Your business document retention policy should be updated to take into account AML/CTF requirements and the Fair Work Act. The National Consumer Credit Protection Act and the Personal Property Securities Act will also impose new obligations when they commence full operation.
What records must be retained?
Every business should have a document (record) retention (and destruction) policy to suit its own circumstances. There will be variations between states and for particular industries.
For your business, identify specific categories of documents and then particular types of documents which must be retained and the term for which they must be retained.
What policy will you adopt for records not subject to specific regulation (eg emails)? Is there a designated time after which they will be destroyed? What criteria were used in selecting that time period?
In what form can documents be retained?
Whilst the various Acts prescribe the types of documents that must be retained and the period of retention, they are generally technology-neutral in terms of the method of retention. Original hard copy documents need not be retained if they are kept electronically in a form that is readily accessible. The electronic copy must be secure and must be convertible into hard copy.
A black and white hard-copy version of a colour record will be acceptable if colour is not an important aspect of a document.
If you are adopting an electronic archiving system you will need to make sure you have an IT Governance policy which deals with security, privacy, business continuity, processes and outsourcing.
Are the electronic copies unique, identifiable and unalterable? Can you prove they are tamper-proof?
Have you recorded the process by which information is copied, stored, recorded and reproduced?
In summary:
- identify what records must be kept;
- decide your retention/destruction policy for other documents not required for ongoing business purposes;
- decide on your document retention method and record the process.
Here is a checklist.