In the wake of the Enron collapse, many were jolted by stories of document shredding. The media recoiled, shareholders blanched, and lawyers began brushing off briefs on spoliation and destruction of evidence. The document destruction allegations lead businesses to reexamine what documents they keep and how long they keep them.
Individuals, businesses, and institutions all face the same issue: what should we keep, and how long should we keep it? The advent of electronic data compression and storage have eased, but not eliminated, this quandary. Document destruction in the immediate aftermath of a front-page financial collapse may raise eyebrows, but there are guidelines by which prudent people can safely and systematically purge dated documents.
Before you can decide what to keep and how long to keep it, first consider what kinds of documentation your business produces. Remember — “documentation” is more than paperwork; depending on your business, it may include computer disks, blueprints, CAD designs, spreadsheets, photographs, and, of course, e-mail. Consider what business purpose is served by keeping each of the kinds of documents that your business generates, receives, or uses. What do you continue to draw upon time and again? Once you know what kind of documents you use and how often you reuse them, you’ll be in a better position to decide how long to keep them.
While no single set of rules can automatically dictate what you keep and for how long, there are a number of bodies of law that, if applicable to one’s situation, will impact on the decision. The tax code is an obvious example, especially at this time of year when we can feel the icy breath of the tax man on our necks. Generally, an individual or business is subject to audit on a particular return for three years after the return is filed. At a minimum, then, keep all records necessary to explain or defend your tax return for at least three years. Most prefer to keep them even longer -- say, six years. Remember, too, that if the IRS charges fraud, there is no statute of limitations on how far back it can scrutinize.
Contract law suggests a minimum period for retention of materials that might be necessary to prosecute or defend a breach of contract suit. In Pennsylvania, and in most states, the statute of limitations on most contracts is four years from the time of the alleged breach. You should allow some additional time beyond that period lest you get late notice of a lawsuit filed on the eve of the expiration of the statute of limitations. Since the law construes contracts against the party drafting the agreement, retain not only your final contracts, but also the documentation that could prove which party wanted what language and which sections. Retain documentation that shows your contract partner was pleased with your performance, or, conversely, that shows you were displeased with their efforts. Save the documents that show how you upheld your end of the contract. For construction contractors, hold onto blueprints, job logs, photographs, accident investigations, meeting minutes, change orders, and the like.
In the employee relations context, documentation about hiring, evaluating and discharging employees should be retained for at least one year, and in many industries, longer. Many more employers are using background checks as part of their routine hiring process. There are limitations on how you can use background check information (see, “Criminal Background Checks in Hiring Decisions,” Tanya Salgado, Executive Newsletter, Summer 2000), and there are serious privacy concerns, but prudent employers keep these materials — safely away from prying eyes — for as long as the employee is with the company. Good practice suggests keeping them for seven years after the employee separates from the company. You may need those materials someday to prove that you conducted a reasonable check, or that you complied with the law’s limits on what you can do with the background information.
Governmental regulations dictate document retention policies in many industries. In the health care realm, for example, your business may be subject to regulations governing record keeping pertaining to the prescription and handling of drugs, the medical condition of patients, cost analysis for purposes of Medicare and Medicaid reporting and the like. In such highly regulated industries, mastering what needs to be kept and for how long is no easy feat.
In the context of corporate acquisitions, it is wise to carefully consider retention of due diligence records, regardless of whether your are acquiring or being acquired. The amount of time that due diligence materials should be retained may depend upon the nature of the businesses involved, as well as federal, state and local laws, indemnification claim requirements, litigation requirements, business needs and other record keeping requirements. Still, there are some records that, as a general rule of thumb, should be kept permanently. Examples depend on your business, but might include such records as audit statements, cash books, corporate records, intellectual property records, real property records, journals or minute books, and pension documents.
Most businesses and institutions find it helpful to have written document retention policies. Outsiders tend to be more understanding of documents destroyed as a part of a uniformly applied policy rather than the whim of individual discretion. As always, you must be prepared to explain and follow your policy. You may find that one set of uniform rules is good for the whole organization, but there may be sound reasons for different policies for different subsidiaries, divisions, geographical sites, or operating units. Many larger corporations designate a records retention officer to enforce compliance with policy. That officer is also often charged with checking with the company hierarchy and legal counsel before approving destruction of documents. Experienced legal counsel can be invaluable in developing policies that make sense for your organization.
Destroying records isn’t as easy as it used to be, either. In most contexts, it’s not good enough merely to toss documents where a dumpster diver may retrieve them and cause you trouble. Destruction of computer records requires an expertise well beyond merely hitting the “delete” key. Concerns of safety, security, and privacy all suggest that more sophisticated destruction methods, like shredding, may be necessary. In some contexts, such as health care, statutes or regulations require you to destroy, rather than merely discard, certain records so that no unauthorized eyes may find them.
There are few easy answers anymore. Still, if the Enron experience teaches nothing else, it’s that destruction of documents needs to be a carefully planned, systemic occurrence, and not a haphazard adventure.