Paperwork, record copies, emails—they’re all a part of the day-to-day operations for business. Some you may want to be keep for later reference, some you may want to toss aside after a few minutes, but despite this, businesses need to be conscious of record retention and the delicate balance between keeping documents too long, and keeping them for not long enough.
A double-edged sword, when businesses do comply with record retention regulations and laws and regularly maintain a policy to destroy documents once they pass their retention period, document retention serves as an insurance. Significant fines are avoided, while unneeded documents aren’t putting the company at risk.
To give an idea of just how dangerous failing to follow record retention guidelines can be, here’s a few examples of the lessons to be learned by organizations who found out the hard way:
Table of Contents
Not Retaining Records Long Enough
While some businesses on one hand may want to get rid of documents just for sake of saving space, and avoiding clutter, failing to retain necessary documents for their required period can jeopardize the company in the event of an legal or civil claims.
Early disposal of records can lead to serious financial penalties. Just ask banking giant Morgan Stanley, who was handed a bill for a $15 million fine after they failed to produce emails and electronic records to the SEC during several investigations.
Retaining Records for Too Long
On the flip side of failing to retain records for long enough and leaving the business at risk for legal penalties, some companies instead keep and archive any and everything for a “just in case” strategy.
Like early disposal of records however, keeping documents and files beyond their retention period can be equally comprising for companies. As Edward McNicholas, a partner at the Washington-based law firm Sidley Austin points out, “If you retain too long, it’s very expensive, you expose yourself to litigation risks, and you might be violating privacy rights.”
Furthermore, the growing number and cost of data breaches is another factor to consider—especially since the more documents being unnecessarily retained there are, the greater the likelihood that one will lead to a company wide breach.
Target and Yahoos’ breaches in the last several years are a poignant reminder of the financial impact breaches leave. From the direct costs of fines and legal penalties, to the indirect costs of a damaged company reputation in the public eye, failing to properly retain and regularly dispose records can lead to serious and potentially irreversible damage.
How to Ensure You’re Retaining Records Appropriately.
Different types of information and businesses are subject to different retention policies in accordance with applicable laws. For instance, publicly-traded large companies have retention policies governed by the SEC and its regulations such as the Sarbanes-Oxley Act.
For small medical practices, health clinics, and hospitals, there’s the HHS, which also comes with retention periods for PHI per HIPAA. From OSHA to the EEOC, there’s a wide-ranging list of record retention periods for individual documents and information.
Additionally, these laws are often changed and updated regularly—as with the accompanying fines they bring for noncompliance with retention laws, making it even more important companies carefully develop, maintain, and periodically audit their retention policies to keep their companies moving in the right direction, rather than being tied down by lawsuits and hefty fines.
For reference on applicable document retention periods and laws for your industry, find more information at:
- https://www.cpa.net/resources/retengde.pdf
- https://www.businessarchives.com/document-retention-requirements.asp
- https://www.irs.gov/businesses/small-businesses-self-employed/how-long-should-i-keep-records
- https://www.fdic.gov/regulations/laws/rul
- Ryan McHugh is the digital content specialist at Record Nations—a
lead generation provider in a range of industries including electronic
document management and record storage. Companies and
organizations he has previously written for include Sales Star
Networks as well as German-based DAA Deutsche Auftragsagentur
GmbH. Visit Ryan on LinkedIn to peruse his previous work.es/6500-2400.html
Ryan McHugh is the digital content specialist at Record Nations—a lead generation provider in a range of industries including electronic document management and record storage. Companies and organizations he has previously written for include Sales Star Networks as well as German-based DAA Deutsche Auftragsagentur GmbH. Visit Ryan on LinkedIn to peruse his previous work.
About Carson Derrow
