email mailboxes ten days after termination, you will need to exempt this former employee’s email from that policy for litigation hold purposes.

How to Create a Document Retention Policy

A DRP establishes and describes how company employees are expected to manage company electronic and physical data from creation through destruction. There are many reasons why a company should implement a document retention policy.

Prior to discovery, the lawyers of the two parties in a case usually have a meet and confer session or scheduling conference, where they agree on what ESI would be relevant, and the methods of identifying such ESI. The location of identified ESI is assessed to determine what needs to be preserved. ▪34% of U.S. companies investigated a suspected email leak of confidential or proprietary information in the last year. Because it is a popular email system, Microsoft has had to increase the features to support compliance within Exchange. The change has occurred gradually and Microsoft’s initial focus was to allow administrators to journal email traffic to an archive. The features in Exchange 2000 and 2003 are basic, but they are enough for ISVs to build sophisticated archive and retrieval systems, or indeed for companies to develop their own compliance system.

For example, consulting agreements frequently require the consultant to retain analyses and data prepared as part of the contract for a specified period of time. As a business owner, you likely have in storage various documents, such as tax returns, personnel records and bank statements. Unfortunately, there isn’t a steadfast retention rule that applies to all kinds of records, meaning you need to categorize your files and create a document retention policy . Organizations must determine the laws and regulations that govern their data retention requirements so those requirements can be incorporated into the data retention policy. Alternatively, it may be converted from one form to another (e.g. from paper to electronic), depending on the defined retention period per format. Information with historical value beyond its “usable value” may be accessioned to the custody of an archive organization for permanent or extended long-term preservation. A document retention policy that is not consistently enforced is not effective protection against allegations of bad-faith document destruction.

Records Retention

All employees who deal with such documents, such as those working in the human resources or finance departments, should be trained on these policies during onboarding. Once you know what types of records you have, it’s time to figure out how long to keep tax returns, statements and other documents.

  • Accordingly, a document retention policy should include a routine notification to employees to keep all original documents on the company’s servers and to delete all old copies of the files from their work or home computers.
  • And that’s not all — with powerful search functionality, role-based permissions and user authentication, a robust eDiscovery and litigation feature set and more, it’s easy to see why Intradyn is the archiving solution of choice for businesses across all industries.
  • Work with the organization’s HR or legal departments to establish a means of enforcing the policy.
  • ESI is usually accompanied by Metadata that is not found in paper documents and that can play an important part as evidence (e.g., the date and time a document was written could be useful in a copyright case).
  • The Financial Industry Regulatory Authority is IIROC’s counterpart in the United States.
  • We store far more messages than ever before in far more formats.

Some external agencies, such as the Payment Card Industry Security Standards Council , require businesses to keep documents for PCI compliance. Determine how to perform internal audits to ensure policy compliance. Determine who’ll be responsible for ensuring that data retention is being performed according to the policy. The policy must meet or exceed the requirements outlined in any regulations that apply to the organization. Identify the legal requirements upfront, as they’ll be the foundation of the policy.

VI. Confidential Records

Intuit does not endorse or approve these products and services, or the opinions of these corporations or organizations or individuals. Intuit accepts no responsibility for the accuracy, legality, or content on these sites. Employees have their own personal system of organization and their own reasons for hoarding documents. Although these documents are important, holding them for too long can expose your business to unnecessary risk.

Document Retention Policy

•Financial Loss—security and risk incidents can be expensive between the breach itself, the investigation, and remediation strategies put into place, and notification requirements specifically related to leaked data, etc. There have been circumstances where stock prices went down because of a Twitter Tweet. •Compliance Violations—disclosure of information or inappropriate communication of information that violates regulations set forth by federal and state laws and/or regulatory Document Retention Policy agencies. •SWOT Analysis—the process of evaluating the strengths, weaknesses, opportunities, and threats of a company’s particular security and/or risk management system. The internal preservation letter should also include an acknowledgment of where the custodian must indicate that he received, reviewed, understands, and fully intends to comply with the internal notification of a legal hold. The need for email systems to comply with legislation has existed for many years.

An organization might need data shifted to archives for future reference or for compliance. Archives are stored on cheaper storage media, so they reduce costs and the volume of primary data storage. The Financial Industry Regulatory Authority is IIROC’s counterpart in the United States. Like IIROC, FINRA is a non-governmental agency; as part of its general record-keeping and document retention requirements, FINRA’s Rule 4511 and 17a-4 require a 6-year retention period for records. FINRA is often the first step before reporting infractions to the SEC. In addition to creating and maintaining a documentation policy, organizations should have specific protocols that enable appropriate data reduction and elimination. Setting minimum retention periods reduces the risk of unauthorized or unwanted access to data.

What Are Some Data Retention Policy Examples?

One of the most important common law document retention obligations arises out of the doctrine of “spoliation,” which is the improper destruction of evidence relevant to a pending or reasonably foreseeable lawsuit or legal proceeding. “Spoliation” can result in severe sanctions being imposed on a party who improperly destroys documents in the face of information sufficient to place a reasonable person on notice that the documents could be relevant or discoverable in litigation.Contracts. Many contracts contain provisions requiring that certain materials be preserved for future use.

Decide the frequency with which the data retention policy should be reviewed and revised. Data becomes less relevant as it ages, and a data retention policy removes irrelevant data that’s no longer needed. Here’s how FutureVault is successfully helping institutions, firms, and advisors successfully meet document retention policies along with other compliance requirements. The best decision your firm can make when it comes to any document retention policy is moving forward with a system you don’t have to think about. At the end of the day, the best tool for your organization is one that’s both easy to use and reliable for you, your administrators, your advisors, and your clients. In North America, the financial services industry is regulated by several governing bodies, including the ones below along with their document retention compliance requirements.

If you already have a DRP in place, keep reading to be confident your policy considers all aspects a DRP should cover. If your firm has not developed a DRP, hopefully this top ten list will offer meaningful guidance. The following list addresses the life cycle elements of the various categories of information (creation, use, maintenance, retention, and disposal, as well as practical tips in developing, planning, and implementing this DRP. •Personal Reputation Loss—online postings may take on a personal nature, indicating specific traits of an individual or describing specific behavior of that individual that may be judged as negative by a company’s client base.


Update each policy on a regular basis and take care to communicate any changes made to your employees. Make sure you are aware of and understand all the regulations that apply to your business and any legal obligations before you get started. If you’re looking for more information about digital scanning, our Blog has dozens of articles that can give you insight into the methods and processes we use to convert our client’s material, as well as general information so you can feel more comfortable while you do your research. For microfilm and microfiche records that you need to keep but don’t want to deal with the hassle of physical rolls and microfilm hardware, our Digital ReeL archival microfilm scanning solution could be what you need. Take a look at our Digital ReeL microfilm conversion solution and see if this is an option for your retention needs.

Document Retention Policy

Explain plans to handle exceptions—e.g., special requests, legal holds. The images will accurately and completely reproduce all the information in the records being digitized. “University Activities” means any and all activities, operations, or undertakings, whether undertaken directly or indirectly, of the University or of any University Personnel in their capacity as University Personnel, including without limitation, any University programs, operations, and/or services. Drop Off Paper Shredding Drop off your confidential documents for secure shredding at a location close to you. One-Time Paper Shredding We’ll come to you and securely destroy your confidential information with a convenient, one-time service. Key records of the institution document its history and its character.

A document retention policy that sets forth protocols for record destruction can also provide coverage in the event of an audit or investigation, because the action was taken based on the organization’s established protocols. To the extent not prohibited by law or regulation, a Record in paper form may be digitally scanned, microfilmed or microfiched and substituted for an original paper document. The applicable retention period for a Record does not change when a properly substituted image of a Record is created. A Record’s mandatory minimum retention period is counted from the creation or receipt of the original Record, not the date on which the substitute image was created. University Personnel who believe that there should be other changes to Schedule 1 with respect to specific Records are encouraged to contact the OGC. Once you have inventoried your records, you will use the information you gathered to create the retention schedule.

Destruction of financial and personnel-related documents will be accomplished by shredding. The first step in developing a document retention policy is to distinguish between documents that are essential to the ongoing, legal and effective functioning of the company and those that are merely personal, nonbusiness and/or preliminary. A retention schedule is a key document for your agency’s records management program. It documents what records your agency creates and defines how long you need to retain them before you destroy them or transfer them to the State Archives. The most efficient and accountable way to manage UN business records – whether paper or digital- is to ensure you follow UN retention schedules.

For example, if a previously terminated contract is renewed, the retention period for the contract is recalculated to begin as of the date of the new termination date. Where a Record does not fall within Schedule 1, the applicable department head should designate in writing the extent to which Records in his/her department should be maintained, which designation is subject to the approval of his/her Dean or Vice President or designee. Residential Shredding Stay protected wherever you work, with Shred-it’s residential paper shredding services. University records that are not archived permanently will at some point be subject to disposal.

  • These are not all-encompassing document retention timelines, so be sure to do your own research to find out what guidelines your business or organization needs to follow.
  • 1Any document retention policy that is created should be followed consistently for every project.
  • Legal Managed Services is composed to deliver results on a global scale.
  • These are just a few of the federal laws related to document retention policies.
  • Laws pertaining to eDiscovery require digital evidence to be prepared and presented quickly when request for and in an acceptable manner.
  • For more information on the provisions outlined in SOX, please refer to our blog post on SOX compliance.
  • As a result, data has become a precious commodity to organizations across all industries, and a target for hackers.

These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers. The Association of Corporate Counsel is the world’s largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe. Here, the files are converted or saved in such image format to prevent alteration or contamination. The downside is some data cannot be viewed; for example, if the native format was Excel, formulas would not be available for review, only the output would be available in the image format.

So, how do organizations ensure their retention of documents is in accordance with the law? When a protected record’s age exceeds that of the applicable data retention policy, the record must be disposed of properly. Organizations aren’t required by law to dispose of old data, but it’s often in their best interest to do so. That’s why a good data retention policy is clear about the type of storage where retained data goes to optimize budget and space. Data continues to increase dramatically, not only in primary storage but in backup data and archives as well. Backup takes a particularly burdensome toll when the same data gets backed up.

Leave a Reply

Your email address will not be published.