Unfortunately, it’s not just a simple matter of how long you think you may need them, or how much space you have to store them. The law actually requires that businesses retain confidential client, employee, or company data for a minimal length of time.
To complicate things a little further, holding on to documents for too long can put you at a security breach and in non-compliance with the current privacy legislation.
Shred-It’s Guide to Document Retention includes the following guidance:
How long you store business records should be determined by a retention schedule that balances each record’s usefulness with the legal requirements. To some degree, this will depend on your type of business, and the lifecycle of specific documents. You’ll want to determine a retention schedule for each type of document, and then create a secure destruction schedule for those documents to reduce risks associated with data breaches.
From a risk-management perspective, once you’ve agreed on a time period to retain each type of document, the only acceptable way to discard your documents is to make sure they’re irreversibly destroyed. Shredding is a legal requirement for many types of documents, and on-site shredding is the safest policy. You’ll want a Certificate of Destruction that specifies the exact date and method used to destroy your documents.
Click here for Shred-It’s list of documents that contain confidential information,
along with the recommended retention period for each type in accordance with certain legal requirements. Keep in mind that these are general guidelines only and are not intended to represent legal advice.