The end of the tax year is also the end of many businesses  financial year.  It heralds the season for preparing annual returns, financial accounts and putting in place new budgets and business plans. But what happens to those documents that are generated during this frenzy of activity and what is the fate of documents prepared in previous years?  Some organisations have learnt, often to their cost, that if the fruits of this arduous annual cycle of information generation are not harvested and put away properly, things can turn rotten.

The problem lies not only in the fact that paper is difficult to process and handle but that it’s difficult to get reliable information about how long and why information should be kept.

In a post recession economy where resources are directed towards generating growth, few companies can afford the luxury of employing staff solely to categorise documents, assign retention periods to them and then diligently manage them.  And managers are far more focussed on getting the job done than tidying up the “back office” tasks.

Across the board organisations find it too time consuming not to mention costly, to work through reams of documents and decide if they should be retained or destroyed.  Many simply take the decision never to throw away information irrespective of its nature or content, and as a result there are  thousands of businesses sitting on paper mountains hidden in filing cabinets, storerooms and lock-ups.  Others spend thousands of pounds with storage companies squirreling away boxes of documents that will never see the light of day.

Equally as many businesses take the view that a regular cull of documents is sufficient to resolve the issue but they too run risks.

The consequences of neglecting to process information properly cannot be ignored.  Not dealing with this information correctly can result in serious financial penalties if a business is found not to be compliant with laws that define what must be retained.

The Companies Act 2006, the Charities Act, the Tax Management Act, the Pensions Act and the Limitations Act to mention only a few make stipulations about information that must be retained and for how long.  HMRC simply says that it expects a company “to take reasonable care” and “to retain sufficient records” but the penalties for “failure to notify” (Ref: 1) can be heavy and are based on the circumstances of the failure.

And the situation can be just as bad if information is either retained for too long or is not stored securely.

In the three months up to August 2014, fifteen incidents involving data breaches committed by professional firms were reported to the Information Commissioners Office (ICO) (Ref: 2) and, with potential fines of up £500,000 for a serious breach it is important to be aware of the need to abide by the eight Data Protection Principles set out in the Data Protection Act (Ref: 3).

Fortunately there are some simple steps that organisations can take to protect themselves from the risks and consequences of poor record keeping that do not cost the earth and happily have positive side effects.

The first step is to prepare a Records Management Policy.  This can be a simple series of statements about the ownership of records, how files will be handled and when and how they will be disposed.  Additionally this document should address the retention period for records with a justification for that period.

The policy should be phased in over a period of time to allow members of the organisation to adapt to it.  Many good policies have failed at the first hurdle because management has tried to force the pace of change too quickly.

Finally the policy should be reviewed on a regular basis to ensure that it’s relevant, effective and up to date.  There’s no point in using records retention periods that are out of date or keeping documents that are not needed.

Operating a well defined and up to date records policy can have many benefits.  These extend beyond preventing data breaches and making sure that a business is compliant.  Well-defined records policies can protect and preserve valuable marketing and technical information that can improve business performance and provide a valuable source of information for making future business decisions.

References.

1.  https://www.gov.uk/corporation-tax-penalties

2.  Information Commissioner ‘sounds the alarm’ on data breaches within the legal profession.  ICO web site “News & Blogs”, 5th August 2015.

3.  https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/

Why not arrange an initial, informal discussion about your Records Management Policy?   To contact us simply email: [email protected] or call us on 01928 740707