Retaining Records Part 1

Retaining Records Part 1

John Truscott is currently contributing a number of one-off articles, although this particular one comes in two parts. This time and next he recommends churches to set up a Document Retention Policy.

In this and in the second part in the next issue I consider what documentation churches keep and at what point we can destroy or delete it, but I am not aiming to produce a full listing of legal requirements. I am taking more of an overview of the topic to help a church devise a Document Retention Policy. I then list some helpful weblinks for fuller advice and background information.

Issues to consider

Here are six areas you might cover in such a policy.

  1. Record management for both immediate access records and archives
  2. Legal retention and deletion requirements that trump local needs
  3. Security for hard copy and electronic records
  4. The ability to tell the story of your church
  5. A document schedule showing lengths of retention times and locations
  6. Implementation

Note that the words ‘record’ and ‘document’ are often used as interchangeable though, technically, they are not quite the same in that a ‘record’ may contain several ‘documents’. You may prefer to use the word ‘data’.

1 Record management

It is vital to hold records, for as long as they are required but no longer, in a tidy system where each document can be easily identified and accessed. This may be in paper form or as electronic files. This is a matter of legal compliance, historical information, explanation of why decisions were taken and pastoral care (for some church records contain personal data of individuals). Trustees, including PCCs, have a duty of care for their records which they therefore need to manage well.

Hard copy records need to be kept in suitable containers and in an indexed order that makes sense to anyone coming to them for the first time. The environment should be secure, cool and dry. Normal metal paper clips and staples rust so use plastic or special metal.

Electronic records need to be held in a password-protected system that has adequate and secure back-ups (utilising more than one system if possible) with file names descriptive enough for a duly authorised person not used to them to be able to identify and recover what they need at a future date. It is good practice to add several clear tags to your e-documents to speed up searching.

Confidential documents and disks (and anything holding personal information) should be kept in a locked cabinet or a safe. Staff and volunteers who work with such records should receive adequate training in how to manage them in a best practice way.

Some documents are retained in an immediately accessible way because they may be needed day-to-day. Others, usually because they need to be retained permanently, can be archived by specialist record offices even if they are not quite as important as the Magna Carta. In all cases ensure that documents are dated (this writer finds this is a weakness in many churches). It is a good idea for e-documents to have the date of creation and any modifications in the file name.

But the planned destruction of documents is as important as their retention. This may be more an issue with hard copy filing than in electronic records but holding on to documentation for too long may, of first importance, violate legal requirements but also takes up space and can result in confusion and inefficiency.

Church paperwork that is no longer needed should be cross-cut shredded. Electronic files need to be permanently deleted along with any back-ups whether on laptop, server, external hard drive or in the cloud.

2 Legal requirements

There is a range of legislation that requires certain legal and financial documentation to be held for fixed periods of time before they can be destroyed or deleted. This article gives examples of these in what follows but cannot give full detail and so refers to other open-access resources for fuller advice.

Legislation that applies includes:

  • Charities Act 2016
  • Data Protection Act 2018 (DPA) and GDPR
  • Limitations Act 1980
  • Taxes Management Act 1970
  • Various items of HR and safeguarding legislation
  • For CofE churches: The Parochial Registers and Records Measure 1978

There are also HMRC requirements for some financial records as well as denominational requirements for holding official registers. The DPA includes details of security and principles for how data should be processed.

3 Security

Church of England churches, for example, have requirements for the keeping of registers in the safe and then to be held in secure archive by the diocesan records office. Hard copy records of minutes can be kept in the parish office. But how safe is this from theft, fire or damp?

The problem in many churches is that different records are held in different locations: Trustees may hold file minutes and other governance details at home. Treasurers may hold all financial records again at home and handover of office may omit some documents. Ministers may have various kind of record in their tied dwelling.

This is an important issue, not often discussed, which impacts document security. It is much to be preferred if formal documents can be held in a central system to which access is restricted. Any church Document Retention Policy should cover this issue.

General opinion has it that electronic files offer a more secure means of filing than hard copy. But if the necessary records are kept in this way, how helpful is the indexing system to be able to identify what there is and where?

Is cloud storage really as safe as the big companies that run it make out? What if there was a huge cyber attack of a kind we can hardly imagine today that rendered such records unreadable? If back-ups are on external hard drives, who keeps these, in what form and where? Try to ensure that all e-documents are kept in a professional cloud-based system (such as Microsoft 365, Dropbox, etc.) synchronised with one well-secured church computer.

4 Your church story

Another issue to keep in mind when you delete and destroy records is the need to tell the story of your church. It would be sad if there was no outline history for future generations to hear or to answer questions as to when key events took place. People’s memories will only cover a limited number of years and are likely to include inaccuracies.

One key need for many historic buildings will be the register of burials and documentation relating to both open and closed graveyards. Some Church Administrators have to spend a significant amount of their time assisting people searching for family graves. So permanent retention will be critically important here.

But what of the story of the living? Trustee (including PCC) minutes will offer a helpful time-line of major decisions; annual reports and accounts will do the same.

It is therefore helpful to have in a Document Retention Policy some means of recording the history of the building, the area, key changes and developments.

5 A Document Schedule

The Policy should include (and this will probably be the major section) a listing of different types of document and the length of time for which they need to be held and where. Some examples are given in what follows from legal and best practice but the weblinks provide fuller information. This article is not to be read as legal advice.

It is a good idea to hold one master document with hyperlinks to all key folders.

6 Implementation

A policy is all very well but what matters is its strict implementation. This is a task which needs a fixed point in the annual calendar for those responsible. The policy should include practical details of how implementation will be assured. More on this next time.

Legal requirements and best practice

There is legislation that applies to different types of documentation. Here are two categories with more to follow in the next issue.

1 HR records

Records of employees need to be kept in a well organised system, under the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

There is nothing in the DPA or GDPR to indicate how long to hold records for although GDPR does require you to define and implement a Data Retention Policy. However other legislation may dictate statutory periods for various types of HR record (see below).

This is not a comprehensive list but gives the obvious documentation to file.

  • Employee personal details and NI number
  • Recruitment details and application forms
  • Signed written statement of contract terms
  • DBS records if required (for both employees and volunteers)
  • Hours and pay details with expense records
  • P45, P6, P11D, P60 documentation
  • SMP and SSP details
  • Furlough records for Covid
  • Annual returns and pension deductions
  • Signed statements for change of contract details
  • Absence details, training records, appraisal meetings and disciplinary actions

There are a number of regulations which have to be met in HR retention periods. Here is a small selection. The norm for most HR documentation not covered by other legislation is six years plus the current year.

  • Medical records held under COSHH – 40 years from the date of the last entry
  • Employer’s liability insurance certificate – 40 years
  • National Minimum Wage Records – three years after the end of the pay reference period following the one covered
  • Maternity pay and other medical HR records – three years after the end of the tax year in which the maternity period ends
  • Whistle-blowing documents – six months following the outcome if substantiated

The position for HR records where no legislation dictates a period is very much up to the employer. As a general rule of advice, seven years would cover the six-year time limit for starting legal proceedings (UK Limitation Act 1980). The following are recommendations.

  • Parental leave – 18 years from the birth of the child
  • Pension records – 12 years after the benefit ceases
  • Personnel files including disciplinary records – six years after employment ceases
  • References – at least one year
  • Application forms for unsuccessful candidates – six months to one year

2 Financial records

Here is a general listing of what to keep.

  • Payments cash book
  • Purchase ledger, petty cash records, payroll
  • Revenue and capital invoices
  • Receipts cash book
  • Bank statements and reconciliations
  • Remittance advice, sales ledger
  • Correspondence about donations and legacies
  • Gift Aid declarations
  • Annual report and accounts
  • Insurance policies and claims correspondence

The main piece of legislation here is the Charities Act which states that financial records must be kept for six years from the end of the financial year in which transactions were made. HMRC have a similar period for Gift Aid declarations.

However, there are exceptions where HMRC requirements may over-ride the Act. Invoices for capital items must be kept for ten years. Legacy records must be kept for six years after the estate has been wound up (Data Protection Act). Many tax records also have to be kept for six yeas plus the current year (Taxes Management Act). It is recommended that annual accounts are kept for ten years and then archived.

Helpful sources for greater detail

General advice on the Data Protection Act

ico.org.uk/for-organisations/guidance-index/data-protection-act-1998/ and especially
ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

General advice for charities

knowhow.ncvo.org.uk/organisation/operations/legal/records

General advice on legal requirements

www.buzzacott.co.uk/insights/retention-of-accounting-records-and-other-corporate-records (then the ‘Retention of accounting records’ pdf)

For Church of England churches (and more widely applicable)

www.churchofengland.org/about/libraries-and-archives/records-management-guides and then select ‘Keep or bin…?’, ‘Safeguarding records management’ and more. Note that ‘Keep or bin…?’ was written in 2009 before the current Data Protection Act and GDPR came in.

For Methodist churches (and more widely applicable)

www.methodist.org.uk/for-churches/office-holders/archivists/ and then select ‘Retention schedules for Methodist records’.

For Baptist churches (and more widely applicable)

www.baptist.org.uk/Groups/304642/Church_data_protection.aspx
See especially their ‘Data Retention Schedule’.

John Truscott photoJOHN Truscott is an independent church consultant and trainer who champions the ministry of creative organisation. Visit his website and check out the Resources section for a growing range of over 190 items which you can print out and/or download. You can follow John on Twitter @johnnvtruscott. Church Administrators should join the UK Church Administrators Network (UCAN) at www.churchadministrators.net