Businesses in all industries have records that they use in the daily course of operations, especially in today’s age of automation. With more documents being created and stored every day, it’s important to have some sort of system, practice or policy in place to manage those documents. This is particularly true if you operate in one of the more heavily regulated industries such as healthcare.
When it comes to putting together a document retention policy, there are six key steps that a business needs to go through. As there is no one-size-fits-all, you have to tailor these policies to each individual business.
STEP 1: Identify Types of Records & Media
The first key step is to identify the documents that you have and the media in which they’re stored. Documents don’t include just original documents but also reproductions and copies of documents, which could have the same effect and force at law. It also would include documents that are stored in electronic format. Even documents that are in an email or stored electronically can have the same effectiveness as an original signed document.
STEP 2: Identify Business Needs for Records & Appropriate Retention Periods
Once you’ve identified the universe of documents used in your business and the media in which you store them, the second step is to identify the business needs for those documents and setting a retention period for those documents. A lot of times the document retention period is going to be dictated by some provision of federal or state law. This is particularly true in the the following fields, where department of labor standards will have set periods of time for documents:
- Human Resources
Sometimes the federal and state law will require documents be maintained but won’t actually dictate any particular time period for retention. Regardless of whether federal or state law dictates a specific period of time for retention, at a minimum the business should always retain a document for as long as it has an internal business need for that document – whether it’s to prove up its position in dispute or to be able to prove the terms of its contract.
STEP 3: Addressing Creation, Distribution, Storage & Retrieval of Documents
A document retention policy should address the creation, the distribution, the storage and the retrieval of documents within the organization. The reason you want to document these aspects of the documents life cycle is to make the process easier down the road when you have to pull these documents out in response to a request for production in a government investigation or a lawsuit. Knowing where the documents are and understanding the circumstances under which you have to produce them, are all things that you should think about in advance. While it’s important to think about what other businesses in your industry are doing, what’s most important is what you’re able to implement. There is no one-size-fits-all – every policy really does need to be tailored to the organization. Think about what your software capacities are, your hardware capacities are and your organizational capacities and make sure that you can put something together that you can actually implement.
STEP 4: Destruction of Documents
While we call these document retention policies, the fact is, destruction is a perfectly acceptable stage in a document’s life cycle. A business can destroy a document so long as it has no further business need for it and is under no legal obligation to retain it. These obligations could include:
- Statutory or regulatory retention period
- Active litigation
- Ongoing government investigation or audit
- Threatened or imminent lawsuit
If a business destroys a document while it’s under a legal obligation to retain it, it opens itself up to a claim of “spoliation of evidence”. This is essentially a separate claim that the business has destroyed evidence and can expose it to penalties and sanctions, including, most significantly, what’s known as an “adverse inference”. Essentially a judge could instruct a jury that the jury may infer that the document destroyed says precisely what you were afraid it might say. In order to avoid any question as to motive for document destruction, a document retention policy should set forth the conditions for when and how a document will be destroyed. This might even include automatic destruction of documents or automatic deletion of electronic information after some set period of time, consistent with a document retention schedule. Whatever document destruction policy a company decides to implement, whether it’s automatic deletion or scheduled deletion, it needs to have some process in place where it can suspend that destruction, in the event that litigation or investigation or an audit were to commence. This is known as a “litigation hold”. Essentially you’re stopping the presses and you’re freezing the relevant information in place so that there can be no claim that there was any improper motive or any improper destruction.
STEP 5: Documentation & Implementation
Once an organization has determined what its policies and procedures should be, with respect to the storage and handling and even destruction in its documents, it needs to document these policies and procedures so they can be implemented. The documentation doesn’t have to be lengthy but it does need to be clear. More importantly, it needs to be followed and implemented as written. Having a written document retention policy that you don’t follow as written can be just as problematic as having no policy at all and could even be worse. Your actual practice is always going to trump what’s in writing and if you’re not following what you put in writing, it will always give rise to a question as to whether or not you were ever following the policy in the first place.
STEP 6: Ongoing Management
Document retention policies are always going to be evolving, just like the law and just like your business. Someone within the organization needs to review the document retention policy periodically to make sure that the retention periods are still appropriate in light of current legal standards and your current business needs.
Adam Tutaj is a shareholder at Meissner Tierney Fisher & Nichols S.C., where he practices in the areas of corporate tax and healthcare law.