How to Create a Retention Policy

A retention policy provides critical business benefits:

Legal Protection:

• Demonstrates good faith records management

• Supports legal defensibility

• Ensures compliance with regulations

• Provides framework for litigation holds

Operational Benefits:

• Reduces storage costs

• Improves retrieval efficiency

• Clarifies decision-making about records

• Protects against data hoarding

Risk Reduction:

• Minimizes exposure from old records

• Creates defensible destruction practices

• Reduces discovery costs in litigation

• Ensures consistent treatment

Research the rules that apply to your organization:

Federal Regulations:

• IRS: Tax records (typically 7 years)

• OSHA: Safety records (5-30 years depending on type)

• HIPAA: Medical records (6 years minimum)

• SEC: Financial records (varies by document type)

• DOL: Employment records (varies)

Industry-Specific:

• Healthcare: State medical records laws

• Financial services: Banking regulations

• Legal: Bar association requirements

• Education: FERPA requirements

State Requirements:

• Vary by document type and state

• May be longer than federal minimums

• Check each state where you operate

Catalog all records your organization creates or receives:

Common Categories:

• Corporate governance (articles, bylaws, minutes)

• Financial (invoices, bank records, audits)

• Tax (returns, supporting documents)

• Human resources (applications, personnel files)

• Legal (contracts, litigation, IP)

• Operations (correspondence, projects)

• Marketing (campaigns, research)

For Each Record Type, Document:

• Description and examples

• Format (paper, electronic, both)

• Volume and growth rate

• Sensitivity level

• Business unit owner

• Current storage location

Determine how long to keep each record type:

Retention Period Categories:

• Current year plus X years

• Years after specific event (termination, expiration)

• Permanent (never destroy)

• Superseded (keep until replaced)

Common Retention Examples:

• Accounts payable: 7 years

• Bank statements: 7 years

• Contracts: 7 years after expiration

• Personnel files: 7 years after termination

• Tax returns: Permanent or 7 years

• Board minutes: Permanent

• General correspondence: 2-3 years

When in Doubt:

• Consult legal counsel

• Consider business needs beyond legal minimum

• Document rationale for decisions

Write a comprehensive, usable policy:

Policy Components:

• Purpose and scope

• Definitions of key terms

• Roles and responsibilities

• Retention schedule (by record type)

• Legal hold procedures

• Destruction procedures

• Exceptions process

Schedule Format:

• Record series name

• Description

• Retention period

• Trigger (when period starts)

• Legal citation (if applicable)

• Disposition (destroy, archive, permanent)

Approval Requirements:

• Legal department review

• Executive sign-off

• Board approval for major decisions

Put the policy into action:

Implementation Steps:

• Communicate policy to all employees

• Train records custodians

• Establish destruction schedule

• Create legal hold procedures

• Set up tracking and documentation

Ongoing Maintenance:

• Annual policy review

• Update for regulatory changes

• Add new record types as needed

• Audit compliance periodically

• Document all destructions

Special Situations:

• Legal holds override normal retention

• Business acquisitions require policy review

• Regulatory changes may extend periods

• Consult counsel before destroying disputed records