Policies and practices are important to the structure of nonprofit organizations. Formal policies and practices define expectations for board members, staff and volunteers to prevent disagreements, alleviate confusion and prevent liability issues. In addition, written policies and practices form the basis for whether board members are upholding their legal fiduciary duties.
Because of the litigiousness of our society, data retention policies are increasing in importance. Nonetheless, some nonprofits continue to overlook the need for data retention policies.
In creating data retention policies, nonprofit board members should consider that emails contain important, and sometimes legally significant, information. For these reasons, nonprofits need to come to some sort of consensus on how long to retain various types of emails.
BoardEffect Messenger by Diligent offers an innovative way to help boards connect their communication practices with their data retention policies. Messenger has a retention feature that allows boards to retain or delete email messages according to the nonprofit’s retention rules and policies. Boards can set the application to delete email messages automatically according to the length of time the board sets. This feature gives nonprofits more control over how they communicate sensitive information.
Creating a Data Retention Policy That Includes Communications Practices
Boards communicate in various ways, and it’s important to factor in all types of communication when creating a data retention policy. Nonprofit boards should, at minimum, consider including emails, teleconference recordings and videoconferencing recordings in their data retention policy.
A data retention policy is essentially a document management policy that tells board members and others what types of documents they must keep and for how long they must keep them.
Physical space for storing large amounts of records is usually limited for nonprofit organizations. Cloud-based storage, such as the unlimited document storage that BoardEffect offers, is a good option.
Board members, staff and volunteers who don’t have a retention policy to follow may intentionally or unintentionally delete a document that someone needs later on. This can cause internal problems or serious external problems if the document becomes part of a legal investigation. A legal team might infer that someone deleted the document on purpose with the intent of covering up some type of wrongdoing.
An approved data retention policy protects the organization by providing the guidelines for staff and volunteers to follow as to which data and documents they can and can’t destroy.
What Are the Components of a Data Retention Policy?
The data retention policy should outline a regular schedule for data destruction that includes the type of document or correspondence and the length of time the organization must retain it. A data retention policy will outline the responsibilities for all those who deal with data and documents, including board members, staff, volunteers and outsiders.
Unfortunately, there are no universal standards regarding which documents nonprofits have to retain or how long they must retain them.
The best rule of thumb is for nonprofits to check their state laws regarding laws for nonprofit document and data retention rules and develop their nonprofit’s retention policy. Many nonprofits make it a practice to retain documents according to the length of time that a potential claimant may bring a lawsuit against a nonprofit organization in that state.
One place to look for a state-specific sample document retention policy is by making an inquiry to the state association of nonprofits. Nonprofit boards should also ask their accounting advisor which documents they should keep, and for how long, for auditing purposes.
What Documents to Keep Permanently
While allowing state laws to lead the way for creating a data retention policy, nonprofits can get an idea of how to structure their own data retention policies by looking at the types of documents that other nonprofits keep.
Here is a sampling of the types of documents that nonprofit boards might considering keeping indefinitely:
- Articles of incorporation
- Audit reports from independent audits
- Corporate resolutions
- Determination letter from IRS and all related correspondence
- Year-end financial statements
- Insurance policies
- Minutes of board meetings and annual meetings of members
- Real estate deeds, mortgages and bills of sale
- Tax returns
National Council of Nonprofits also recommends looking at the following items:
- Corporate governance
- Credit card transactions
- Donor records
- Employment matters
- Fundraising activities
- Licenses (for such things as raffles)
- Investments and banking
- Serving/treating patients
- Programs and activities
- Real estate sales
- Other contracts with vendors
- Tax-exempt certificates issued by the state
Additional Benefits of Using BoardEffect Board Portal and Messenger
Today’s world requires nonprofit boards to be diligent in their duties, especially with regard to taking cybersecurity measures. A board portal is one of the best tools for ensuring transparency, compliance and accountability. In addition to automating processes that coordinate with communication and data retention policies, board portals can streamline many other processes, such as creating agendas and minutes, managing compliance requirements and encouraging board development. Today’s nonprofits perform best when they leave the worry about the security of board activities to BoardEffect.
Data Retention Policies Support Good Governance Principles
It’s critical for nonprofit boards to abide by good governance principles. IRS Form 990 asks nonprofits whether they have adopted a record retention policy. This is a good clue that it’s a good idea to have a data retention policy. In creating a new data retention policy or reviewing and improving an existing policy, nonprofit boards should consider the documents that they store in the cloud and on servers as well as the documents they store in physical filing cabinets. They should be sure to have a backup plan for all digitally stored forms and documents.
Besides keeping documents that state law requires, there are a few other reasons for retaining certain documents. Nonprofits may have historical documents that are just nice to keep. They may also have certain documents that serve no other purpose but to preserve institutional memory. This is also a good reason to hang onto some documents.
There’s one other reason that could become important for nonprofits that serve children to retain documents. Nonprofits may consider holding onto documents pertaining to children until they reach the state’s majority age and the state statute of limitations for the child-turned-adult to bring a claim against the nonprofit.
Depending on the type of nonprofit, there may be many other reasons for retaining documents, and boards should take them under serious consideration.