Like human beings, electronic records are born, live and die. Birth is the moment they're created and saved in the system. They live for as long as they're useful, and then they face the death of deletion. Unlike people's lives, the record cycle of life shouldn't be left to chance. Your business should have a clear policy on how to store files and how long to keep them before they're destroyed.
The life cycle of electronic data comes in five phases. The typical information life cycle diagram breaks them down:
- Creation. Suppose the record is a contract proposal. If your business generates the proposal, the record cycle begins with the document's creation. If it receives a contract proposal by email, the life cycle begins when the document arrives.
- Distribution and use. Once you receive a proposal, it should be distributed to the managers who accept, reject or negotiate the offer. The document needs to be accessible to everyone who has to read or evaluate it until this phase of the record cycle ends.
- Storage and maintenance. After your company signs the contract, the document has to be stored somewhere secure. It may only see occasional use, for example if the other party threatens to sue you for a contract breach.
- Retention. You may need to keep the document in your files even after the contract is finished. It may be useful for reference, as a tax record or because the law requires your company to keep some documents on file for a few years.
- Disposal. When the document is no longer of any use, and there's no legal requirement to keep it on file, you can safely delete it. The document's record cycle has reached its end.
Organizations need a policy on maintenance of electronic files to ensure nothing gets deleted while it's still useful or mandatory. It's true that many businesses don't have a firm policy, but that can come back and bite them: for example, if a lost document becomes important in litigation. A good policy accomplishes several goals:
- It establishes guidelines for creating, using, storing, retaining and eventually deleting documents.
- The guidelines identify specific devices on which documents are created, filed and stored.
- The policy establishes rules for maintenance of electronic files, such as the length of the record cycle.
If your business has been around a while, you may have accumulated a lot of electronic records already. Once you establish your policy, you have to locate and categorize the existing documents and take appropriate action on each of them. This won't be a quick process.
Your policy shouldn't be complicated or difficult for your team to follow. It also needs to be thorough, with regular performance audits to see if it's working. There are lots of ways that documents can slip through the cracks:
- Employees keeping records on personal computers or phones
- Informal notes and records
- Conducting business by instant message, email or text
Different types of records require different rules. You need to keep tax records for a given year until the IRS can no longer audit them. Employee leave and benefit records should be maintained for at least three years. Contracts and warranties should stay in the files until the statute of limitations for any related lawsuits expires.
Until the record cycle reaches the deletion stage, you need to protect the records in your files. Threats include employees accessing confidential information, the physical destruction of the computers and data breaches caused by viruses, hacking or malware.
- Back up your records. Duplicating data in the cloud or on a backup hard drive protects you if your company laptop dies suddenly.
- Redact documents to hide sensitive information, such as Social Security numbers, from people who don't need to see it.
- When dealing with confidential information, draw up a list of who can see it. Configure an access control list that shuts other employees out.
- Encrypt confidential files so they can't be read without the decryption key.