How Long Should a Business Keep Records?

Businesses generate a substantial volume of records daily, from financial transactions to employee data. Managing these documents effectively involves understanding record retention. A systematic approach to record retention is fundamental for operational efficiency, financial clarity, and regulatory adherence. It helps businesses navigate legal landscapes, safeguard information, and support decision-making.

General Principles of Record Retention

Businesses retain records for various reasons, primarily to meet tax obligations and prepare for potential audits. Accurate, accessible records provide evidence to substantiate income, expenses, and deductions reported on tax returns.

Record retention is also essential for legal defense in disputes. Comprehensive records can serve as evidence, protecting the entity from liabilities or penalties during a lawsuit or investigation. These records facilitate accurate financial reporting, offering a clear history of financial activities that supports internal analysis and external reporting.

Beyond compliance and defense, organized records aid in strategic business decision-making. They provide historical data for analyzing trends, evaluating past performance, and forecasting future operations. Accessible records ensure a business can quickly retrieve information, supporting continuity and responsiveness.

Key Business Record Categories and Retention Durations

Understanding specific retention periods for different business records is essential for compliance and operational effectiveness. These periods are influenced by federal regulations and industry best practices.

Tax Records

Tax records, including income statements, balance sheets, invoices, receipts, and canceled checks, demonstrate financial activity to tax authorities.

The Internal Revenue Service (IRS) recommends keeping tax returns and supporting documents for at least three years after filing. This period can extend to six years if a business fails to report income that is more than 25% of the gross income shown on its return. For claims related to bad debt deductions or worthless securities, a seven-year retention period applies.

If a tax return is never filed or is fraudulent, the IRS may require records to be kept indefinitely. Employment tax records, such as Forms W-2 and W-4, should be retained for at least four years after the tax becomes due or is paid, whichever is later.

Payroll Records

Payroll records include employee compensation, deductions, and tax forms like W-2s and 1099s. The Fair Labor Standards Act (FLSA) mandates employers retain payroll records for at least three years, covering details like hours worked, wages paid, and deductions. Supporting documents for wage computations, such as time cards and wage rate tables, must be kept for two years.

Employee and HR Records

Employee and human resources (HR) records include job applications, résumés, performance reviews, and termination documents. Federal guidelines suggest retaining general employment records for one year after creation or termination, whichever is later. Form I-9s, which verify employment eligibility, must be kept for three years after the hire date or one year after termination, depending on which period is longer. Records related to employee benefit plans and COBRA documentation require retention for six years.

Legal and Corporate Records

Legal and corporate records document a business’s existence and governance. These include articles of incorporation, bylaws, meeting minutes, contracts, and intellectual property documents. Records related to company meetings should be retained for a minimum of five years. Contracts and agreements are kept for the agreement’s duration plus several years, often six to seven years, to cover potential legal claims. Documents establishing business formation, property deeds, and capital stock records are retained permanently.

Financial Statements

Financial statements, including general ledgers, journals, bank statements, and reconciliation reports, provide a comprehensive overview of a business’s financial health. Annual financial statements and general ledgers are permanent records due to their long-term value for historical analysis and audits. Supporting documents like bank statements and canceled checks should be kept for seven years.

Property Records

Records pertaining to business property, such as deeds, leases, asset purchase and sale agreements, and depreciation logs, are essential for accounting and tax purposes. Deeds and property titles are retained indefinitely. Records used to calculate depreciation or basis for gain or loss on property sales should be kept until the statute of limitations expires for the tax year the property is disposed of.

Customer Records

Customer records, including sales invoices, order forms, and customer agreements, are important for managing customer relationships and fulfilling legal obligations. While federal retention periods for general customer sales records are not as rigidly defined as for tax or payroll, these documents are retained for several years to support financial audits, warranty claims, or customer service needs. Many businesses keep sales and customer agreements for at least seven years, aligning with common financial record retention periods.

Considerations for Varying Record Retention

Beyond general guidelines, several factors can influence or extend record retention durations. These nuances ensure compliance across diverse operational contexts.

State and Local Regulations

State and local regulations often introduce additional, stricter record retention requirements compared to federal guidelines. For instance, a state might mandate six years for payroll records where federal law specifies three. Businesses operating across multiple jurisdictions must adhere to the longest applicable retention period for each record type. This necessitates consulting state-specific guidelines, often available through state archivists or regulatory bodies.

Industry-Specific Requirements

Industry-specific requirements also determine retention periods. Highly regulated sectors, such as healthcare and finance, face more stringent rules. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to retain documentation, including policies and procedures, for at least six years. Financial institutions, under the Gramm-Leach-Bliley Act (GLBA), must maintain customer information records for a minimum of six years to ensure data protection and regulatory compliance. These mandates involve detailed recordkeeping protocols and longer retention schedules.

Litigation Hold

Ongoing litigation, investigations, or audits necessitate an immediate suspension of standard record destruction policies for relevant documents. This practice, known as a “litigation hold,” requires a business to preserve all records pertinent to the legal matter, regardless of their usual retention schedule. Failure to implement a litigation hold can result in penalties, including monetary sanctions and adverse legal inferences. The obligation to preserve records continues until the legal matter is fully resolved and the hold is officially lifted.

Operational or Historical Value

Records with long-term operational or historical value may be kept beyond legally mandated retention periods. This includes documents related to assets with extended lifespans, intellectual property, or historical business decisions. While not legally required, retaining such records can support future strategic planning, provide institutional memory, or protect long-term business interests, even after their legal or tax relevance expires.

Secure Record Disposal

Once a business record meets its required retention period, secure and compliant disposal becomes a necessary step. Proper disposal protects sensitive information, prevents unauthorized access, and helps businesses comply with privacy regulations. This process applies to both physical and digital formats.

Physical Records

For physical records, common secure disposal methods include shredding, pulverizing, or incineration. Shredding documents into unreadable fragments is a widely adopted practice for confidential paper records. Pulverizing reduces paper to a fine pulp, ensuring complete destruction, while incineration involves burning documents at high temperatures. Businesses engage professional destruction services that provide certified disposal, offering an audit trail for compliance.

Digital Records

Digital record disposal requires different, yet rigorous, methods to ensure data is irrecoverable. Secure data wiping overwrites storage media multiple times with random data, rendering original information inaccessible. Degaussing uses strong magnetic fields to neutralize magnetic patterns on traditional hard drives, effectively erasing all data. Physical destruction of digital media, such as crushing or shredding hard drives, solid-state drives, or other storage devices, provides the most definitive method of data elimination.

Compliance and Policy

Compliance with privacy laws, such as HIPAA for protected health information or GLBA for consumer financial data, is essential during disposal. These regulations require sensitive information be rendered unreadable and indecipherable. For example, HIPAA mandates that unused or obsolete media containing protected health information be destroyed securely to prevent impermissible disclosures. Businesses must also develop and adhere to a formal record disposal policy or schedule. This policy outlines which records are to be destroyed, when, and by what methods, ensuring consistency and accountability. Employee training on secure disposal procedures is an important part of a robust record management strategy.