ICDA Home  |  Our Community  |  About Us  | 

Document retention and destruction for not-for-profits

Wondering how to get the most out of your shredder and still fulfil your legal obligations? Fiona Thomas from Moores explains.

Under the Australian Charities and Not-for-profits Commission Act 2012, organisations in the sector are required to retain financial and operational records for a minimum of seven years.

Recent changes to the Privacy Act 1988 provide for the potentially competing obligation for organisations to take reasonable steps to destroy or permanently de-identify personal information that is no longer needed.

In fact, these are but two of the many pieces of legislation that govern not-for-profits' obligations to retain and destroy certain documentation. Common law imposes even more obligations.

At the federal level, obligations arise under Commonwealth Legislation such as:

  • Anti-Money Laundering and Counter-Terrorism Financing Act 2006
  • Corporations Act 2001
  • Fair Work Act 2009
  • Financial Transaction Reports Act 1988
  • Income Tax Assessment Act 1936
  • Australian consumer law
  • Intellectual property law.

At the state level, you need to be aware of obligations under legislation such as these examples from Victoria:

  • Crimes (Document Destruction) Act 2006
  • Evidence (Document Unavailability) Act 2006
  • Health Records Act 2001.

The breadth of impact

The requirements regarding the retention (or destruction) of documents affect many aspects of a not-for-profit organisation's operations, including:

  • Corporate governance
  • Industry obligations
  • Consumer law obligations
  • Electronic record keeping
  • Civil and criminal liability.

The buck stops with the board

Ultimately, the responsibility to comply with document retention and destruction requirements is a matter of corporate governance and rests with the board. The consequences for failing to comply with legislative and common law requirements can include economic loss (damages), loss of insurance cover, and personal criminal liability (particularly for directors and officers).

Adopting a records and information management policy

To enable a thorough understanding of these responsibilities, assist with their proper discharge, and minimise risk, not-for-profit organisations should adopt a records and information management policy. An effective policy will:

  • Facilitate compliance with the relevant statutory obligations regarding retention and, in the case of the Privacy Act, destruction of records
  • Establish procedures for the secure, orderly, electronic (where applicable) storage of documentation, ensuring the integrity and authenticity of the records
  • Minimise security risks
  • Minimise the risk of litigation
  • Create an efficient protocol for the timely destruction of documents as appropriate.

Some organisations find it useful to establish a records and information management committee.

Your organisation's information retention practices should be reviewed, or audited, regularly, and your policies should be updated in line with changes in regulations.

Record keeping: a quick guide

Keep it for 5 years:

  • Income and expenditure records
  • Workplace health and safety incident reports

Keep it for 7 years:

  • Employment records (the clock starts when employment is terminated)
  • Financial records as per the Australian Charities and Not-for-Profits Commission Act 2012

Keep it for much longer:

  • Operational records (these should be kept for the life of the organisation plus 7 more years, as per the Australian Charities and Not-for-Profits Commission Act 2012
  • Standards patents
  • Trade marks
  • Copyright

These tips have been prepared by Moores, legal advisers to not-for-profits - an Our Community preferred supplier.

Training
View All