Guidelines for Record Retention

Every business needs to have a policy in place for record retention. A Shred Ahead offers guidelines for implementing this policy, which is essential for legal and regulatory as well as organizational purposes.

We have seen the importance of proper record retention over the past decade as courts have imposed sanctions and other penalties on companies for not preserving the appropriate documents, particularly when they relate to potential or pending investigations or litigation. That is why it is important for any business to institute a record retention policy, as well as a destruction policy.

The Arthur Andersen Case

One of the most notable court cases related to record retention (or in this case, destruction) was the 2002 case against one-time accounting giant Arthur Andersen. The firm was the auditor for the disgraced Enron natural oil company. In the face of an SEC investigation against Enron, the court found that Arthur Andersen “instructed its employees to destroy documents pursuant to its document retention policy.”

Andersen’s executives asserted that they simply instructed employees to follow the document retention policy that required final documents to be retained, but allowed drafts, notes, and correspondence related to those documents to be destroyed. In court, an Anderson executive acknowledged that the policy was in fact designed to keep information from potential litigants.

The U.S. Supreme Court ultimately overturned the Andersen conviction in 2005, finding that the jury instructions allowed jurors to convict the firm without proving that the employees knowingly broke the law. Nonetheless, the case certainly highlighted the importance of erring on the side of retaining too many records in the face of potential pending litigation or investigation, and the importance of internal communications as records.

A Shred Ahead has compiled a guide for record retention to help our customers determine what documents they need to keep and for how long before designating them for shredding. The entire document “Record Retention and Destruction: A Primer” is available at https://www.ashredahead.com/wp-content/uploads/2011/04/Shredding-Guide.save1.pdf . Below are a few basic guidelines.

What is Included in a Record Retention Policy?

It is essential to have a consistent and uniform record retention policy that is accessible to and understood by all appropriate employees. When we think of records, we think of paper documents, but in the 21st century, that is only a fraction of a company’s records. Records include memos, reports, contracts, customer and client data, and personnel information, as well as marketing materials, calendars and appointment books, whether on paper or electronic. So are e-mails, electronic documents, and content from both the company’s internet and intranet sites.

Establishing a Policy

Following is a brief list of the steps for establishing a retention policy. We address them in more detail in our guide.

  1. Inventory your records to determine what you have.
  2. Determine categories of records as they relate to federal, state, and local retention regulations.
  3. Develop retention schedules with the period of time that business records are stored. These should take into consideration operational, legal, fiscal, and historical value. As noted before, if a government investigation or litigation is a possibility, it is best to keep everything that could potentially be subpoenaed.
  4. Determine how and where the records are going to be stored to allow accessibility if needed, but also maintain safety and confidentiality.
  5. Make a schedule and procedures for destruction. This is where our shredding services in Atlanta and other cities throughout the South come in. We can help your company plan, implement, and manage all of your paper shredding. We can also handle the destruction of electronic files, tapes, product samples, and even uniforms. We offer compliance information on our website regarding some of the most common government regulations involving document privacy, retention, and destruction.
  6. A document retention policy should include procedures for suspending the policy for relevant information that could be required if there is any reason to anticipate litigation (either by or against your organization) or regulatory review.
  7. Once the policy is in place, ensure that the proper employees are trained and knowledgeable about the procedures, including how it relates to their own notes and e-mails. They should know where to locate procedural information, and there should be internal compliance and audit procedures in place to ensure that the policy is being followed.

    The Sarbanes-Oxley Compliance Journal advises that management “work with the IT and human resources departments to post the policies and a frequently asked questions brochure on the company’s Intranet site.” They also advise that all employees be made aware that “drafting documents thoughtlessly could put the company at risk during litigation and investigations.”