Latest Articles
- All Relevant Employee ESI Must Be Disclosed
- Law Firm Sanctioned For Email Spoliation
- Carefully Choose Search Protocol In Litigation
- Court Orders Inspection Of Hard Drive After Delays In ESI Disclosures
- Archiving The Internet – One Snapshot At A Time
- Purposeful Email Deletion Results In Sanctions and Scolding
- Finding ESI Search Efforts Unclear, Court Requires More Discovery
- New Article Explores Metadata
- Suspicious Email Results In Dismissal Of Employee’s Claims
- New Opinion Illustrates How Quickly ESI Issues May Proceed in Court
Editor Bio
Gregg Mayer is a journalist and lawyer with a keen interest in the rapidly evolving world of e-Discovery. Gregg has published numerous articles, including writing for law journals and the American Bar Association. Gregg served as editor-in-chief of the Mississippi Law Journal. Before practicing law, Gregg worked as a newspaper reporter for six years.
Regulation Means Retention for Years – Email and All
Posted by Gregg Mayer on Thursday, February 14th, 2008
CIOs must implement record retention policies – including retaining email - that comply with a vast assortment of federal regulations. Often, companies must craft different retention periods for various types of communications to meet the demands of federal regulation.
Knowing what to keep and how long to keep it can be a monumental task.
For example, some records are not covered by any regulations and can be discarded under the company’s own policy – maybe in as little as 30 days. Other records – including relevant email - may need to be retained for as long as 30 years, if not permanently.
The problems of retention are compounded by the proliferation of email for business use. Thousands of email messages pour in and out of a company. Knowing where this email goes and what information is in it is a critical necessity. More importantly, knowing how long the information must be retained is necessary to ensure regulatory compliance.
In order to be prepared, CIOs need to ensure they have an active and comprehensive retention policy. They need to make sure their archiving systems properly retain relevant records. They need to know where all of that email is and how they can get to it when the regulators (or lawyers) come calling.
Just as important, they need to know how long the regulatory timelines require the information be stored. Below is a synopsis of various timelines established by regulations that affect numerous companies:
Family Medical Leave Act (FMLA)
Generally, records must be kept for three years. This includes basic payroll documents, names of employees, addresses and occupations, hours worked and total compensation, among other related information. Keep in mind the FMLA also requires records be kept pertaining to employee leave taken under the FMLA, as well as any records regarding leave disputes.
Title VII of the Civil Rights Act of 1964
Any information about race or ethnicity of employees should be kept permanently and separately. Other information relating to personnel decisions, including requests for reasonable accommodation and application forms, must be kept for one year.
Americans With Disabilities (ADA)
Requirements under the ADA mirror the requirements of Title VII. Generally, retention is one year.
Fair Labor Standards Act (FLSA)
The length of time to save records under the FLSA depends on the type of records. Here’s a general breakdown:
- Keep these records two years: Under the regulations, companies must keep “basic employment and earning records,” as well as wage rate tables and assortment of other related material for two years.
- Keep these record three years: Payroll records, certificates, agreements, plans and notices must be kept by the employer for three years.
Equal Pay Act of 1963
In addition to having the same compliance as the Fair Labor Standard Act, an employer must preserve for two years records that relate “to the payment of wages, wage rates, job evaluations, job descriptions,” and an assortment of related records.
Age Discrimination in Employment Act of 1967
Similar to the FLSA, this Act implements a three-year retention requirement for payroll and related records containing information about the employee’s identity such as the name, address, date of birth, and rate of pay.
In addition, employers must keep for one year information such as job applications, resumes, or other job inquiry information. This also includes other information such as job postings.
Employment Retirement Income Security Act (ERISA)
ERISA regulations actually specify the use of electronic media for retention of records, and demand they be kept in “reasonable order and in a safe and accessible place, and in such manner as they may be readily inspected or examined (for example, the recordkeeping system should be capable of indexing, retaining, preserving, retrieving and reproducing the electronic records).”
Records necessary to determine benefits to employees must be kept permanently. Welfare and pension records should be kept five years, and supporting documents for ERISA filing should be kept six years.
Occupational Safety and Health Act (OSHA)
Generally, information should be kept for five years after the end of the year in which the information pertains (such as an accident, illness, etc.) Records for serious adverse reactions must be kept up to 30 years.
Federal Acquisition Regulations (FAR) Subpart 4.7 Contractors Records Retention
Information, such as books, documents, accounting procedures, and other data, including email, must be kept for three years after final payment under the contract.
Health Insurance Portability and Accountability Act (HIPAA) of 1996
Employers should retain various records, such policies and procedures, patient privacy data, certificates of coverage and other coverage information, for six years. Records must be kept for two years after a patient’s death.
Employee Polygraph Protection Act
Records relating to reasons for conducting polygraph examination and other related materials must be kept for three years.
Sarbanes-Oxley Act of 2002
Generally, public companies should save business records, including email and other ESI, for five years, although the Act specifies various retention periods for different types of records.
Labor-Management Reporting & Disclosure Act of 1959
Records, including back-up and supporting documents, required by the Secretary of Labor must be kept for at least five years.
Federal Withholding
Under the Federal Insurance Contribution Act (FICA), the Federal Unemployment Tax (FUTA) and Federal Income Tax Withholding regulations, records pertaining to federal taxes must be kept for at least four years. This includes identity and wage information.
Davis-Bacon and Copeland Act
Employers with federally funded projects should keep information for two years, including records relating to the periods of contract, pay records and work records.
National Labor Relations Act (NLRA)
Any collective bargaining agreements, including correspondence with the union, must be kept for seven years from conclusion of contract.
Immigration Reform and Control Act of 1986 (IRCA)
Employers should keep for three years after date of hire (or one year after termination) information about employee’s identification and work authorization.
SEC Rule 17a-3, a-4
Broker-dealers must retain comprehensive records, including email, of securities transactions for at least six years. The first two years they must preserve the documents in a reasonably accessible place.
Check back to this blog for individual posts about different regulations and how they may impact you.
Leave a Reply
You must be logged in to post a comment.