Document Retention and How It Can Help Your Business
According to newly revised rules from the US government, document retention and a good document retention policy is essential. Document retention refers to the way that companies can retain, review and destroy documents possessed and created by the business.
What is a Document Retention Policy?
A document retention policy (DRP) establishes and lays out procedures for how company employees are to handle the company’s electronic and physical data all the way from creation to destruction. The policy may be in place to guard against potential legal disputes or government investigation. If such a dispute arises, having a DRP in place allows for a verifiable and trackable pathway for all parties involved, and can keep your company out of serious trouble. If it is found that documents relevant to a lawsuit or government action were destroyed, not having a policy in place can land your company in hot water.
A good DRP should have policies for physical and electronic storage of documentation. Physical storage includes rental or lease of storage space. Electronic storage might require hardware, software, power, and maintenance. Policies should have plans for disasters such as flooding or fire, both for physical and electronic documentation.
Why is a Document Retention Policy Important?
The National Association of Independent Businesses states that “if a litigant requests a document that you cannot provide because it has been destroyed, then a judge or jury may in some circumstances be permitted to conclude that the document contained information detrimental to your position.” Evidence of a clear and consistently enforced DRP will mitigate these fears, and will help convince the court to rule with more leniency.
Failing to follow a DRP (or failure to institute one at all) can end in fines and even imprisonment.
How Do You Build a Document Retention Policy?
When building a policy, the following steps might be utilized:
- Designate a point person or committee. Developing a plan is a substantial job, and something that can be overlooked if put on the plate of someone who already has a heavy workload. A policy needs time and expertise, and a person should be selected who can dedicate themselves to its implementation.
- Get the help of stakeholders. In many cases this will include the data managers or IT personnel who handle electronic records. Getting them on board will help the process go smoothly as they know better than anyone how their documentation is currently being stored and how it can be protected.
- Organize scope of the project. Once you have all the stakeholders on board, begin assessing where the documentation is coming from and who has ownership of it. Identify all essential physical and electronic documentation and assign a point person to each type, to investigate, and make recommendations back to the committee.
- Review the laws. This is essential, as knowing the laws is the entire point of the exercise. Find out how long each document needs to be maintained before it can be destroyed, and it what form it needs to be stored.
- Lay out a plan for storing all documents. Identify where everything needs to be stored, whether it be filing cabinets, storage lockers, hard drives, or elsewhere. Make sure that all documentation users know the proper place for such documentation is.
- Set guidelines for destruction of documents. Knowing the laws, now you can put into place a process to destroy documents when they are no longer mandated.
- Finally, train all employees in these processes.
What is the Legal Retention Period for Documents?
There are four types of retention periods for documents.
- Specific Requirement Stated. In the case of many documents, there will be a stated time period for which they need to be retained. This information can come from state and federal laws, and will apply to a certain subset of your documentation.
- Limitations of Action. Limitations of action are not records retention requirements, but are instead periods during which legal action or litigation is occurring and therefore standard destruction rules are to be extended. (For example, if a policy states that some type of record must be maintained for three years, but that record is currently being disputed in a legal action, it cannot be destroyed per usual.)
- No Retention Period Stated. A large number of documents are required by law to be maintained, but a specific time period is not stated. It is tricky to deal with these types of documents, as some lawyers or even judges will determine that they must be maintained indefinitely.
- No Records Maintenance or Retention Requirements Found After Research. In these cases, it is generally wise to set a DRP policy to retain these records for a set period of time, and careful documentation must be kept when and why destruction occurs.
Using Data Rooms for Document Retention
Document Retention Plans are often created to deal with legal issues, but even if your company is not facing a legal issue, a DRP is essential, and can be helped greatly by a Virtual Data Room. Managing a document is important, even if the client or stakeholder you’re sharing it with is completely trustworthy. That person’s computer may not be secure, and the downloaded copy of your document may not be destroyed in compliance with your DRP.
A virtual data room can complement your DRP by centralizing your document storage and access. Rather than sharing documents via email or Dropbox, you can use a virtual data room to share a view-only version. Rather than having multiple copies stores in multiple places, a single document stored in one place is essential.