If you are a gardener like me, you know that this time of year is all about maintenance. Weeding out undesirable plants from overtaking your garden will provide dividends in a few more weeks as bountiful harvests await. The same can be said about and the documents that are stored in your company.
Most people by nature feel the need to save documents longer than they should. A document has a useful life and a legal life. Understanding this can be critical, not only for the cost of storage, but from a liability perspective as well.
Let’s begin with the useful life of a document. As an example, we will use accounts payable files because every business has them. This applies regardless of how you store your documents, either electronically or in paper. AP documents are typically active for two years. It is during this period of time that purchase orders are cut, receivers collected, invoices approved and payments made. Following this period of time, which is typically 90 days or less, the documents remain idle with the exception of a vendor correspondence. That is until the auditors arrive. At that point, your documents are fair game to the requests of the auditors. Once complete, these documents may never be viewed again. But before you throw them away or delete them from your system, you have a legal requirement to keep these records for seven years.
People who still use paper files will tend to “purge” these documents from file cabinets after two years and store them in banker’s boxes. This storage is typically in faraway areas with questionable security (a pad lock on a storage locker is not tight security). Digital users will usually save their documents within a document management system or on a drive on the network. This is generally more secure and cost effective than saving paper, but this option also has potential risks.
The biggest risk I have seen in keeping documents long term is they are never destroyed. Whether this is intentional or not, it creates a huge liability issue for any organization. Without having a documented records management plan, you are inviting game changing risks that need not exist. Saving documents past their legal retention schedule opens up this information to legal discovery. Just as important, and missed by many, are the electronic “paper trails” or history left within a document management system after the images are purged. Most document management systems will record any activity for a document. This includes who viewed, printed and emailed a document, as well as things such as workflow approvals and notes associated with a document. Purging the image is not enough, you need to expunge the entire history to completely eradicate the document and associated history. Most systems have an optional records management component that will do just this. These systems work in conjunction with your records management requirements to evaluate the age and type of a document and destroy not only the image, but all historical information from the database as well.
For organizations that store confidential client information this is a critical component in protecting personal information. The higher profile your company is, the greater chance of being hacked. But make no mistakes, it can happen to smaller companies as well as they do not tend to have the same level of security as Fortune 500 companies.
So just like weeding your garden before the harvest will reap the rewards, so too will creating and maintaining a records management plan for your company.
Jack Arnston is a Principal at The Priton Group. He can be reached at firstname.lastname@example.org.