A local government records retention policy is necessary for data governance
This content series on data governance began with an overview of the current data sprawl challenge that has been impacted by the rise in cyber-attacks, artificial intelligence, and compliance requirements. Prior articles covered information governance versus data governance and then the need for creating a data asset inventory. Next in line is the importance of having a records retention policy, which is the umbrella for effective data governance.
The steps for creating this policy include defining why local governments need a records retention policy, who should be included in the policy development, what should be in the policies (and what shouldn’t), and how to communicate the policy details to staff.
Why local governments need a records retention policy
Developing a local government records retention policy is necessary for several reasons. Requirements like compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Criminal Justice and Information Sharing (CJIS) rules, IRS, Payment Card Industry (PCI), general audits, and state archive laws are a few. It also reduces exposure during litigation holds and helps control data sprawl, lower cyber risk, and prevent data loss. A strong policy improves operational efficiency, which is especially important when staff spend an estimated 20–30% of their day searching for documents.1
Beyond compliance, a local government records retention policy reflects how an organization views its information: as an asset with potential future value, or as a liability due to storage costs and inefficiencies. In practice, effective retention strikes a balance between these perspectives. It also avoids the assumption that every document must be kept indefinitely.
Who’s involved in creating a local government records retention policy
Creating a multidisciplinary team is vital to ensuring that the needs of the entire organization are reflected in the records retention policy. Because records' retention is a governance decision and not an IT-only decision, broad input from non-technical staff leads to stronger, more practical policies. For some organizations, it may be most effective to have a sub-group that oversees detailed departmental work and a separate leadership group that sets broader policy direction.
As you assemble your team and subgroups, bring in representation from these areas of the organization and beyond:
- Legal (attorney, solicitor, etc.)
- Human resources
- Public information
- Finance, human services, and other key departments
- Information technology
- County administration
- Elected officials
- 911, continuity, or emergency management
Having a diverse group of county members will ensure that perspectives, concerns, and feedback are considered before finalizing the policy.
5 Things to include in your local government records retention policy
In developing records retention policy, you should start with the format of your approved local government template for policies. Your template will most likely already require sections such as purpose, who it applies to, definitions, scope, a section for the actual policy, review/revisions, and compliance.
In addition to those sections, you should include the following components in your local government record retention policy:
- A general retention section for the most common types of communications—email, county-owned cell phone texts, voice mail, contracts, letters and press releases, meeting agendas and minutes, social media posts, collaborative chats, video, etc. These general retention sections should also include how long to keep those records and who is responsible for ensuring the retention period is followed, which in some cases can be automated by IT.
- The manner of retention stating whether the record is in digital or paper form. While PDF/A is being widely adopted as a preferred retention format, it does not fit in all cases. Paper documents, with “wet” signatures may be required for areas such as adoption, judiciary, deed, among others.
- Department/agency specific sections around case management records and records that fall under federal and state specific compliance laws. These sections will also include how long to keep those records, who own the records, and who is responsible for ensuring the retention period is followed.
- Destruction of records instructions that define how and when to dispose of common records, such as emails and messages, as well as records that must be expunged by court order. IT can help automate deletion of digital records but remember that storage media containing protected data (like disks or hard drives) must be securely wiped. There are certain types of media (disks, hard drives) that need to be wiped using Department of Defense (DOD) and the National Institute for Standards in Technology (NIST) approved processes.
- Continuity in event planning that clearly identifies priorities, in case all systems go down. Remember that there will be certain departments who should have paper backups in place.
Prioritizing the inclusion of these 5 components will ensure that the local government records retention policy you create will be comprehensive and thorough.
The table outline below offers a straightforward approach:
| Record/Document Type | Description | Time period to retain | Owner | Continuity Priority |
|---|---|---|---|---|
| Work Correspondence | 6 months | Various | 1 | |
| Contracts | County contracts for agreements such as maintenance, software support, purchases, etc. | Minimum 7 years, grants may be longer | Procurement, or Legal or Department | 2 |
| Human Services Records | Case Management | Once case is closed, ## years | Human Services | 1 |
Disseminate, educate, and automate for successful adoption
Once you have the draft of the records retention policy, follow your organization’s policy approval process, which should include how it will be communicated to staff and the type of training needed.
Communications can include an email announcement with a link to the policy. Alternatively, department directors can review the local government records retention policy with their teams at staff meetings, or share highlights of the policy in organization newsletters. One-page retention quick guides and infographics can also be created to aid in comprehension.
Think of introducing the records' retention policy with a policy awareness campaign that covers the policy, FAQs, posters, and videos. Awareness of the local government records retention policy should always be included in new employee onboarding, as well as an annual mandatory review by all employees.
In terms of education, think outside the box. Create videos to watch and consider adding those videos to your learning management system. Then, you can include a set of questions at the end of each section, or a quiz at the end, to document transfer of knowledge. Other training ideas include a gamification approach with prizes. While there are a variety of ways to educate about the local government records retention policy, start with at least one so that staff become familiar with a “data first” culture.
Email archiving automation can be implemented as well by using AI-assisted classification tools (enterprise search, automated metadata) that support tagging or labeling. There are also document management systems (that many organizations already have, ex. SharePoint) which can be leveraged to assist. These systems can implement aspects of the records retention policy, including categorization and location of records and other documents.
And if you want to know if local government records retention policy is effective, you can also include pre-defined metrics to measure once the policy is implemented. Metrics can include but are not limited to volume destroyed, storage saved, and requests fulfilled faster.
A local government records retention policy protects agencies and constituents
For local governments, the importance of creating a records retention policy cannot be underscored enough. Navigating the rigors of compliance and government oversight, as well as the ever-looming threat of cyberattacks, makes it critical to have an effective policy in place. What seems like an intimidating process can be simple and methodical with the right approach.
Remember, you do not have to start from scratch. In addition to samples of retention policies, you can also find valuable resources from other local governments. Networking and corresponding with other public agencies in local government can yield helpful insight and cohesion.
CAI has additional resources available that cover areas from King County, Washington to the state of Ohio, and other states in between. Record retention guidelines by state can be found online, as well.2
To learn more about how CAI partners with local government for data governance and compliance, fill out the form below.
Series: Data Governance for Local Governments
Select one of the thought leadership articles below to read more in our 4-part series about the crucial aspects of data governance for local governments.
Endnotes
- Sid Probstein. “Reality Check: Still Spending More Time Gathering Instead of Analyzing.” Forbes. December 17, 2019. https://www.forbes.com/councils/forbestechcouncil/2019/12/17/reality-check-still-spending-more-time-gathering-instead-of-analyzing/. ↩
- Record Nations. “Record Retention Guidelines by State.” hhttps://www.recordnations.com/articles/record-retention-guidelines-by-state/ . ↩
