All templates
Data & PrivacyPolicyUS edition

Data Retention Policy template

A data retention policy sets out how long your business keeps each type of record, why, and how records are securely destroyed when the time is up. It pairs a short set of rules with a retention schedule — the table your team actually uses — and a legal-hold mechanism that pauses destruction when a dispute or investigation is live.

Free to use
US-focused
Updated 13 July 2026
UK version →

Keeping everything forever feels safe but is the opposite: every record you hold is one more you have to protect, search when a request or lawsuit arrives, and account for if there is a breach. Old data is pure liability with no operational value — and in a breach, the difference between notifying last year's customers and notifying a decade of them is usually the retention policy you did or did not enforce.

This template gives you the policy rules, a retention schedule to complete by record type, secure disposal standards, and the legal-hold process, with the IRS's recordkeeping guidance as the anchor for the tax rows.

The template

Full text, ready to adapt.

Highlighted fields are placeholders — replace them with your organisation's specifics. A starting point, not legal advice.

Data Retention Policy

Policy · Data & Privacy

1. Purpose and scope

This policy sets out how long {{org.name}} retains business records and personal information and how they are disposed of. It applies to all records in all formats — databases, files, email, paper, backups, and archives — and to all staff who create or manage them.

2. Policy statement

{{org.name}} keeps records only as long as they are needed for a documented business, legal, or tax purpose, retains them for the periods in the schedule below, and disposes of them securely when the period ends. No one keeps personal copies, exports, or shadow spreadsheets outside the systems of record.

3. Responsibilities

  • Policy owner ([name/role]): maintains this policy and the retention schedule, and declares and lifts legal holds.
  • Record owners ([role per area, e.g. office manager for HR files, finance lead for accounts]): apply the schedule to their records and run periodic disposal.
  • All staff: save records to the systems of record, not local drives or personal accounts, and flag records with no apparent owner or period.

4. How retention periods are set

  • Legal, tax, or regulatory requirement: where a rule sets a period — tax records under current IRS recordkeeping guidance are the standard example — that period applies. Record the source; check current official guidance rather than folklore.
  • Potential claims: some records are kept for the period during which a legal claim could realistically arise — statutes of limitations vary by state and claim type, so take advice rather than guessing.
  • Operational need: everything else is kept only as long as it is actually used, and the reason is written in the schedule.
  • Where only statistics are needed long term, data is anonymized instead of retained.

5. Retention schedule

  • Financial and tax records: [period — check current IRS recordkeeping guidance; the right period depends on the situation]. Reason/source: [complete].
  • Payroll and employment records: [period — minimums are set by various federal and state rules; check current official guidance]. Reason/source: [complete].
  • Hiring records, including applications from candidates not hired: [period]. Reason/source: [complete].
  • Customer accounts and transaction records: [period] from the end of the relationship. Reason/source: [complete].
  • Marketing lists and prospect data: [period] from last contact. Reason/source: [complete].
  • Incident, accident, and insurance records: [period]. Reason/source: [complete].
  • Security camera footage: [period — typically short] unless preserved for an incident. Reason/source: [complete].
  • Email and general correspondence: [approach, e.g. deleted or archived after (period) unless filed as a record]. Reason/source: [complete].

6. Secure disposal

  • Paper records are cross-cut shredded or placed in confidential waste via [provider] — never in the regular trash.
  • Digital records are deleted from the system of record and any copies on shared drives; deletion is confirmed by the record owner.
  • Devices being retired are securely wiped or destroyed via [certified provider], with certificates kept.
  • Anything derived from consumer reports (background checks, credit information) is disposed of per current FTC disposal guidance.
  • When a contract with a software or service provider ends, [name/role] confirms in writing that our data has been deleted or returned.
  • Disposals of whole record classes are logged: what, when, by whom.

7. Legal holds

If litigation, a government investigation, an audit, or a complaint is live or reasonably expected, [name/role] declares a legal hold: routine destruction stops for all records in scope, and the affected record owners are told in writing. The hold overrides the schedule until [name/role] lifts it in writing. Destroying relevant records after a dispute has surfaced is far worse than keeping them too long — courts treat it that way too.

8. Records and review

The schedule, disposal logs, and hold notices are kept at [system/location]. This policy and the schedule are reviewed [frequency, e.g. annually] and whenever we adopt new systems, new record types, or new legal obligations — including new state privacy laws in the states where our customers live. Owner: [name/role]. Next review due: [date].

Make it yours

How to adapt this template.

1

Inventory what you actually hold before touching the schedule — walk the shared drives, filing cabinets, and system exports first.

2

Complete the reason/source column for every row; a period with no justification is the first thing that fails scrutiny.

3

Check the tax rows against current IRS recordkeeping guidance, and the employment rows against current federal and state guidance — not memory.

4

Assign a named record owner to every row, then diary the first disposal run.

5

Do one supervised disposal run within a month of adopting the policy — the backlog is where the risk lives.

6

Cross-reference the schedule in your privacy policy so the two documents agree about how long customer data is kept.

A document is not a system

Turn this template into trained, proven behaviour

A policy in a drawer proves nothing. In TrainedTeam this template becomes assigned training with knowledge checks, e-signature acknowledgments, version history, and an audit-ready record of who completed what, when.

Data Retention Policy template FAQs

Is a data retention policy legally required in the US?

No single law names the document, but the substance is required from several directions: tax and employment rules set minimum periods for specific records, FTC guidance expects sensitive data to be kept only as long as there is a business need, and a growing set of state privacy laws point toward documented retention limits. A written schedule is the standard way to satisfy all of them at once.

How long should we keep tax records?

The IRS publishes recordkeeping guidance on how long to keep the records that support returns, and the right period depends on the situation — which is why this template leaves the tax rows as placeholders pointing at that guidance rather than fixing one number. Check the current IRS guidance with your accountant and record the source in the schedule.

Do backups have to be deleted too?

Personal information in backups is still personal information, and in a breach it counts. A common, defensible approach is to delete from live systems on schedule and let backups expire on their normal cycle, without restoring deleted data — whatever approach you take, document it and be able to explain it.

What counts as secure disposal?

Disposal the data cannot realistically come back from: cross-cut shredding or confidential waste for paper, proper deletion rather than moving files to the recycle bin for digital records, and certified wiping or destruction for retired devices. Federal rules specifically cover disposing of consumer report information, and several states regulate disposal of personal data generally — check the FTC's disposal guidance and your state's rules.

What is a legal hold?

A pause on routine destruction when litigation, an investigation, or an audit is live or reasonably expected. It overrides the retention schedule for the records in scope until it is lifted in writing — and it matters because destroying relevant records after a dispute has surfaced exposes the business to sanctions that dwarf any storage saving.