As your business documents begin to pile up, your organisation needs to have a proper records management policy and archiving in place. Otherwise, you run the risk of losing your data and enduring weeks of downtime due to catastrophic events like fire, flood, hardware or system breakdown. Even worse, your organisation could face legal consequences and fines due to negligence.
Is archiving the right solution to managing your business records?
The National Archives defines archives as “collections of records or documents selected for permanent preservation”. These records are kept because of their value as a source for historical, scientific, or statistical research; or as evidence of business activities.
Archiving is primarily done as a legal obligation. In the UK, Her Majesty’s Revenue & Customs (HMRC), Companies House, The Public Records Act (FLSA) and local councils require businesses to keep records for tax purposes, regulatory compliance and public inspection. There will be policies in most countries that outline the requirements for data storage and destruction that you should be aware of.
Apart from being a legal and regulatory requirement, archiving business documents protects confidential information from the possible risk of being shared or leaked, frees up valuable storage space, helps with business continuity and allow easy access and restoration of important data especially after a catastrophic event or system crash.
While there is no prescribed manner as to how records should be archived, records must be stored securely and in an organised manner to allow for easy access and management. Many businesses, for example, assign numbers or codes to files or documents and sort them in alphabetical or numerical sequence. This makes it easier not only when retrieving a record but also in version control.
A tracking document is essential to track what has been archived. We recommend not placing this tracking document with the archives but keeping it in a secure place for access. If you put it in one of your archiving boxes you probably won’t see it again! Also, label your boxes clearly using your sorting method as it may not be you that needs to locate a box in future and chances are your scribble may not be deciphered by others.
Legally, is it good to retain all business records?
You don’t need to hold on to all your business-related documents though. For one, it can be expensive to keep records unnecessarily, not to mention the added burden of managing and keeping all those documents, especially those that bear sensitive information, securely stored. A lot of information you generate for your business isn’t important enough to retain, so consider what you define as archivable and what can be destroyed (ie. social media or publically documented materials where the information is now online).
There are also negative legal implications for keeping records when you don’t have a justifiable reason to do so. Read more about document retention from our article on keeping business and accounting records.
Data Retention and Destruction Policy
Processes should not change between electronic and paper records when it comes to archiving. If a document is necessary and useful to keep it should be archived. If it is not then it should be deleted following the retention and destruction policy you have established.
If you have not yet established a data retention and destruction policy then you should implement one as part of your standard operating procedures. It’s important to track this across your business and be systematic about how you store and destroy all company records. This is not an individual choice but an organisation-wide policy that needs to be enforced.
Define the scope of your policy, the levels of restriction and the period of retention. Have a procedure written out of who is responsible and how you retain and destroy your data.
Data Protection Act (DPA) and Freedom of Information Act (FOIA)
The DPA 2018 is a UK Act of Parliament which states that records and documents should be erased or destroyed when:
- There is no longer a justifiable need for it
- The statutory retention period has already passed
- The information is confidential
The FOIA is a USA Act to define the protections and disclosure of government records as well as mandatory disclosure and exemptions.
General Data Protection Regulation (GDPR)
As an update to the DPA, and to more clearly define personal data, the European defined GDPR provision states that personal data should not be kept for a period longer than necessary unless it is being kept in the public interest, scientific or historical research purposes, or statistical purposes.
By defining personal data, it protects a person’s personal information by defining what can be identified, directly or indirectly and what is meant by consent. The GDPR also guides on how consent is given and the steps that could be taken for a breach.
The Information Commissioner’s Office (ICO) recommends the following:
- Depending on the purposes, think about – and be able to justify – how long you keep personal data.
- Establish a standard retention period for the different categories of the data you keep, wherever possible and have someone responsible for tracking your data.
- Periodically review the data you hold and erase or anonymise when there is no more need for it.
- Carefully consider any challenges in retaining the data.
Archive or delete emails?
The DPA requires businesses to archive emails for specified lengths of time. The reason behind is to protect both the organisation and customers as these documents can act as evidence. So, as a general rule, and where appropriate, you should keep important business emails and attachments that could be used as evidence in case of a legal proceeding. An easy way of keeping an email is to print and save a copy (or better still print a copy of the email to pdf ) and store it in your filing system. You then have a record of the email and free up your email space accordingly.
We can’t stress how important it is to have a policy in place so you know what your business policy is on what data you legally need to archive, how long you should retain it and why.
Disclaimer: The information shared in this article is not meant to represent legal advice. Please contact a legal expert for any questions or clarifications.