Just about every company has its pack rats who keep every paper or electronic document that comes past them, as well as other employees who can not wait to get rid of what they consider clutter in their files or on their computers.

Legal Retention Requirements

E-discovery is often associated with legal proceedings, such as retrieving electronic documents as part of litigation. But it may also include requests from federal and state regulatory agencies.

Every federal agency has its own requirements for document retention. For example, the federal Department of Health and Human Services requires that proof of citizenship and work visas be kept for three years after employment begins and one year after termination.

In addition, various federal laws impose regulations on document management. Some of the more common laws include:

• The Sarbanes-Oxley Act, which requires accountants of public companies to maintain certain corporate audits and reviews for five years from the end of the fiscal period during which the audit or review was concluded.

• The Fair Labor Standards Act, which requires three years of payroll records and two years of employment and earnings records.

• The Age Discrimination in Employment Act, which requires that records be kept for three years.

• The Family and Medical Leave Act, which requires that records be retained for three years and that medical records be kept separate from personnel files.

Some documents should, for all intents and purposes, never be destroyed. For example, information related to the formation and maintenance of a corporation, partnership, LLC or other entity through which you do business.

Your articles of incorporation or organization, informal actions, meeting minutes, stock ledgers and transfer documents should be kept indefinitely, as should documents relating to trade secrets.

As a business owner, and ultimately one of the most liable persons in your organization, you need to find a balance between these two approaches to document management and retention. And there is no doubt that your business must have a document management policy and system — not only to enhance efficiency and productivity, but also to meet legal and regulatory requirements. (See “Legal Retention Requirements” at right.)

Efficient document management involves having a well-written, strong and clear policy as well as a computer system (or in some cases several systems) that can index information for easy retrieval and allow for varying levels of security in accessing the documents.

The level of sophistication your business requires depends on the nature of your organization, the industry it’s in and the state and/or federal agencies and legislation that may regulate it.

With that in mind, the first steps to take are to consult with your attorney, accountant, human resources consultants and other professionals for advice on what documents you must keep, how long you should retain them and what documents you can destroy.

To help understand the importance of a document system, consider the manager who needs all the available information about a customer who’s threatening to go to a competitor. Without a document management system in place, that manager may spend valuable time tracking down documents held individually by an account manager, a customer service representative, a salesperson, a personal assistant and others who have had dealings with the customer.

With a document management system, all the required information is stored centrally. Changes to documents are instantly made and saved, with the time, date and name of the person who accessed them and made the alterations. Most importantly, perhaps, there’s only one up-to-date version of each document.

Moreover, the files can be indexed to such a degree that it becomes simple to find the information needed for a particular project, such as filing tax returns, conducting audits or finding other documents during the discovery process of a lawsuit.

Here are 10 steps to follow that will help set up a workable policy that you can then bring to a software vendor or build in house. Be sure to document everything – the steps taken, the policy, how it was implemented and how it’s enforced. That documentation could become important in the event of litigation or requests from regulatory agencies.

1. Review every type of document from the top down to determine what information is available, whether it’s stored electronically or on paper, and whether it’s on individual computer hard drives or on your organization’s computer network. Be sure to include any documents that remote employees are storing.

2. List the documents in categories such as historical and current; temporary and permanent; clients, customers and vendors; full-time and part-time employees; contractors; finance; business strategies; intellectual property; e-mails; legal or regulatory requirements and so on.

3. Decide what data you need to retain, how you want it organized, what information should be encrypted, and what security measures you want to install to protect the information and limit access to it.

4. Identify who’ll have access to specific information. Some information will likely be available to most employees on a read-only basis. Other data may be accessed only by certain employees with read and write privileges. Still other information may be limited to a select group who will need special passwords and encryption software.

5. Keep documents with different retention periods separate if possible. This not only reduces the cost of long-term storage, but also helps avoid the inadvertent destruction of a document before its scheduled time as well as potential legal charges of failing to follow retention regulations.

6. When documents with different destruction schedules must be combined in one file, be sure the file is kept for as long as the document with the longest required retention is needed.

7. Create schedules and methods for maintenance, archiving and destruction. Individual divisions or managers may be allowed discretion to set their own retention policies provided they’re approved by your legal counsel or an individual designated to oversee policy compliance.

8. Consider setting up centralized controls and systematic enforcement. It’s critical that all employees be monitored to ensure they follow the policy.

9. Provide a clear, documented rationale for each section of your policy. Legal storage requirements are likely to change from time to time, so you will need to review the policy periodically to ensure that it is up to date. When changes are made, be sure to document them.

10. Ensure that all employees, contractors and vendors understand the policy and that they sign off on it and any updates.

Remember: All of the computers in your organization contain information that need to be covered by this document management policy. This includes word processing files, data files, e-mails, and video and image files.

Hoberman & Lesser’s NYC accountants serve a broad cross section of businesses, ranging from publicly held companies, to private sector businesses, to individual entrepreneurs throughout New York, New Jersey, and Connecticut, and across the United States. To schedule a complimentary and confidential consultation with a member of our team, please contact us.