1. Policy and Purposes
This Policy represents the policy of INTERNEWS (the “organization”) with respect to the retention and destruction of documents and other electronic records, both in hard copy and electronic media (which may merely be referred to as “documents” in this Policy). Purposes of the Policy includes (a) retention and maintenance of documents necessary for the proper functioning of the organization as well as to comply with applicable legal requirements; (b) destruction of documents which no longer need to be retained; and (c) guidance for the Board of Directors, officers, staff, any third-party representatives or sub-contractors, volunteers, interns and other constituencies with respect to their responsibilities concerning document retention and destruction. Adherence to this policy is mandatory and non-compliance could lead to disciplinary action. Notwithstanding the foregoing, the organization reserves the right to revise or revoke this Policy at any time.
1.1 Personal Information and Data Protection: Internews needs to collect personal information about the people we employ, work with or have a business relationship with, to effectively and compliantly carry out our everyday business functions and activities, and to provide our products and services. This information can include (but is not limited to), name, address, email address, data of birth, IP address, private and confidential information, sensitive information and bank details.
In addition, the organization may occasionally be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations, however we are committed to collecting, processing, storing and destroying all information in accordance with the General Data Protection Regulation, UK data protection law and any other associated legal or regulatory body rules or codes of conduct that apply to our business and/or the information we process and store.
Internews’ Data Retention Policy and processes comply fully with the GDPR’s fifth Article 5 principle: – Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’).
1.2 Objectives and Principles:
- Ensure that Internews conducts itself in an orderly, efficient and accountable manner
- Support core business functions and providing evidence of compliant retention, erasure and destruction
- Develop and maintain an effective and adequate records management program to ensure effective archiving, review and destruction of information
- Only retain personal information for as long as is necessary
- Comply with the relevant data protection regulation, legislation and any contractual obligations
- Ensure the safe and secure disposal of confidential data and information assets
- Ensure that records and documents are retained for the legal, contractual and regulatory period stated in accordance with each bodies rules or terms
- Ensure that no document is retained for longer than is legally or contractually allowed
- Mitigate against risks or breaches in relation to confidential information
1.3 Destruction and Disposal of Records and Data: All information of a confidential or sensitive nature on paper or electronic media must be securely destroyed when it is no longer required. This ensures compliance with the Data Protection laws and the duty of confidentiality we owe to our employees, clients and customers. Internews is committed to the secure and safe disposal of any confidential waste and information assets in accordance with our contractual and legal obligations and that we do so in an ethical and compliant manner. We confirm that our approach and procedures comply with the laws and provisions made in the General Data Protection Regulation (GDPR) and that staff are trained and advised accordingly on the procedures and controls in place.
1.4 Paper Records: Due to the nature of our business, Internews retains paper based personal information and as such, has a duty to ensure that it is disposed of in a secure, confidential and compliant manner. Employee shredding machines are made available in Internews HQ offices.
1.5 Electronic and IT Records and Systems: Internews uses numerous systems, computers and technology equipment in the running of our business. From time to time, such assets must be disposed of and due to the information held on these whilst they are active, this disposal is handled in an ethical and secure manner.
The deletion of electronic records must be organized in conjunction with the information technology department who will ensure the removal of all data from the systems so that it cannot be reconstructed. When records or data files are identified for disposal, their details must be provided to the designated department head to maintain an effective and up to date log of destroyed records.
Only the IT department can authorize the disposal of any technology device that holds data. This includes: laptop and desktop computers, tablets, mobile phones, servers, and external data storage devices. Equipment disposition shall be handled in coordination with the Accounting Department. Prior to disposition, information is wiped from the equipment through use of standard software and re-formatting procedures.
In all disposal instances the IT Department must confirm successful deletion and destruction of each asset. Once disposal has occurred, the IT Department is responsible for updating the IT asset inventory lists for the asset that has been removed. The Accounting Department shall also be informed for updating of the official ERP based asset tracking system.
2. Administration
2.1 Responsibilities of the Administrator. The organization’s Vice President for Information Security and Technology shall be the administrator (“Administrator”) in charge of the administration of this Policy. The Administrator’s responsibilities shall include supervising and coordinating the retention and destruction of documents pursuant to this Policy and particularly the Document Retention Schedule included below. The Administrator shall also be responsible for documenting the actions taken to maintain and/or destroy organization documents and retaining such documentation. The Administrator may also modify the Document Retention Schedule from time to time as necessary to comply with law and/or to include additional or revised document categories as may be appropriate to reflect organizational policies and procedures. The Administrator is also authorized to periodically review this Policy and Policy compliance with legal counsel and to report to the Executive Committee as to compliance. The Administrator may also appoint one or more assistants to assist in carrying out the Administrator’s responsibilities, with the Administrator, however, retaining ultimate responsibility for administration of this Policy.
2.2 Responsibilities of Constituencies. This Policy also relates to the responsibilities of board members, staff, consultants, volunteers (“Internews Representatives”) with respect to maintaining and documenting the storage and destruction of the organization’s documents. The Administrator shall report to the Board of Directors (the board members acting as a body), which maintains the ultimate direction of management. The organization’s staff shall be familiar with this Policy, shall act in accordance therewith, and shall assist the Administrator, as requested, in implementing it. The responsibility of Internews Representatives with respect to this Policy shall be to produce specifically identified documents upon request of management, if the staff still retains such documents. In that regard, after each project in which an Internews Representative has been involved, or each term which the Internews Representative has served, it shall be the responsibility of the Administrator to confirm whatever types of documents the Internews Representative retained and to request any such documents which the Administrator feels will be necessary for retention by the organization (not by the Internews Representative).
3. Suspension of Document Destruction; Compliance. The organization becomes subject to a duty to preserve (or halt the destruction of) documents once litigation, an audit or a government investigation is reasonably anticipated. Further, federal law imposes criminal liability (with fines and/or imprisonment for not more than 20 years) upon whomever “knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States … or in relation to or contemplation of any such matter or case.” Therefore, if the Administrator becomes aware that litigation, a governmental audit or a government investigation has been instituted, or is reasonably anticipated or contemplated, the Administrator shall immediately order a halt to all document destruction under this Policy, communicating the order to all affected constituencies in writing. The Administrator may thereafter amend or rescind the order only after conferring with legal counsel. If any board member or staff member becomes aware that litigation, a governmental audit or a government investigation has been instituted, or is reasonably anticipated or contemplated, with respect to the organization, and they are not sure whether the Administrator is aware of it, they shall make the Administrator aware of it. Failure to comply with this Policy, including, particularly, disobeying any destruction halt order, could result in possible civil or criminal sanctions. In addition, for staff, it could lead to disciplinary action including possible termination.
4. Electronic Documents; Document Integrity. Documents in electronic format shall be maintained just as hard copy or paper documents are, in accordance with the Document Retention Schedule. Due to the fact that the integrity of electronic documents, whether with respect to the ease of alteration or deletion, or otherwise, may come into question, the Administrator shall attempt to establish standards for document integrity, including guidelines for handling electronic files, backup procedures, archiving of documents, and regular checkups of the reliability of the system; provided, that such standards shall only be implemented to the extent that they are reasonably attainable considering the resources and other priorities of the organization.
5. Privacy. It shall be the responsibility of the Administrator, after consultation with counsel, to determine how privacy laws will apply to the organization’s documents from and with respect to employees and other constituencies; to establish reasonable procedures for compliance with such privacy laws; and to allow for their audit and review on a regular basis. Internews Privacy Policy
6. Emergency Planning. Documents shall be stored in a safe and accessible manner. Documents which are necessary for the continued operation of the organization in the case of an emergency shall be regularly duplicated or backed up and maintained in an off-site location. The Administrator has developed reasonable procedures for document retention in the case of an emergency.
7. Document Creation and Generation. The Administrator shall provide training to staff the ways in which documents are created or generated. With respect to each employee or organizational function, the Administrator shall attempt to determine whether documents are created which can be easily segregated from others, so that, when it comes time to destroy (or retain) those documents, they can be easily culled from the others for disposition.
8. Document Retention Schedule.
* Retention Period Definition: Retention Period is defined as the additional retention period beyond 1 year after the final funder report date of the most recent end data of the award(s) to which the document is relevant. If the document is related to an expense not tied to an award (i.e. an overhead expense), then the Retention Period is defined as the additional retention period beyond the NICRA certification date for the year of the relevant documents. Documents are eligible for destruction after these retention periods. Documents are not automatically destroyed when they reach the data destruction eligibility date.
| Document Type | * Retention Period |
Accounting and Finance |
|
| Accounts Payable | 7 years |
| Accounts Receivable | 7 years |
| Annual Financial Statements and Audit Reports | Permanent |
| Bank Statements, Reconciliations & Deposit Slips | 7 years |
| Canceled Checks – routine | 7 years |
| Canceled Checks – special, such as loan repayment | Permanent |
| Credit Card Receipts | 7 years |
| Employee/Business Expense Reports/Documents | 7 years |
| General Ledger | Permanent |
| Interim Financial Statements | 7 years |
Contributions/Gifts/Grants |
|
| Contribution Records | Permanent |
| Documents Evidencing Terms of Gifts | Permanent |
| Grant Records | Permanent |
Corporate and Exemption |
|
| Articles of Incorporation and Amendments | Permanent |
| Bylaws and Amendments | Permanent |
| Minute Books, including Board & Committee Minutes | Permanent |
| Other Corporate Filings | Permanent |
| IRS Exemption Application (Form 1023 or 1024) | Permanent |
| IRS Exemption Determination Letter | Permanent |
| State Exemption Application (if applicable) | Permanent |
| State Exemption Determination Letter (if applicable) | Permanent |
| Licenses and Permits | Permanent |
| Employer Identification (EIN) Designation | Permanent |
Correspondence and Internal MemorandaHard copy correspondence and internal memoranda relating to a particular document otherwise addressed in this Schedule should be retained for the same period as the document to which they relate. |
|
| Electronic copy correspondence and internal memoranda relating to routine matters with no lasting significance | 3 Years |
| Correspondence and internal memoranda important to the organization or having lasting significance |
Permanent |
Electronic Mail (E-mail) to or from the organizationElectronic mail (e-mails) relating to a particular document otherwise addressed in this Schedule should be retained for the same period as the document to which they relate but may be retained in hard copy form with the document to which they relate. |
|
| E-mails considered important to the organization or of lasting significance should be stored in a central repository. | Permanent |
| E-mails not included in either of the above categories | 3 Years beyond employment end date of the email account holder. |
Electronically Stored DocumentsElectronically stored documents (e.g., in pdf, text or other electronic format) comprising or relating to a particular document otherwise addressed in this Schedule should be retained for the same period as the document which they comprise or to which they relate but may be retained in hard copy form (unless the electronic aspect is of significance). |
|
| Electronically stored documents considered important to the organization or of lasting significance should stored in a central repository | Permanent |
| Electronically stored documents not included in either of the above categories | Two years |
Employment, Personnel and PensionThis category applies to employees, consultants, volunteers and board members. |
|
| Personnel Records | 10 years after employment ends |
| Employee contracts | 10 years after termination |
| Retirement and pension records | 50 years |
Insurance |
|
| Property, D&O, Workers’ Compensation and General Liability Insurance Policies | Permanent |
| Insurance Claims Records | Permanent |
Legal and Contracts |
|
| Contracts, related correspondence and other supporting documentation | 10 years after termination |
| Legal correspondence | Permanent |
Management and Miscellaneous |
|
| Strategic Plans | 7 years after expiration |
| Disaster Recovery Plan | 7 years after replacement |
| Policies and Procedures Manual | Current version with revision history |
Property – Real, Personal and Intellectual |
|
| Property deeds and purchase/sale agreements | Permanent |
| Property Tax | Permanent |
| Real Property Leases | Permanent |
| Personal Property Leases | 10 years after termination |
| Trademarks, Copyrights and Patents | Permanent |
Tax |
|
| Tax exemption documents & correspondence | Permanent |
| IRS Rulings | Permanent |
| Annual information returns – federal & state | Permanent |
| Tax returns | Permanent |