You may have seen the television show Hoarders and thought, “How could anyone get to that point of hoarding? Why can’t they see the damage they are doing by keeping all of that stuff!?” You may even be sitting on your couch watching as you “clean” out your work in-box by putting everything in Saved.
It is time to look through that Saved box and (please say you are not still printing everything) your paper files and your organization’s overall file retention practices to avoid the risks of file hoarding.
Budget Buster
If you maintain paper files, you are either renting floor space in your office or at a third-party storage facility for file cabinets and/or boxes. In addition to the rental piece of the third-party storage, there are service fees associated with file retrieval, refiling, and transport.
When paper file boxes are loaded up to be moved offsite, it is easy to understand the cost associated with packing up, transporting and storing that pallet of boxes. There are also costs associated with electronic storage. The cloud is not a magical place: it is a bunch of energy consuming servers sitting in a building somewhere in the world being serviced by skilled experts.
Companies allocate about 5% of their IT budget to storage and backup. Some studies show that companies’ data storage is increasing 35% per year. Are you willing to increase your CIO’s budget for hoarders?
Privacy Law Violation
Data hack! Our data is at risk every day from hackers. Why put even more data at risk? Moreover, why put even more data at risk that you were required under law to have destroyed?
The European Union’s General Data Protection Regulation (GDPR) which applies to certain U.S. organizations does not have a set data destruction period. However, the GDPR does require that the organization document and justify the retention period it has established for retaining covered data.
Audit Examination & Litigation Discovery Trove
When your organization retains documents beyond the statutory or regulatory retention deadline, you are giving government regulators and plaintiffs an opportunity to find more potential problems in the organization. You may have corrected the historic problem or fired the offending employee but the 10-year old document still exists. It may have to be turned over during a regulatory examination or litigation discovery.
Record Retention – How Long?
Because I am a lawyer, I will give the standard lawyer answer: It depends. The general answer is that you should look to the longest period of regulations relevant to your business or your customer’s business. Retention rules vary by regulatory agency, state and country. One retention period that cuts across all industries is 6 years. This is the retention time required by the U.S. Internal Revenue Service (IRS).
It is critical to have a communication plan in place for litigation. If your organization becomes subject to litigation, investigation or subpoena, you must notify relevant employees immediately to ensure documents are not destroyed even if a document has been saved beyond the normal retention period. There may be significant criminal or civil penalties even if the destruction of documents was inadvertent.
Policies & Procedures
Document retention or destruction decisions cannot be convenient ones – a document purge the day before a regulatory examination may land someone in jail. Organization-wide written policies and procedures must be put in place.
Even if you are not in a large organization, you should educate yourself on these basic points as the first step to establishing document retention policies and procedures:
Paper v electronic files
Scanning
Retrieval capability
Security
Contingency planning for someone else to access files
Data breach incident response plan
File disposal procedures
Documents and electronic media
Shred, permanently erase, or otherwise destroy so that the information cannot be reconstructed
Shred / purge at end of each year
Internal certification / log
Some devices may save electronic copies of documents
Scanners, photocopiers, fax machines
Ensure any stored information is erased before the device is removed from office
Document management software
For those in larger organizations, it may make sense to obtain outside assistance in establishing new or updating existing policies and procedures.
For assistance, please contact me via my contact page or at elizabeth@elizabethmcmorrowlaw.com.