Endowment:Document Retention and Destruction Policies

From Wikimedia Foundation Governance Wiki
Revision as of 17:01, 2 September 2022 by JAntonio (WMF) (talk | contribs) (Created page with "=Document Retention and Destruction Policies = ==I. Purpose == This policy outlines how the Wikimedia Endowment ("Wikimedia" or "Endowment") handles the systematic review, retention, and destruction of Endowment information. In particular, this policy contains guidelines for how long certain information must be kept and when and how records should be destroyed. The purpose of this policy is to ensure that we comply with federal, state, and local statutes and regulations,...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Document Retention and Destruction Policies

I. Purpose

This policy outlines how the Wikimedia Endowment ("Wikimedia" or "Endowment") handles the systematic review, retention, and destruction of Endowment information. In particular, this policy contains guidelines for how long certain information must be kept and when and how records should be destroyed. The purpose of this policy is to ensure that we comply with federal, state, and local statutes and regulations, to eliminate accidental or innocent destruction of records, to ensure that we don't keep certain information longer than needed, and to make sure we always have the right information we need to do our jobs.

II. Overview

The three guiding principles of this policy are summarized below:

A. Wikimedia Endowment must keep information that is subject to (1) legally-imposed retention periods or (2) business/operational needs

This policy describes specific retention periods targeting particular categories of information, and all employees must retain information in each of those categories for the specified amount of time. The overall policy is described in Section V, and the specific retention periods are defined in Section XI (the “Retention Schedule” or “Schedule”). These periods are based on legal and operational needs – for example, certain finance records must be kept for a specific length of time in case our taxes are audited.

Please alert the President whenever you think that a retention period is too long or too short or that a category should be added or removed. If you think an exception is warranted, you must alert the President; you may not make an exception yourself without consulting the President. When adjustments or exceptions are made, the President or Secretary will notify staff and update the version of the Schedule to the most current version.

B. Wikimedia Endowment must keep all information subject to a “litigation hold”

When we are threatened with legal action, or reasonably believe we will be threatened with legal action, a "litigation hold" is required to preserve any relevant information. Therefore, disposals or deletions of information that do not comply with this policy may result in legal complications for us, ranging from having to legally defend the deletions to criminal or civil liability. Section VI below explains in more detail which policies will apply if we face this situation.

C. Wikimedia Endowment will permanently dispose of all information not subject to Sections II.A or II.B

Most Endowment information does not require long-term retention. As set out in the Schedule, the routine disposal of information that we’re not explicitly required to retain avoids unnecessary effort, expenses, and storage (both electronic and physical) involved in maintaining, organizing, and backing up old information.

III. Scope

A. What information is covered?

This policy applies to all information – regardless of physical form, format, or characteristics – created or received by the Endowment, including information in electronic or paper form. Also within the scope of this policy is all Endowment information stored, hosted, archived, or otherwise located with any outside vendor to which the Endowment outsources any of its data or hardcopy storage.

Because it may be relevant to litigation holds (Section VI), this policy includes information about users that is collected through the Endowment websites. However, as noted in the Retention Schedule, retention periods for information generated by the Endowment websites will generally be governed by the relevant privacy and applicable data retention policies (if any).

B. Which people are covered by this policy?

This policy applies to, and must be complied with by, all Wikimedia Endowment employees, advisors, consultants, contractors, temporary workers, and any others who have access to Wikimedia’s electronically stored information ("ESI") or paper documents (collectively “covered parties”). ESI includes, among other things, emails, instant messages, and voicemails. For clarity, all third parties granted the ability to use any of the Endowment’s information systems are covered under this policy.

IV. Contacts and questions

If, after consulting this policy, you have a question whether some information should be retained, or you have any other questions or otherwise need help with any related issues, please contact the President.

V. Retention and destruction guidelines

A. How long must we keep records?

The Endowment must keep adequate records about certain types of information for at least the minimum period required by applicable law. Tax, financial, and human resources records are especially important. Retention requirements for these and other record categories are in the Schedule below. As a note, we generally are not required to keep emails, but we are allowed to keep them unless they fall into a record category described in the Schedule below. Information with an ongoing or current business or operational need (i.e. it’s important to have it for somebody to be able to do their job) must be retained for the duration of that need.

B. How should we dispose of records?

1. Routine, Regular Disposal

All information lacking a legal or operational retention need should be permanently disposed of on a routine basis. Each record, including all copies, should be disposed of once it has reached the end of its defined retention period under the Schedule. The President is responsible for the ongoing process of identifying records that have outlasted the required retention period and overseeing their destruction.

2. Notice of Disposal

In order to provide an opportunity to identify documents that remain necessary to ongoing business, the Endowment will seek to provide notice of scheduled deletions to a covered party 30 days in advance of planned deletions that would affect that party. Notice will include what documents are planned to be deleted and where they are stored.

3. Disposal and Destruction of Sensitive Information

When disposing of sensitive information – including financial or personnel-related data – the disposal process must include sound destruction processes, such as shredding paper documents or secure deletion of electronic documents. For documents that contain an individual’s personally identifying information ("PII") – or any compilation of that information – destruction must comply with the Disposal Rule issued by the Federal Trade Commission ("FTC") under the Fair and Accurate Credit Transaction Act ("FACTA"). In practice, this means shredding paper and deleting electronic files such that they can’t be easily recovered or restored. Such records include background checks or consumer reports on prospective employees or contractors, and any compilations of that information. Destruction measures must also be sound whenever ESI or a hardcopy document contains health, medical, insurance, or other sensitive information on any individual.

VI. Suspension of destruction: “Litigation hold”

The Endowment requires all covered parties to comply fully with the procedures in this Policy and with the Schedule. All covered parties should note the following general exceptions to any stated destruction schedule:

A. Litigation Holds.

If you believe or the Endowment informs you that the Endowment's records are relevant to current litigation, potential litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event (the "Litigation Hold Records"), you must preserve and not delete, dispose, destroy, or change those Litigation Hold Records, including emails, until the legal counsel determines those Litigation Hold Records are no longer needed. This exception is referred to as a litigation hold or legal hold, and replaces any previously or subsequently established destruction schedule for those Litigation Hold Records. If you believe this exception may apply, or have any questions regarding whether it may possibly apply, please contact the President.

B. Special Situations.

You may be asked to suspend any routine disposal procedures for records in connection with certain other types of events, such as the replacement of the Endowment's information technology systems.

VII. Separating/departing employees

Consistent with any Endowment employment and IT policies and procedures, the Endowment handles information maintained by terminated/departing covered parties as follows:

A. Notice

When a covered party separates from the Endowment, the individual's manager will determine if there is any ESI (electronically stored information) or hard copy information created by or pertaining to that person will be retained.

B. Retention of information

During the review period, the Endowment will retain any ESI or hard copy information according to its policies. After the review period, the information will be deleted if not required to be retained or if there is not an extension granted according to procedures in this policy.

C. Application only to individual information

This section applies to an individual's laptop and ESI that individual maintained, which will be wiped after 15 days if not required to be retained. It does not apply to staff-wide system backups (such as email accounts) which may be retained for a longer period of time up to 10 years per the appendix below.

VIII. Emergency planning and backups

The Endowment's records must be stored in a safe, secure, and accessible manner. Information and financial files that are essential to keeping the Endowment operating in an emergency will be duplicated or backed up regularly and maintained off-site.

The Endowment will establish procedures for frequent and systemized backups of information stored in central locations and repositories. As the details of the Endowment's backup procedures change over time, the President may review and revise this policy accordingly.

All personnel must comply with the Endowment's procedures requested of them and take reasonable precautions to ensure vital data is not lost due to equipment failure, to natural disaster, and/or to only being stored in a non-backed-up location on a local machine or device. All personnel are responsible for paying attention to backup changes announced by the Endowment.

Backups of individual laptops will be retained for no longer than one year. These backups of centrally stored information are maintained for disaster recovery and business continuity and not for information-management or retrieval. Therefore, to further this policy’s guiding principles, the Endowment will retain backups only for the respective periods in relevant protocols, subject to any suspension of recycling/rotation required by a litigation hold, law, or a business interest.

IX. Compliance

This policy will remain in effect unless revoked or modified by the President in writing. The President and the Finance Committee Chair will periodically review this policy’s procedures and the schedule’s categories with the legal counsel or certified public accountant to see if updates are warranted. At least once a year, the President will remind Endowment accessors and third parties covered by the policy about this policy and its contents. Periodically, to ensure that best efforts are being made to follow this policy as consistently as possible, the President will commission an assessment that analyzes the degree of compliance by Endowment accessors, third parties, and outside storage vendors.

Reasonable variances as to the scheduling of retention-related activities, including such reminders and assessments, may be permitted based on business needs – such as involvement in time-sensitive transactions at the time of a scheduled reminder or assessment. To the extent possible, records memorializing adherence to this policy, including periodic reminders, will be retained by the President following the timing rules of this policy.

X. Enforcement

Failure on the part of employees to follow this policy can result in possible civil and criminal sanctions against the Wikimedia Endowment and its employees and contractors as well as possible disciplinary action against responsible individuals. Any Wikimedia covered party found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or services.

XI. Schedule of retention periods

By default, the above three guiding principles of this policy apply to all Wikimedia information. This list is non-exhaustive and subject to change over time with approval of the President. Records that are not listed, but are substantially similar to those listed in the Schedule, will be retained for the same amount of time as those records. Unless paper storage is specifically noted as required, electronic storage is acceptable and highly encouraged. In the event that a document falls into multiple categories below, it should be retained for the longest period of time required.