Keeping it Ethical is our weekly blog series highlighting the 33 Principles for Good Governance and Ethical Practice. Throughout the series, we hope to highlight the importance of each Principle, the helpful resources associated with it, and learn more from you about how you’ve incorporated these Principles into your charitable organization.
Data is a word that strikes a combination of excitement, fear, and confusion in the hearts and minds of most working professionals today. Data is referred to ubiquitously and discussed ad nauseam. Fact: Every charitable organization houses tons of data.
Not hyperventilating just yet? Document and data retention and destruction is a full-blown legal compliance topic. As such, it can be seriously daunting when we step back to see the massive data ocean our organizations produce. Like a real ocean, our organizational data is a vital resource that we must learn to preserve and protect for our continued viability. Principle 5 lays out guidance to move us from feeling paralyzed towards empowered in executing our responsibility to preserve and protect organizational data.
Every charitable organization has the duty to establish and implement policies for both document and data practices. There are a multitude of factors when it comes to protecting data, and the easiest way to deal with all these moving parts is to draft and implement a written data and document retention policy.
Data retention practices are impacted by varying federal, state, and local regulations, which means we don’t have a single template to offer, but here are some components to consider when crafting your organizational retention policy:
- Not all data is created equal
The type of data you have and its function should dictate how it is preserved and for how long. As expected, there are no universal rules on what to keep or the length of time. The Internal Revenue Service does offer its own set of recommendations for public charities. IRS recommendations are important, but your organization should further consider preserving data even longer for non-tax purposes.
- Permanent records
Many governance bodies agree that certain documents that are critical and should be treated as permanent records. Examples include: application to recognize tax-exempt status, determination letter recognizing status, articles of incorporation and bylaws, any amendments, board minutes, all tax filings, and any documentation relating to contributions and grants.
- Archiving and backing up
You should outline a sound process to properly archive paper documents and electronic data. This step goes a long way in mitigating risk and possible loss for the organization. Holding on to data and documents also implies mechanisms are in place to secure and verify that data is not stolen, manipulated, or destroyed. The solution could be as simple as a locked cabinet or as complex as ongoing data security for files stored on the cloud.
- Destruction
Sometimes it’s healthy to let go. All data and documents have their purpose; set intervals so there is a clear understanding of when specific types of documents can be destroyed.
- Legal Proceedings
We have mentioned the almighty Sarbanes-Oxley Act, passed by Congress in 2002, when we talked about whistleblower policy. The act explicitly calls out document retention practices – it made it a crime to destroy, alter, conceal or otherwise “mess with” documents relating to official legal proceedings. There should be a provision in place to comply with the law and halt document destruction; you can read here for more guidance on the act.
You will likely need to consult a legal professional in drafting the policy, but you don’t need to wait on one to get started. Review the below resources as a starting point:
- Independent Sector’s document retention policy
- Minnesota Council of Nonprofits offers fabulous templates and samples
- Law firms are another great resource for sample organizational documents
Hopefully the next time someone says data or retention policy, you can sit back and relax.
Learn more about Principle 5, Document and Data Retention and Destruction and the associated resources.
Are we missing a good resource associated with this Principle? We want to hear that, too. Leave your thoughts in the comments and let us know what you think. You can also use #npethics on social media.
