What is a document retention policy and how can it help protect your business?

Your file cabinets are full or already overflowing. If you have a paperless office, your digital folders are rapidly running out of space.

Storing old files gets expensive. It also exposes your business to legal liability.

How do you manage the ever-growing mountain of documents that pile up as you grow your business?

To combat the cost and risk associated with keeping old files forever, create and follow a document retention policy.

What is a document retention policy?

A document retention policy lays the ground rules for how your company will manage documents and records from creation to destruction.

This includes both physical and digital records like:

• Emails
• Invoices
• Contracts
• Tax returns
• Purchase orders
• Operating agreement
• Corporate documents and bylaws

But, you should include less obvious records as well:

• Voicemails
• Meeting notes
• Social media posts

Collectively, these become your company’s business memory. Moreover, federal and state laws require you to retain certain records for various time periods. Creating storage requirements and lengths of retention helps your business stay organized and cut costs.

Data audit

Building a document retention policy starts with conducting a data audit to uncover the points in your business where records are created and stored. The process looks at your digital footprint as well as the physical environment where records live.

From a digital perspective, you will examine your communications platforms: email, shared folders, workstations, voice mail, mobile devices, etc. From a physical perspective, you will examine mail rooms, employee files, notes, corporate records, file cabinets, and more.

Once identified, label these various areas of your business by their function and character.

Function describes how data is organized. Often, data is segmented by department and a functional description might be:

• Sales
• Legal
• Facilities
• Accounting
• Human Resources
• Product Management

Character describes the nature of the documents and records. Some records will exist in multiple forms. Once you identify character, you can eliminate redundant records and better organize the documents you create.

Here is an example of how the character of various records might be identified in a data audit:

• Corporate records: administrative filing cabinets (physical), executive shared folder (digital), corporate secretary filing cabinet (physical), corporate secretary computer (digital)
• Purchase orders: ERP/ordering system (digital), sales rep email (digital), sales rep file drawer (physical)
• Employee files: Human Resources filing cabinets (physical), HR Manager computer (digital), HR shared folder (digital)

The above example illustrates how easily your business creates redundant records without realizing it.

Document retention policy creation

With your data audit complete, you can intelligently create rules for the future.

Start with legal requirements. Different laws require you to retain certain documents for specified time periods. Here’s a quick overview for U.S. businesses:

• Tax documentation (seven years)
• Export documentation (five years)
• Retirement plans (four years)
• Background checks (five years)
• Employee payment records (three years)
• Contracts (seven years from expiration)
• Corporate records (permanent)

International jurisdictions also vary and you should always consult local rules and experts for specifics.

Do you hold on to important documents forever, because it seems like the right thing to do? Do you have twenty-year-old tax returns? Any employee files from the 90s?

Although these documents are important, holding them for too long can expose your business to unnecessary risk.

For instance, you are only required to retain export-related records for five years from the date of export. However, if the Commerce Department investigates your business’ export practices, it will review records as far back as you retain them and can apply penalties as far back as your records show noncompliance.

It’s necessary to retain documents for their legally required time periods, but it’s also important to purge documents that you are no longer required to keep on file.

In addition to standard legal requirements, you need “litigation hold” policies as exceptions to your standard document retention policy.

A litigation hold applies when your business becomes part of a legal claim or you have reason to believe that it may become part of a legal claim. At that point, you must retain all documents that could be evidence to the claim.

Consider an example.

If a recently terminated employee files a lawsuit against your business for wrongful termination, anything related to the former employee’s employment—including any related policies—needs to be retained.

You must retain handbooks, the employee’s file, manager’s notes, employee’s email, and related data, without limitation, until the legal matter is resolved. If your standard policy is to delete former employees’ email mailboxes ten days after termination, you will need to exempt this former employee’s email from that policy for litigation hold purposes.

Your policy should also help achieve your own organizational and cost goals.

For instance, there is no retention period specifically tied to email. But companies take different approaches to email retention depending on the nature of their business, employee roles, and cost.

A common approach is to clear out employee email boxes every ninety days. Many companies grant exceptions for certain departments and executives, but the goal is to keep employees saving what’s important in shared long-term folders while deleting what is unnecessary.

This saves storage space and keeps employees responsible for maintaining an organized business memory.

How do you implement a document retention policy?

Implementation started with your data audit and policy creation. Once you have the data identified and ground rules moving forward, it’s time to purge.

First, get rid of redundant documents. Unless you require a backup copy of a specific document, delete or trash redundant documents. This will start clearing up free space digitally and physically.

After that, delete or trash everything that the policy doesn’t require you to keep.

Contracts expired more than seven years ago? Get rid of them. Decade-old background checks? Destroy them.

This is not an exercise that you can accomplish with a few employees. Everyone must participate.

Second, build in automation processes. For example, most email clients allow you to auto-delete emails at set intervals. Do the same for shared folders on your network. Also, set up standard purge dates for your mail departments and physical filing systems.

Prepare yourself for employee pushback. Employees have their own personal system of organization and their own reasons for hoarding documents.

Accept and consider their feedback while you create your policy. Their insights are valuable, and they represent an important part of your business memory. But, once the policy is created, execute and enforce the policy without exception.

Follow your own rules

If you aren’t willing to implement and enforce a document retention policy, don’t create one. Unfollowed policies frustrate business goals, and expose you to unnecessary risk.

However, if you take the time to evaluate your business needs and legal requirements, a document retention policy improves organization, boosts cost efficiency, and increases legal compliance.

With a quality policy in place, your business will reap benefits as you and your employees deploy the policy as part of everyday procedures.