Tax-exempt organizations - the IRS wants you to think about record retention policies

Commenting on tax forms, Albert Einstein once said, "This is too difficult for a mathematician. It takes a philosopher."

Einstein might appreciate the latest changes in filing for tax-exempt organizations. In an attempt to foster transparency and ease the filing organization's administrative burden, the IRS recently redesigned the Form 990 (the annual information return that most tax-exempt organizations are required to file). The redesign asks a variety of questions regarding the filing organization's governance, including the question, "Does the organization have a written document retention and destruction policy?"

Although a portion of the new governance section "asks [for] information about policies and practices that are not required by federal law," the Sarbanes Oxley Act imposes criminal liability on organizations, including tax-exempt organizations, that destroy records with the intent to obstruct a federal investigation. Many tax-exempt organizations have responded to the Sarbanes Oxley Act by adopting and implementing record retention policies. The IRS recommended that organizations  "review[...] the new governance questions, which generally must be answered based on policies and practices in place on or before the last day of the 2008 tax year."

If your organization must check the "no" box for 2008 , consider implementing a policy for the 2009 tax year. Whether your organization deals with mathematicians, philosophers or neither, it's good business practice for your tax-exempt organization.

Keep Your Documents Close and Your Flash Drives Closer

In 1969, when Mario Puzo published his novel “The Godfather,” his line “A lawyer with his briefcase can steal more than a hundred men with guns” became highly quoted and recognized because of the innate truth it contained: it’s easier to rob a company through information than through violence.

He could not have imagined that, just forty years later, enough information to take over, bring down, or steal from a company could be contained on a device the size of a pack of gum. Flash drives have made it possible for corporate espionage to reach new heights, and for any disgruntled employee - from the receptionist to the president of the company - to succumb to temptation, download and walk away with the company’s data in a format so small that it can be hung on a keychain. If not accounted for in a document retention policy, flash drives present a significant risk of comprising the integrity and negating the purpose of a document retention plan. 

In a posting called “Deter the Use of Flash Drives to Avoid Corporate Espionage” by James Koopman on the DCIG website, Koopman says,

The portability and high capacity of flash drives is creating headaches for many companies. The Net is swarming with stories of the ill-use, illegal activities, and security concerns as more and more of these devices are lost and stolen or used to steal sensitive information.

The site links to reports on the theft or loss of flash drives containing information as diverse as military secrets, patient data, and confidential child welfare cases, all because the drives are convenient, easy to use, take up no space, are inexpensive and easily obtainable in any electronics store.

 

What all this means to legal departments, of course, is that flash drives have to be accounted for when complying with record retention policies, and in planning electronic document production for litigation purposes. In some environments - the Pentagon being a notable example ("Pentagon Bans Flash Drives"), flash drives have been outlawed entirely due to security concerns.  

But even if national security isn’t your bailiwick, record retention policies should take into account information stored on flash drives and all other e-document locations, as noted by Robert Miller, in The Why and How of Document Retention Programs,” e-files can be stored using an array of portable media such as microfilm, flash drives, CDs and DVDs; or on devices such as Blackberries, Palm Pilots, laptops or even iPods. Additionally, files can be housed on systems such as workstations, servers, corporate e-mail systems, shared network drives, or even the company’s voicemail system.  Clearly, the chore of locating and identifying all discoverable documents is a lot more complicated now than when they existed solely in a metal file cabinet!

 

It does not take a “stab” in the dark to create a sound document retention policy because specific document retention periods are set forth in several sources of law which include the Sarbanes-Oxley Act, the Federal Rules of Civil Procedure, and other federal and state statutes. You can minimize the risk of unknowingly having a “smoking gun” document act as a “silencer” at a time when you least expect it by ensuring that your company has developed a document retention policy that covers the retention and disposition of physical records and all sources of electronic records. By doing so, you’ll certainly sleep easier - and you won’t wake up to a horse’s head in your bed.