Wikimedia Endowment Document Retention and Destruction Policies

Want to help translate? Translate the missing messages.

I. Purpose

This policy outlines how the Wikimedia Endowment ("Wikimedia" or "Endowment") handles the systematic review, retention, and destruction of Endowment information. In particular, this policy contains guidelines for how long certain information must be kept and when and how records should be destroyed. The purpose of this policy is to ensure that we comply with federal, state, and local statutes and regulations, to eliminate accidental or innocent destruction of records, to ensure that we do not keep certain information longer than needed, and to make sure we always have the right information we need to do our jobs.

II. Overview

The three guiding principles of this policy are summarized below:

A. Wikimedia Endowment must keep information that is subject to (1) legally-imposed retention periods or (2) business/operational needs

This policy describes specific retention periods targeting particular categories of information, and all employees must retain information in each of those categories for the specified amount of time. The overall policy is described in Section V, and the specific retention periods are defined in Section XI (the "Retention Schedule" or "Schedule"). These periods are based on legal and operational needs – for example, certain finance records must be kept for a specific length of time in case our taxes are audited.

Please alert the President whenever you think that a retention period is too long or too short or that a category should be added or removed. If you think an exception is warranted, you must alert the President; you may not make an exception yourself without consulting the President. When adjustments or exceptions are made, the President or Secretary will notify staff and update the version of the Schedule to the most current version.

B. Wikimedia Endowment must keep all information subject to a "litigation hold"

When we are threatened with legal action, or reasonably believe we will be threatened with legal action, a "litigation hold" is required to preserve any relevant information. Therefore, disposals or deletions of information that do not comply with this policy may result in legal complications for us, ranging from having to legally defend the deletions to criminal or civil liability. Section VI below explains in more detail which policies will apply if we face this situation.

C. Wikimedia Endowment will permanently dispose of all information not subject to Sections II.A or II.B

Most Endowment information does not require long-term retention. As set out in the Schedule, the routine disposal of information that we are not explicitly required to retain avoids unnecessary effort, expenses, and storage (both electronic and physical) involved in maintaining, organizing, and backing up old information.

III. Scope

A. What information is covered?

This policy applies to all information – regardless of physical form, format, or characteristics – created or received by the Endowment, including information in electronic or paper form. Also within the scope of this policy is all Endowment information stored, hosted, archived, or otherwise located with any outside vendor to which the Endowment outsources any of its data or hardcopy storage.

Because it may be relevant to litigation holds (Section VI), this policy includes information about users that is collected through the Endowment websites. However, as noted in the Retention Schedule, retention periods for information generated by the Endowment websites will generally be governed by the relevant privacy and applicable data retention policies (if any).

B. Which people are covered by this policy?

This policy applies to, and must be complied with by, all Wikimedia Endowment employees, advisors, consultants, contractors, temporary workers, and any others who have access to Wikimedia's electronically stored information ("ESI") or paper documents (collectively "covered parties"). ESI includes, among other things, emails, instant messages, and voicemails. For clarity, all third parties granted the ability to use any of the Endowment's information systems are covered under this policy.

IV. Contacts and questions

If, after consulting this policy, you have a question whether some information should be retained, or you have any other questions or otherwise need help with any related issues, please contact the President.

V. Retention and destruction guidelines

A. How long must we keep records?

The Endowment must keep adequate records about certain types of information for at least the minimum period required by applicable law. Tax, financial, and human resources records are especially important. Retention requirements for these and other record categories are in the Schedule below. As a note, we generally are not required to keep emails, but we are allowed to keep them unless they fall into a record category described in the Schedule below. Information with an ongoing or current business or operational need (i.e. it is important to have it for somebody to be able to do their job) must be retained for the duration of that need.

B. How should we dispose of records?

1. Routine, Regular Disposal

All information lacking a legal or operational retention need should be permanently disposed of on a routine basis. Each record, including all copies, should be disposed of once it has reached the end of its defined retention period under the Schedule. The President is responsible for the ongoing process of identifying records that have outlasted the required retention period and overseeing their destruction.

2. Notice of Disposal

In order to provide an opportunity to identify documents that remain necessary to ongoing business, the Endowment will seek to provide notice of scheduled deletions to a covered party 30 days in advance of planned deletions that would affect that party. Notice will include what documents are planned to be deleted and where they are stored.

3. Disposal and Destruction of Sensitive Information

When disposing of sensitive information – including financial or personnel-related data – the disposal process must include sound destruction processes, such as shredding paper documents or secure deletion of electronic documents.

For documents that contain an individual's personally identifying information ("PII") – or any compilation of that information – destruction must comply with the Disposal Rule issued by the Federal Trade Commission ("FTC") under the Fair and Accurate Credit Transaction Act ("FACTA"). In practice, this means shredding paper and deleting electronic files such that they cannot be easily recovered or restored. Such records include background checks or consumer reports on prospective employees or contractors, and any compilations of that information. Destruction measures must also be sound whenever ESI or a hardcopy document contains health, medical, insurance, or other sensitive information on any individual.

VI. Suspension of destruction: "Litigation hold"

The Endowment requires all covered parties to comply fully with the procedures in this Policy and with the Schedule. All covered parties should note the following general exceptions to any stated destruction schedule:

A. Litigation Holds.

If you believe or the Endowment informs you that the Endowment's records are relevant to current litigation, potential litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event (the "Litigation Hold Records"), you must preserve and not delete, dispose, destroy, or change those Litigation Hold Records, including emails, until the legal counsel determines those Litigation Hold Records are no longer needed. This exception is referred to as a litigation hold or legal hold, and replaces any previously or subsequently established destruction schedule for those Litigation Hold Records. If you believe this exception may apply, or have any questions regarding whether it may possibly apply, please contact the President.

B. Special Situations.

You may be asked to suspend any routine disposal procedures for records in connection with certain other types of events, such as the replacement of the Endowment's information technology systems.

VII. Separating/departing employees

Consistent with any Endowment employment and IT policies and procedures, the Endowment handles information maintained by terminated/departing covered parties as follows:

A. Notice

When a covered party separates from the Endowment, the individual's manager will determine if there is any ESI (electronically stored information) or hard copy information created by or pertaining to that person will be retained.

B. Retention of information

During the review period, the Endowment will retain any ESI or hard copy information according to its policies. After the review period, the information will be deleted if not required to be retained or if there is not an extension granted according to procedures in this policy.

C. Application only to individual information

This section applies to an individual's laptop and ESI that individual maintained, which will be wiped after 15 days if not required to be retained. It does not apply to staff-wide system backups (such as email accounts) which may be retained for a longer period of time up to 10 years per the appendix below.

VIII. Emergency planning and backups

The Endowment's records must be stored in a safe, secure, and accessible manner. Information and financial files that are essential to keeping the Endowment operating in an emergency will be duplicated or backed up regularly and maintained off-site.

The Endowment will establish procedures for frequent and systemized backups of information stored in central locations and repositories. As the details of the Endowment's backup procedures change over time, the President may review and revise this policy accordingly.

All personnel must comply with the Endowment's procedures requested of them and take reasonable precautions to ensure vital data is not lost due to equipment failure, to natural disaster, and/or to only being stored in a non-backed-up location on a local machine or device. All personnel are responsible for paying attention to backup changes announced by the Endowment.

Backups of individual laptops will be retained for no longer than one year. These backups of centrally stored information are maintained for disaster recovery and business continuity and not for information-management or retrieval. Therefore, to further this policy's guiding principles, the Endowment will retain backups only for the respective periods in relevant protocols, subject to any suspension of recycling/rotation required by a litigation hold, law, or a business interest.

IX. Compliance

This policy will remain in effect unless revoked or modified by the President in writing. The President and the Finance Committee Chair will periodically review this policy's procedures and the schedule's categories with the legal counsel or certified public accountant to see if updates are warranted. At least once a year, the President will remind Endowment accessors and third parties covered by the policy about this policy and its contents. Periodically, to ensure that best efforts are being made to follow this policy as consistently as possible, the President will commission an assessment that analyzes the degree of compliance by Endowment accessors, third parties, and outside storage vendors.

Reasonable variances as to the scheduling of retention-related activities, including such reminders and assessments, may be permitted based on business needs – such as involvement in time-sensitive transactions at the time of a scheduled reminder or assessment. To the extent possible, records memorializing adherence to this policy, including periodic reminders, will be retained by the President following the timing rules of this policy.

X. Enforcement

Failure on the part of employees to follow this policy can result in possible civil and criminal sanctions against the Wikimedia Endowment and its employees and contractors as well as possible disciplinary action against responsible individuals.

Any Wikimedia covered party found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or services.

XI. Schedule of retention periods

By default, the above three guiding principles of this policy apply to all Wikimedia information. This list is non-exhaustive and subject to change over time with approval of the President. Records that are not listed, but are substantially similar to those listed in the Schedule, will be retained for the same amount of time as those records. Unless paper storage is specifically noted as required, electronic storage is acceptable and highly encouraged. In the event that a document falls into multiple categories below, it should be retained for the longest period of time required.

Part A - Financial Records

Record Category	Retention Period
Financial Statements General Ledgers Audit Reports	Permanently
Appraisals Deeds and Bills of Sale Depreciation Schedules Fixed Asset Records	Permanently
Construction Documents	Permanently
Correspondence, if (i) essential to one or more of the "permanently" categories in this Part A; or (ii) if deemed to warrant permanent retention by the CFA or the legal team	Permanently
Annual Reports to Secretary of State/Attorney General	Permanently
IRS Annual Return (Form 990 or 990-EZ) and Worksheets IRS Application for Tax-Exempt Status (Form 1023) IRS Determination Letters	Permanently
All books of account or records as are sufficient to show specifically the items of gross income, receipts, and disbursements, and to substantiate the information reported on the annual Form 990 tax return. Such records include, without limitation, those that reflect information concerning expenses, proof of deductions, business costs, accounting procedures, and other information concerning Wikimedia Endowment's revenues.	Permanently
State Sales Tax Exemption Letter State Tax Returns and Worksheets	Permanently
Stock and Bond Records	Permanently
Bank Deposit Slips Bank Statements and Reconciliation Accounts Payable Ledgers and Schedules Expense Reports Invoices (to customers, from vendors) Inventories of merchandise IRS 1099s Journal Entries Sales Records (merchandise sales) Sales & Use Tax Filing Records	7 years
Leases	7 years after expiration, unless longer period: specified by terms of lease; and/or indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute
Correspondence with Vendors	2 years after expiration of contract or agreement

Part B - Fundraising Records

Record Category	Retention Period
Fundraiser Records A fundraiser for charitable purposes must maintain records reflecting the following: The date and amount of each contribution received as a result of the solicitation campaign and, for non-cash contributions, the name and mailing address of each contributor. The name and residence address of each employee, agent, or other person involved in the solicitation campaign. Records of all revenue received and expenses incurred in the course of the solicitation campaign. For each account into which the commercial fundraiser deposited revenue from the solicitation campaign, the account number and the name and location of the bank or other financial institution in which the account was maintained. If a commercial fundraiser sells tickets to an event and represents that they will be donated for use by another, he or she must keep the number of tickets purchased and donated by each contributor, and the name and address of all organizations receiving donated tickets.	During each solicitation campaign, and 10 years following its completion, the Wikimedia Endowment must maintain a copy of its contract with the commercial fundraiser and records of solicitations and donations according to the list of items (a) through (e) in the left column for this category
Solicitations for Contributions	See "Commercial Fundraiser Records" above
Donor Records	10 years
Correspondence, if (i) essential to one or more of the 10 years categories in this Part B; or (ii) if deemed to warrant permanent retention by the CFA or the GC	10 years
Endowment gift agreements between donors and Tides, as well as other documents pertaining to Wikimedia Endowment fund gifts; Grant Reports	10 years

Part C - Human Resources Records

Record Category	Retention Period
Benefits Plans	Permanently
Benefits Data & Records: Benefits Claims Benefits Insurance Policies (medical, dental, vision, LTD/STD/life, EAP, FSA, HSA, etc.) Retirement Plan Data & Documents COBRA Overall Payroll Records: Payroll Tax Returns Payroll Summaries & Registers State Unemployment Tax Records W-2 Statements	6 years
OSHA Documents Accident Reports	5 years
Reduction In Force records	5 years from date of reduction
Workers' Compensation Records - Claim Files	Latest of these dates: (1) 5 years from date of injury; (2) 5 years from date compensation last provided; (3) 2 years after claim is closed; or (4) if a governmental audit is conducted within the time specified under applicable law, then until the audit has become final
Worker's Compensation Records - Injury Claims	5 years
Individual Employee Wage Records: Deduction & Garnishment Records Timesheets Compensation Increases & Approvals	4 years after termination
Employee Personnel File: General Records (contracts, agreements, reviews, etc.) Private-Information Records Leave-Related Documents (FMLA, CRFA, PDL, etc.) Promotion, Demotion, or Discharge Records	5 years after termination
Employment applications or any other form of employment inquiry submitted to Wikimedia in response to an ad or other notice of job openings, including: Records Pertaining to the Failure or Refusal to Hire Employment Referral Records Applicant Identification Records	Successful candidates – 3 years after termination Unsuccessful candidates – 2 years from the date the position is filled
Legal Disputes: Claims, Investigations & Legal Proceedings Personnel & Payroll Records About Complaining Parties Personnel & Payroll Records of Others in Similar Jobs	Through disposition of dispute or case and appeal plus any additional period that the GC might, in his/her discretion, determine to be appropriate
I-9 Forms	The later of 3 years from hire or 1 year after termination
Child Labor Certificates	3 years after termination
Affirmation Action Records	3 years
Injury & Illness Prevention Program: Inspections: Records documenting scheduled and periodic inspections as required to identify unsafe conditions and work practices, including: Name of person(s) conducting the inspection; Unsafe conditions and work practices identified; and Action taken to correct the unsafe conditions and work practices. Illness Prevention Training Records documenting required safety and health training for each employee, specifically including: Employee name or other identifier; training dates; Type(s) of training; and Name of training provider.	1 year Note– likely kept in respective individual personnel "files" (except that training records of employees who have worked for less than one year for the employer need not be retained beyond the term of employment if provided to the employee upon termination).

Part D - Legal Records

Record Category	Retention Period
Articles of Incorporation	Permanently
Board Charters, Policies, Resolutions, Notices, Waivers of Notices, & Written Consents Board Meetings' and Board Committees' Meetings' Minutes Bylaws and Amendments	Permanently
Press Releases and Publicly Filed Documents Purpose: Wikimedia should have its own copy to test the accuracy of any document a member of the public can theoretically produce against Wikimedia.	Permanently
Records Designated for Retention by the Bylaws (if any)	Specified Period
Legal Matters Records – The legal counsel will decide the disposition date for each (sub)set of records covered by the following categories: Subject to a litigation hold issued as to a situation or claim that does not ripen into a lawsuit or into an actual proceeding; Records from open and closed lawsuits and governmental proceedings, including but not limited to correspondence, pleadings, written discovery requests, and responses and information produced and received in discovery; Records produced by Wikimedia in response to non-party subpoenas; and Due diligence files.	To be determined by legal counsel
Contracts – ALL, subject to three exceptions listed below	7 years after expiration, unless longer period: specified by terms of contract; and/or indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute
Contracts – exception # 1 - FUNDRAISING contracts	See "Fundraising Records" under "Fundraising" category (Part B above)
Contracts – exception # 2 – FEDERAL GOVERNMENT (sub-)contracts and leases, as well as records directly pertaining to and involving transactions relating to the agreement – including, without limitation, all information required to be retained by the Federal Acquisition Regulation (FAR), including: civilian or military contracts, and every contract as to a public or private university, college, laboratory, or the like, whenever some or all of the funding is coming from a federal agency	Longer of: Period stated in contract; or Period stated in FAR regulations; or Period stated in any superseding agency-specific federal regulations [e.g., D.O.E., per FAR 4.702(b)]; or If no period stated, then permanently See 41 U.S.C. § 254d (civilian) and 10 U.S.C. § 2313 (military)
Contracts – exception # 3 – STATE OR LOCAL GOVERNMENT (sub-)contract and lease, as well as records directly pertaining to the agreement	Longer of: Period stated in contract; or Period provided in state and/or local statutes, regulations, guidelines, ordinances, specifications, and/or bid/RFP materials 7 years after expiration
Filings with the Registry of Charitable Trusts	10 years
Grant Agreements Applications and Contracts	7 years after expiration
Licenses involving the intellectual property rights of Wikimedia or any other affiliated person or entity	7 years after expiration, unless longer period: specified by terms of license; and/or indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute
Intellectual Property other than Copyright, Patent, or Trademark: Royalties and Assignments Records; and Trade Secrets Records: all records containing trade secrets; and related documentation, including records evidencing measures taken by Wikimedia to protect its trade secrets and avoid the unauthorized use of trade secrets of others (including under all trade secret licenses)	Expiration of protected status plus 7 years
Patents granted by USPTO and all significant related records, including applications, invention/engineering notebooks, workpapers, correspondence, memos, and any speeches, recordings, and any other information demonstrating what was made available to the public and on what date(s)	Expiration of patent plus 7 years
Trademark Registrations	Expiration of protected status plus 7 years
Trademark – all significant related records, including applications and work papers	Expiration of protected status plus 7 years
Copyright Registrations	Expiration of copyright plus 7 years
Copyright – all significant related records, including applications and work papers	Expiration of copyright plus 7 years
Correspondence with parties who have contracted to receive services from Endowment	2 years after expiration of contract or agreement

Part E: Third-Party Information Collected via the Endowment Websites

Information collected from third parties through the Endowment's public-facing websites must be retained as described in the relevant Data Retention Guidelines. Note that litigation holds still apply to data collected under the Privacy Policy and Data Retention Guidelines.

Part F: Other Information Not Mentioned

Information not covered by any of the above categories will be deleted after 10 years of nonuse.