ARTICLE
10 October 2022

Six Key Steps To Developing A Record Retention Policy

MT
Meissner Tierney Fisher & Nichols

Contributor

Meissner Tierney Fisher & Nichols logo
Meissner Tierney Fisher & Nichols s.c. has an exceptional history of providing high-quality legal services for over 170 years. With a sophisticated practice committed to careful and effective legal representation across a broad spectrum of clients, we maintain a reputation for both competence and integrity. The firm represents its clients in a wide variety of matters, ranging from the challenges of a start-up enterprise to the opportunities and pitfalls businesses encounter, and ultimately to smooth succession. We provide clients with critical advice and judgment to help them make sound business decisions to protect and grow their companies.
Explore Firm Details
Businesses in all industries have records that they use in the daily course of operations, especially in today's age of automation. With more documents being created and stored every day,...
United States Corporate/Commercial Law
Adam J. Tutaj

Businesses in all industries have records that they use in the daily course of operations, especially in today's age of automation. With more documents being created and stored every day, it's important to have some sort of system, practice or policy in place to manage those documents. This is particularly true if you operate in one of the more heavily regulated industries such as healthcare.

When it comes to putting together a document retention policy, there are six key steps that a business needs to go through. As there is no one-size-fits-all, you have to tailor these policies to each individual business.

STEP 1: Identify Types of Records & Media

The first key step is to identify the documents that you have and the media in which they're stored. Documents don't include just original documents but also reproductions and copies of documents, which could have the same effect and force at law. It also would include documents that are stored in electronic format. Even documents that are in an email or stored electronically can have the same effectiveness as an original signed document.

STEP 2: Identify Business Needs for Records & Appropriate Retention Periods

Once you've identified the universe of documents used in your business and the media in which you store them, the second step is to identify the business needs for those documents and setting a retention period for those documents. A lot of times the document retention period is going to be dictated by some provision of federal or state law. This is particularly true in the the following fields, where department of labor standards will have set periods of time for documents:

  • Tax
  • Healthcare
  • Human Resources

Sometimes the federal and state law will require documents be maintained but won't actually dictate any particular time period for retention. Regardless of whether federal or state law dictates a specific period of time for retention, at a minimum the business should always retain a document for as long as it has an internal business need for that document – whether it's to prove up its position in dispute or to be able to prove the terms of its contract.

STEP 3: Addressing Creation, Distribution, Storage & Retrieval of Documents

A document retention policy should address the creation, the distribution, the storage and the retrieval of documents within the organization. The reason you want to document these aspects of the documents life cycle is to make the process easier down the road when you have to pull these documents out in response to a request for production in a government investigation or a lawsuit. Knowing where the documents are and understanding the circumstances under which you have to produce them, are all things that you should think about in advance. While it's important to think about what other businesses in your industry are doing, what's most important is what you're able to implement. There is no one-size-fits-all – every policy really does need to be tailored to the organization. Think about what your software capacities are, your hardware capacities are and your organizational capacities and make sure that you can put something together that you can actually implement.

STEP 4: Destruction of Documents

While we call these document retention policies, the fact is, destruction is a perfectly acceptable stage in a document's life cycle. A business can destroy a document so long as it has no further business need for it and is under no legal obligation to retain it. These obligations could include:

  • Statutory or regulatory retention period
  • Active litigation
  • Ongoing government investigation or audit
  • Threatened or imminent lawsuit

If a business destroys a document while it's under a legal obligation to retain it, it opens itself up to a claim of "spoliation of evidence". This is essentially a separate claim that the business has destroyed evidence and can expose it to penalties and sanctions, including, most significantly, what's known as an "adverse inference". Essentially a judge could instruct a jury that the jury may infer that the document destroyed says precisely what you were afraid it might say. In order to avoid any question as to motive for document destruction, a document retention policy should set forth the conditions for when and how a document will be destroyed. This might even include automatic destruction of documents or automatic deletion of electronic information after some set period of time, consistent with a document retention schedule. Whatever document destruction policy a company decides to implement, whether it's automatic deletion or scheduled deletion, it needs to have some process in place where it can suspend that destruction, in the event that litigation or investigation or an audit were to commence. This is known as a "litigation hold". Essentially you're stopping the presses and you're freezing the relevant information in place so that there can be no claim that there was any improper motive or any improper destruction.

STEP 5: Documentation & Implementation

Once an organization has determined what its policies and procedures should be, with respect to the storage and handling and even destruction in its documents, it needs to document these policies and procedures so they can be implemented. The documentation doesn't have to be lengthy but it does need to be clear. More importantly, it needs to be followed and implemented as written. Having a written document retention policy that you don't follow as written can be just as problematic as having no policy at all and could even be worse. Your actual practice is always going to trump what's in writing and if you're not following what you put in writing, it will always give rise to a question as to whether or not you were ever following the policy in the first place.

STEP 6: Ongoing Management

Document retention policies are always going to be evolving, just like the law and just like your business. Someone within the organization needs to review the document retention policy periodically to make sure that the retention periods are still appropriate in light of current legal standards and your current business needs.

Originally published 3 March 2016

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Adam J. Tutaj
Adam J. Tutaj
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More