Document retention periods and best practices

What is a retention period?

A retention period is the amount of time an organization keeps records and documents for legal, tax, financial, administrative or historical purposes. After the time span has been reached, the records and documents can be destroyed.

Record management polices exist to ensure organizations maintain best practices for the retention of documents in an efficient and legally complaint manner.

Retention schedules are documents that list the name of each record or document, its associated retention period and any applicable disposal instructions. But creating and maintaining an effective document retention schedule can be tricky if you don't know where to start.

It pays to understand the basics of document retention scheduling so information governance (IG) professionals can make sure their organization is compliant with all applicable laws and regulations.

Why is a good document retention policy important?

Document retention promotes transparency and accountability within an organization. This information can be crucial in the event of an audit, litigation or even sudden changes in a company’s structure.

Yet, documentation kept indefinitely adds to unnecessary clutter and increases the risks of mismanagement.

> Read more | Why fast-paced enterprises need secure file sharing

Government bodies, for instance, generate and receive a vast volume of documents — many of which contain the personal data of their constituents. Not having a well-defined retention policy (or one that is widely ignored), government institutions are at risks of:

• Non-compliance: Violating legal and regulatory requirements could result in hefty fines or reputational damage — especially if they are involved in lawsuits or investigations that rely on documented evidence to defend their position.
• A total lack of accountability: Inconsistent document retention compromises a government’s ability to respond to public inquiries, or Freedom of Information Act (FOIA) requests and can no longer be transparent to its constituents.
• Compromised decision-making: Inconsistencies in preserving documents could result in researchers, analysts and policymakers not being able to utilize historical data and make evidence-backed decisions.

What does an effective retention policy look like?

Let’s take, for instance, an effective document retention policy for a hospital.

Records related to patient health information (PHI) should be kept securely in accordance with the Health Insurance Portability and Accountability Act (HIPAA). For a hospital, the conversation about effective document retention policies could start with:

• Categorizing and classifying documents based on their sensitivity. Dividing documents into descending importance (category A for test results and treatment plans; category B for contract information and staff records, etc.).
• Specifying retention periods based on document category. How many years should medical records be retained? What about employee records and general correspondence?
• Outlining disposal procedures. Clearly define the protocols for document destruction. This may involve shredding physical documents, ensuring secure deletion methods for electronic files and maintaining document destruction logs to track the disposal process.
  
  

> Learn more | Why do leading healthcare organizations choose Hyland?

What documents should be retained?

Retention policies for records specify which documents an organization needs to keep. These policies can vary based on the organization's industry and location, resulting in different document types being stored for different durations.

For instance, while financial documents are commonly kept for seven years, some places might have unique rules, and the retention policy should accommodate these variations.

Financial statements and tax records

Documentation involved: Tax-related documentation such as tax returns, income statements, invoice, expense records, as well as financial documentation ranging from general ledgers to payroll records.

Why this needs retention: Keeping a comprehensive trail of financial and accounting records ensures that your organization is in compliance with tax regulations, auditing requirements and industry-specific laws. Internally, this would also serve as a way for the business to make data-driven decisions based on historical analysis of financial activities and past performance.

Contracts and agreements

Documentation involved: Legal documents with third-party sources that highlight contractual obligations.

Why this needs retention: In the event of disputes, businesses should always have this on hand to support any legal or arbitration efforts, as well as to refer to the conditions agreed upon between the business and its clients, vendors or partners.

HR and employment records

Documentation involved: Everything from employment contracts (compensation, job responsibilities, etc.) to health insurance enrollment forms.

Why this needs retention: Employee records start with facilitating effective day-to-day HR management and end with protecting the rights and interests of both the company and the employees in lieu of fair labor and employment laws.

Intellectual property (IP) documentation

Documentation involved: Think patents, trademarks and copyrights.

Why this needs retention: These documents serve as evidence of ownership and registration. IP documents allow companies to support trademark submissions, defend their intellectual property, enforce licensing agreements and prevent infringement.

Customer and sales records

Documentation involved: Customer records, sales invoices, purchase orders and communication logs.

Why this needs retention: Companies that retain these documents store a treasure trove of valuable insights. This data holds the key to optimizing marketing strategies and delivering personalized experiences through customer preference analysis and a deep dive into trends that help organizations build long-lasting customer relationships.

Marketing and advertising materials

Documentation involved: Marketing collaterals include digital assets such as promotional materials and customer communications.

Why this needs retention: Marketing documents are the creative backbone of a company's brand identity. Storing past collaterals can help marketers assess campaign effectiveness, maintain brand consistency across channels and even address any potential legal or regulatory issues related to marketing claims.

How long should documents be retained?

* The following time frames are examples of common retention periods. However, retention requirements vary across industries, countries and municipalities. Consult your regulatory agencies for specific retention requirements.

Various records (be it business transactions, contracts, legal documents, financial statements, etc.) have their own individual retention times. This is especially true in the US, where there are multiple federal, state and local laws that must be adhered to, as well as industry guidelines.

Several categories of records along with their retention guidelines include:

Accounting records

Personnel records

Corporate and general business records

Insurance records

Employee benefit and pension records

Property management records

What types of things determine document retention periods?

There are a number of factors that determine how long a document should be retained. Key factors include:

1. Legal obligations

Legal requirements at the federal, state and local level often dictate document retention periods. This includes statutes of limitations for both civil and criminal actions, which can vary significantly between jurisdictions.

2. Potential uses of documents

Consideration must be given to the potential future uses of documents. These could range from supporting or refuting legal claims, backing tax deductions, providing rationale behind business decisions, to preparing businesses for potential growth or expansion.

3. Reproduction policies

Policies on document reproduction play a key role in determining retention duration. This involves considerations around disposal of extra copies and the handling of electronic versions. Destruction of some but not all versions could lead to legal complications.

4. Litigation suspension

In cases of pending or probable litigation, document destruction must be suspended, even if it aligns with the established document retention policy (DRP).

Best practices for document retention

Here are several ways organizations can hit the ground running with document retention:

1. Appoint a document retention professional to take ownership

Appointing a records management professional (or a team of information governance pros) means you’ll always have someone on top of regulatory requirements specific to your industry — instead of relying on “broad strokes” document schedules and data governance.

You’ll rely on this process owner to:

• Identify high-risk departments not properly monitoring document lifecycles
• Ensure buy-in from all key department heads
• Kickstart employee awareness programs to drive home compliance as a shared responsibility

2. Determine the needs of the organization

Assess specific operational needs and objectives regarding document retention. The document retention process owner or teams in charge should dig deep by asking questions like:

• Do we have a data classification system in place to differentiate between different types of data and their corresponding retention periods?
• What legal requirements are we subject to? Consider industry regulations for energy, pharma, financial services, insurance, HR, accounting, etc.
• Are there any contractual obligations or agreements with clients, partners or vendors that dictate data retention periods?
• Do we have a data management or governance framework in place? Have we considered factors such as data access controls, data encryption and data disposal processes as part of our data retention strategy?
• Do we have systems or technologies in place to effectively manage and track data retention, including the ability to retrieve and securely dispose of data when it is no longer needed?
• How often will we review and update our data retention policies to adapt to changing regulations, industry standards or business needs?

3. Collect data retention requirement feedback from all departments

Greater buy-in demands proactivity. If a specific department is lagging, your process owner should be responsible for getting to the root of low adoption. Is the current document management software too complex? Is the scope not well-defined enough — and no one understands why this should be their responsibility? Are they using informal workarounds and disparate drives to store documents?

Consult with stakeholders from different areas of the organization to understand their specific data retention requirements. Each department may have unique needs based on its workflows, legal obligations and information dependencies.

4. Invest in a robust retention and records management solution

Harnessing a content services management platform ensures the efficient and secure information governance of documents throughout their lifecycle.

By leveraging features like automated categorization, metadata tagging, document identification, multipolicy handling, version control and access controls — businesses can easily organize, track and retain documents in a centralized repository.

These policies determine the appropriate retention periods of documents, ensuring compliance with legal and regulatory requirements.

5. Ensure consistent (and necessary) data backups

Implement reliable and regular data backup procedures to ensure the availability and recoverability of records. Backups should be securely stored, tested for integrity and aligned with the organization's data retention policies.

Keep in mind that retaining records unnecessarily can create risks that manifest themselves in the form of data breaches or manual errors. Adhere to the set retention periods so you can strike a balance between retaining important data and securely disposing of unnecessary information once it is no longer required.

6. Make use of automation

Automation greatly improves records retention. It can be difficult to handle the amount of data an organization of any size generates and must retain. Organizing and storing this information can distract from core tasks. Additionally, complex regulations can lead to noncompliance risks.

Automation tools, such as intelligent document processing (IDP), artificial intelligence (AI), robotic process automation, business process services and optical character recognition, can all contribute to faster, more accurate and automated processes.

Business rules ensure that retention rules are assigned, as appropriate, when documents are scanned or uploaded or when new documents reach their final form. This specialized automating manages the accurate retention and purging of data, considering different retention periods for various documents, such as HR records or contracts.

Leading automated governance solutions provide flexibility, allowing policies to be defined by factors such as document type or location. Automated archival or deletion after the retention period has ended is also featured in leading solutions. With automation, records management becomes less cumbersome and less risky, all while freeing up businesses to focus on growth.

> Read an automation case study | Real estate development firm sees $1 million return on AP automation investment