How often have you heard the phrase: “We need to create and keep that record for legal reasons”? It’s almost a mantra when dealing with records, yet it is at best ambiguous.
Before you determine your policies and processes, we’ve compiled a list of misconceptions to help you save a lot of effort if it answered your challenges.
1. Seven years for everything
True for some records, but never true for every record. Contrary to popular belief, even the U.S.A. Internal Revenue Service doesn’t require seven years’ retention for all tax-related records.
2. The organisation must retain the paper copy
Most countries accept born-digital records and scanned records, if produced within the appropriate regulations and laws for format and process. Processes used to create and secure the born-digital or scanned records should always be documented.
3. Signatures must be original
Many countries accept born-digital e-signatures when produced within the appropriate regulations and laws. Courts in many countries may accept photocopies or scanned images of signed documents as evidence. (Check the rules in each country in which you’re operating.)
4. Digital, electronic, or scanned format records may never replace paper records
Born-digital and scanned records are accepted in many countries when produced within the appropriate regulations and laws for format and process.
5.“Keep everything” is the law
That is never true.
6. Records must stay in the office
Some records may need to remain in the office, although it is seldom very many. Conversely, some countries require off-site storage of records to meet defined standards and processes. Processes for off-site storage of records should always be documented.
7. No outsider can look at the organisation’s records
Courts in both civil and common law systems can force an organisation or individual to give up records as evidence.
8. These are personal records, not business records
If the record is about the business, then it is not personal. Taking a record home does not make that record personal.
9. That is only for the United States, not here in my country
A court in the United States may require records kept abroad to be offered up or produced to comply with a document discovery request. Likewise, the scope of the European Union’s GDPR extends beyond its borders in certain cases.
10. “Keep everything just in case we need it” is our policy
It is not feasible for space, cost and management reasons to keep all records even when they are digital records. Defining “all records” is too difficult. In all likelihood such a policy would not survive the first month, and the organisation will need to explain why “all records” were not kept.
11. All of our records are protected by privilege
Privilege is a common law concept that protects communication between a lawyer and a client during a legal proceeding. Privilege never protects all the records of an organisation all of the time