Just about every company has its pack rats who keep every scrap of paper or electronic document that comes past them as well as other employees who can’t wait to get rid of what they consider clutter in their files or on their computers.
As an owner, and ultimately one of the most liable persons in your organization, you need to find a balance between these two approaches to document management and retention. And there is no doubt that your business must have a document management policy and system — not only to enhance efficiency and productivity, but also to meet legal and regulatory requirements (see right-hand box).
Efficient document management involves having a well-written, strong and clear policy as well as a computer system (or in some cases several systems) that can index information for easy retrieval and allow for varying levels of security in accessing the documents.
The level of sophistication your business requires depends on the nature of your organization, the industry it is in and the state and/or federal agencies and legislation that may regulate it.
With that in mind, the first steps to take are to consult with your attorney, accountant, human resources managers and other professionals for advice on what documents you must keep, how long you should retain them and what documents you can destroy.
To help understand the importance of a document system, consider the manager who needs all the available information about a customer who is threatening to go to a competitor. Without a document management system in place, that manager may spend valuable time tracking down documents held individually by an account manager, a customer service representative, a salesperson, a personal assistant and others who have had dealings with the customer.
With a document management system, all the required information is stored centrally. Changes to documents are instantly made and saved, with the time, date and name of the person who accessed them and made the alterations. Most importantly, perhaps, there is only one up-to-date version of each document.
Moreover, the files can be indexed to such a degree that it becomes simple to find the information needed for a particular project, such as filing tax returns, conducting audits or finding other documents during the discovery process of a lawsuit.
Here are 10 steps to follow that will help set up a workable policy that you can then bring to a software vendor or build in house. Be sure to document everything – the steps taken, the policy, how it was implemented and how it is enforced. That documentation could become important in the event of litigation or requests from regulatory agencies.
1. Review all bits of information from the top down to determine what information is available, whether it is stored electronically or on paper and whether it is on individual PC hard drives or on your organization’s computer network. Be sure to include any information that remote employees are storing.
2. List the data in categories such as historical and current; temporary and permanent; clients, customers and vendors; full-time and part-time employees; contractors; finance; business strategies; intellectual property; e-mails; legal or regulatory requirements and so on.
3. Decide what data you need to retain, how you want it organized, what information should be encrypted and what security measures you want to install to protect the information and limit access to it.
4. Identify who will have access to specific information. Some information will likely be available to most employees on a read-only basis. Other data may be accessed only by certain employees with read and write privileges. Still other information may be limited to a select group who will need special passwords and encryption software.
5. Keep documents with different retention periods separate if possible. This not only reduces the cost of long-term storage, but also helps avoid the inadvertent destruction of a document before its scheduled time as well as potential legal charges of failing to follow retention regulations.
6. When documents with different destruction schedules must be combined in one file, be sure the file is kept for as long as the document with the longest required retention is needed.
7. Create schedules and methods for maintenance, archiving and destruction. Individual divisions or managers may be allowed discretion to set their own retention policies provided they are approved by your legal counsel or an individual designated to oversee policy compliance.
8. Consider setting up centralized controls and systematic enforcement. It is critical that all employees be monitored to ensure they follow the policy.
9. Provide a clear, documented rationale for each section of your policy. Legal storage requirements are likely to change from time to time, so you will need to review the policy periodically to ensure that it is up to date. When changes are made, be sure to document them.
10. Ensure that all employees, contractors and vendors understand the policy and that they sign off on it and any updates.
Remember: All the computers in your organization contain information that needs to be covered by the document management policy. This includes data files, word processing files, e-mails and image files.
Legal Retention Requirements
E-discovery is often associated with legal proceedings, such as retrieving electronic documents as part of litigation. But it may also include requests from federal and state regulatory agencies.
Every federal agency has its own requirements for document retention. For example, the federal Department of Health and Human Services requires that proof of citizenship and work visas be kept for three years after employment begins and one year after termination.
In addition, various federal laws impose regulations on document management. Some of the more common laws include:
- The Sarbanes-Oxley Act, which requires accountants of public companies to maintain certain corporate audits and reviews for five years from the end of the fiscal period during which the audit or review was concluded.
- The Fair Labor Standards Act, which requires three years of payroll records and two years of employment and earnings records.
- The Age Discrimination in Employment Act, which requires that records be kept for three years.
- The Family and Medical Leave Act, which requires that records be retained for three years and that medical records be kept separate from personnel files.
In 2006, the United States Supreme Court amended the Federal Rules of Civil Procedure to require that electronic documents used in federal court proceedings be treated the same as paper documents. The rules govern how federal courts deal with discovery requests in civil proceedings. The changes affect state and local cases, as those courts often follow federal court practices.
Some documents should, for all intents and purposes, never be destroyed. For example, information related to the formation and maintenance of a corporation, partnership, LLC or other entity through which you do business.
Your articles of incorporation or organization, informal actions, meeting minutes, stock ledgers and transfer documents should be kept indefinitely, as should documents relating to trade secrets.