Understanding and Documenting the Basis of Retention Periods

The business world is dynamic:  people come and go, laws change, and business requirements change, but having a history of why your organization is retaining or deleting a record after a certain period of time will make it more comprehensible to your users, your management and your successors as records managers.

A retention schedule is one of the most fundamental aspects of a records management policy. However, the retention periods can often seem arbitrary or obscure.  Information owners may wonder “Why are we keeping this for X years and that for Y years.”  The answer “Because we have always done it that way.” Is not satisfactory. 

Laws change, business needs change and a good retention schedule should not only reflect those changes but also explain why a certain record type has a specific retention period.  If one had the luxury of creating a retention schedule from scratch, you could (and should) add annotations referencing the basis for the retention period. For example, OSHA (Occupational Safety and Health Act) regulations 29 CFR 1904 et. seq. require minimum retention of workplace injuries or illnesses for five years. That should be referenced in the retention schedule so that an information owner or records manager has a reference for understanding why five years was chosen as the retention period. That is just one example of many regulations that specify retention periods. Highly regulated industries have even more of a recordkeeping burden, but those should be documented as well.

Similarly, there are record types with no defined regulatory time period, but which do have a legal basis, such as statutes of limitations for contractual claims, employment discrimination, or intellectual property infringement. These may vary by jurisdiction, but a reference to the applicable laws will help users understand why they are keeping certain records for a defined time.

Also, establishing a minimum retention period de facto creates a maximum period. For HR-related records for example, if a retention period is required by law to be a certain timeframe, then data privacy regulations such as GDPR or others would require the organization to delete the records when no longer required for legal or business purposes.

Then there are record types which are not governed by laws or regulations but rather for business purposes. A training presentation for example, or a product announcement. There is no legal obligation to retain such records, but the organization may have a valid business need to keep such information for re-use, or archival purposes.  Then it is up to the records manager to query the owners to determine the expected need for retention and document that reasoning for future records managers.

There are many consultants and service providers who can codify retention schedules and there are many RIM products that enable you to include notes as metadata to keep a record of the reasoning and history of schedule changes.  However, even a spreadsheet or document file will make life easier for records managers who are faced with the question: “Why are we saving this for X years.” Creating or maintaining a history of the “whys” of retention periods or their changes may be onerous, whether you are creating a schedule from scratch or modifying an existing one, but it will make the policy more defensible and understandable to those who rely on it.

WANT MORE?

April is Records and Information Management (RIM) Month. Now celebrating RIM Month for the 29th year, ARMA, the world’s leading membership organization for records and information management (RIM) and information governance (IG), will once again promote this month to bring greater awareness and recognition to those practitioners who are superheroes to the profession!

Click here to see all the ARMA RIM Month offerings!

Take an additional 30% off the ARMA bookstore!*
promo code: RIMMonth30

Click here to view the bookstore!

*Promo code is not valid for the IGP Study Guide, IGBOK, or IGP exam and application fees. Valid April 1-30.

Author

  • Richard Lang is an information governance manager having over 20 years experience with IBM in records management, data privacy, eDiscovery and business continuity. He is a Board member of ARMA, an IGP, CRM and CIPP/US.

(Visited 407 times, 1 visits today)

Richard Lang

Richard Lang is an information governance manager having over 20 years experience with IBM in records management, data privacy, eDiscovery and business continuity. He is a Board member of ARMA, an IGP, CRM and CIPP/US.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.