Document Retention Policy Samples (Word | PDF)


Having a secure, paperless, and efficient way of handling records and data is important for any business. It’s a tool that can be beneficial to any size company and can protect you from having critical and sensitive data fall into the wrong hands. This is especially important if you keep customer records with details of bank and credit card numbers and other sensitive data.

What is Document Retention?

This is a system allowing yourself and any employees to create policies determining how specific records or documents should be kept, for how long, and how they are being disposed of after a certain time period. This includes:

  • Having a specified day or time when certain records are automatically deleted
  • Moving files automatically to new sites, folders, directories, or systems
  • Sending or copying files and records to a specified person on a specified day or time

What is a Document Retention Policy?

Also known as a data or records retention policy, this refers to an established protocol that has been set up by a company detailing how they retain and dispose of data. Every business will have its own way of doing this, and not all policies will be the same.

Why Use Document Retention Policies?

A document retention policy ensures that companies are fully complying with security protocols to protect the data of the company, employees, and customers. There are a few benefits of having a policy in place.

  • It makes it easier to organize your paperless data and records.
  • Regularly getting rid of files that are confidential or sensitive will ensure that information doesn’t end up in the wrong hands, such as un unhappy employee or hacker.
  • Clears up the clutter created by old and out of date files by placing them in storage.
  • By deleting and archiving old data, it ensures that your company is using up to date information, which helps avoid mistakes, like sending out information to the wrong person.

You need to outline policies and guidelines regarding the handling of certain documents. The policy is something that everyone in the company using these documents is aware of. For old files, you may want to either delete them or archive them. You will need to set out time periods for how long a document is held as well as when and where it should be moved. Most of this is done automatically.

The Importance of Having a Document Retention Policy

Having a document retention policy in place not only makes record keeping run more efficiently, but also ensures that your company is following data retention laws set out by the federal, state, and local governments, which require you to hold records for set periods of time. This can be anywhere from a month to indefinitely depending on the state and is also dependent on the type of record. It’s important for:

  • Making sure your company is in compliance with laws and regulations
  • Mitigating risk that is associated with regulations
  • For the employee, vendor, supplier, and customer disputes
  • For federal, state, and local audits

Organizations that accept funding from non-profit and government sources may be subject to additional requirements for document retention. If you are found to have destroyed data after it was requested for information, such as through a court order, you can be fined, penalized, or imprisoned.

Certain documents must be kept for a designated time period:

  • Accounting Records – most accounting records need to be kept permanently, such as financial statements, general ledger, tax returns, and inventory records. Other documents such as AR/AP Ledgers, petty cash records, and expense reports need to be kept for 7 years, and bank reconciliations for 2 years.
  • Human Resources and Payroll – accident reports, attendance, benefits, and time reports are kept for 7 years. Salary histories are kept for 8 years, safety reports for 5 years, and employment applications for 3 years. Some records must be destroyed within a certain timeframe from termination: payroll records 10 years after termination and personnel files for 7 years after termination.
  • Shipping and Receiving – all manifests, freight bills, export declarations, and waybills and bills of lading are to be kept for 4 years.
  • Corporate and Legal – most records are to be kept permanently, including annual reports, external audit reports, articles of incorporation, contracts, partnership agreements, mortgages, deeds, licenses, organizational charts, legal and tax correspondence, patents, copyrights, and trademarks. Internal audit reports are to be kept for 6 years, routine correspondence for 7 years, and general correspondence for 2 years.
  • Sales and Purchasing – all records are to be kept for 3 years, which includes purchase orders, sales invoices, requisitions, and sales contracts.

Free Templates & Examples

Corporate Record Retention Policy

Corporate Record Retention Policy


Business Record Retention Policy

Business Record Retention Policy


Document Retention Policy Template for College

Document Retention Policy Sample for College


Record Retention Policy For Small Business

Record Retention Policy For Small Business


Records Retention Schedule for Individuals

Records Retention Schedule for Individuals


Frequently Asked Questions

How long are employee records kept in California?

While the legal time frame is 3 years, most employee records are kept for 6 years in California.

How long are medical records kept for?

This can differ depending on whether the records are held by a hospital or private medical practice, as well as whether the patient is a minor. In general, medical records can be held anywhere between 5 to 10 years after the patient has been discharged, has died, or had their last treatment.

What is GDPR?

GDPR, or General Data Protection Regulation, is a regulation set out by the European Union and European Economic Area regarding the privacy and protection of data. It sets out principals for the lawful processing of data that is personal, which includes collecting, restricting, destruction, and erasing personal data.

What are the 7 principles of GDPR?

The 7 principals of the General Data Protection Regulation are:
• Transparency, fairness, and lawfulness
• Minimization of data
• Data accuracy
• Limitation of purpose
• limitation of storage
• Security, confidity, and integrity
• Data accountability

Keep Reading