Noncompliance with record retention policies puts your business at risk
Noncompliance with record retention policies, revealed by a data breach or a violation of the duration of stored personal information, could result in damage to
your business's reputation, financial loss via a bevy of fines and penalties, and social or economic disadvantages. In these cases, the legal violation is revealed
when the breach takes place and the company is found to have more records than it should, or insignificant protection protocols for valuable documents.
The global average cost of a data breach is $3.92 million, with an average size of 25, 575 records.
Organisations found to be in violation of data retention policies are required to record any corresponding data breach they suffer, which could be damaging to
potential client or business acquisitions in the future.
Management throughout document lifecycles
Whether your organisation is looking to store personal data or financial record documents, it is important to know the appropriate retention period of the
associated data. Here is a guideline of the types of documents covered by a document retention policy, categorised by the retention periods associated.
- Business records requiring a permanent file:
- Annual financial statements
- Corporate identity documents, such as incorporation documents, charters, bylaws, constitutions or minutes of meetings
- Patents or trademarks; any registration applications or records relating to acquisitions
- Receipts and invoices
- Health records: 10 years
- Medical information or patient history
- Charting, scans or records
- Medical devices
- Human drugs
- Natural health products
- Tax records: 7 years
- Bank statements and records
- Records attributable to the sale of stocks and bonds
- Vendor invoices
- Records of purchase and sale
- Personnel and payroll records
Record retention policies should be updated periodically. Depending on the country or jurisdiction your business operates in, specific record retention schedule
periods may vary, although updating a record retention policy every 18-24 months is generally good practice. This time frame allows your business to ensure
compliance with any legislation enacted or legal changes that have occurred since your previous policy was finalised.
See how you can manage retention and privacy together
Learn how Policy Centre can help achieve your organisational needs.
Talk to our information governance experts today!