We are frequently asked how long records have to be kept for: do you have to convert old records every time a new electronic system comes along?
Can you get rid of those boxes of paper records?
Our record retention checklist for financial services providers has been updated to take into account Privacy Act and FOFA requirements. [Last Updated 2019].
What records must be retained?
Every business should have a document (record) retention (and destruction) policy to suit its own circumstances. Our table can be used as a starting point. There will be variations between states and for particular products.
For your business, identify specific categories of documents and then particular types of documents which must be retained and the term for which they must be retained.
What policy will you adopt for records not subject to specific regulation (eg emails)? Is there a designated time after which they will be destroyed? What criteria were used in selecting that time period?
In what form can documents be retained?
Whilst the various Acts prescribe the types of documents that must be retained and the period of retention, they are generally technology-neutral in terms of the method of retention. Original hard copy documents need not be retained if they are kept electronically in a form that is readily accessible. The electronic copy must be secure and must be convertible into hard copy.
A black and white hard-copy version of a colour record will be acceptable if colour is not an important aspect of a document.
If you are adopting an electronic archiving system you will need to make sure you have an IT Governance policy which deals with security, privacy, business continuity, processes and outsourcing.
Are the electronic copies unique, identifiable and unalterable? Can you prove they are tamper-proof?
Have you recorded the process by which information is copied, stored, recorded and reproduced?
- identify what records must be kept;
- decide your retention/destruction policy for other documents not required for ongoing business purposes;
- decide on your document retention method and record the process.