Resolution:Approval for the Document Retention Policy

    From the Wikimedia Foundation Governance Wiki
    Resolutions Approval for the Document Retention Policy Errors?
    This resolution was approved on June 16, 2017.


    Resolved, The Board of Trustees approves the Document Retention and Destruction Policy.

    Approve
    Christophe Henner (Chair), Maria Sefidari (Vice Chair), Dariusz Jemielniak, Kelly Battles, Nataliia Tymkiv, and Alice Wiegand
    Not present
    Jimmy Wales

    I. Purpose

    This policy outlines how the Wikimedia Foundation ("Wikimedia" or "Foundation") handles the systematic review, retention, and destruction of Foundation information. In particular, this policy contains guidelines for how long certain information must be kept and when and how records should be destroyed. The purpose of this policy is to ensure that we comply with federal, state, and local statutes and regulations, to eliminate accidental or innocent destruction of records, to ensure that we don't keep certain information longer than needed, and to make sure we always have the right information we need to do our jobs.

    II. Overview

    The three guiding principles of this policy are summarized below:

    A. Wikimedia Foundation MUST KEEP information that is subject to (1) legally-imposed retention periods or (2) business/operational needs

    This policy describes specific retention periods targeting particular categories of information, and all employees must retain information in each of those categories for the specified amount of time. The overall policy is described in Section V, and the specific retention periods are defined in Section XI (the “Retention Schedule” or “Schedule”). These periods are based on legal and operational needs – for example, certain finance records must be kept for a specific length of time in case our taxes are audited.

    Please alert the Chief of Finance and Administration (“CFA”) (or the Chief Operating Officer if the CFA is not available) whenever you think that a retention period is too long or too short or that a category should be added or removed. If you think an exception is warranted, you must alert the CFA; you may not make an exception yourself without consulting the CFA. When adjustments or exceptions are made, the CFA or the General Counsel (“GC”) will notify staff and update the version of the Schedule on office.wikimedia.org. to the most current version.

    B. Wikimedia Foundation MUST KEEP all information subject to a “litigation hold”

    When we are threatened with legal action, or reasonably believe we will be threatened with legal action, a "litigation hold" is required to preserve any relevant information. Therefore, disposals or deletions of information that do not comply with this policy may result in legal complications for us, ranging from having to legally defend the deletions to criminal or civil liability. Section VI below explains in more detail which policies will apply if we face this situation.

    C. Wikimedia Foundation WILL PERMANENTLY DISPOSE of all information not subject to Sections II.A or II.B

    Most Foundation information does not require long-term retention. As set out in the Schedule, the routine disposal of information that we’re not explicitly required to retain avoids unnecessary effort, expenses, and storage (both electronic and physical) involved in maintaining, organizing, and backing up old information.

    III. Scope

    A. What information is covered?

    This policy applies to all information – regardless of physical form, format, or characteristics – created or received by the Foundation, including information in electronic or paper form. Also within the scope of this policy is all Foundation information stored, hosted, archived, or otherwise located with any outside vendor to which the Foundation outsources any of its data or hardcopy storage.

    Because it may be relevant to litigation holds (Section VI), this policy includes information about users that is collected through the WMF websites. However, as noted in the Retention Schedule, retention periods for information generated by the WMF websites will generally be governed by the relevant privacy[1] and public data retention policies.

    B. Which people are covered by this policy?

    This policy applies to, and must be complied with by, all Wikimedia Foundation employees, advisors, consultants, contractors, temporary workers, and any others who have access to Wikimedia’s electronically stored information ("ESI") or paper documents (collectively “covered parties”). ESI includes, among other things, emails, instant messages, and voicemails. For clarity, all third parties granted the ability to use any of the Foundation’s information systems are covered under this policy.

    IV. Contacts and questions

    If, after consulting this policy, you have a question whether some information should be retained, or you have any other questions or otherwise need help with any related issues, please contact either the CFO or the GC.

    V. Retention and destruction guidelines

    A. How long must we keep records?

    Wikimedia must keep adequate records about certain types of information for at least the minimum period required by applicable law. Tax, financial, and human resources records are especially important. Retention requirements for these and other record categories are in the Schedule below. As a note, we generally are not required to keep emails, but we are allowed to keep them unless they fall into a record category described in the Schedule below.

    Information with an ongoing or current business or operational need (i.e. it’s important to have it for somebody to be able to do their job) must be retained for the duration of that need.

    B. How should we dispose of records?

    1. Routine, Regular Disposal

    All information lacking a legal or operational retention need should be permanently disposed of on a routine basis. Each record, including all copies, should be disposed of once it has reached the end of its defined retention period under the Schedule. The CFO is responsible for the ongoing process of identifying records that have outlasted the required retention period and overseeing their destruction.

    2. Notice of Disposal

    In order to provide an opportunity to identify documents that remain necessary to ongoing business, Office IT will seek to provide notice of scheduled deletions to a covered party 30 days in advance of planned deletions that would affect that party. Notice will include what documents are planned to be deleted and where they are stored.

    3. Disposal and Destruction of Sensitive Information

    When disposing of sensitive information – including financial or personnel-related data – the disposal process must include sound destruction processes, such as shredding paper documents or secure deletion of electronic documents.

    For documents that contain an individual’s personally identifying information ("PII")[2] – or any compilation of that information – destruction must comply with the Disposal Rule issued by the Federal Trade Commission ("FTC") under the Fair and Accurate Credit Transaction Act ("FACTA"). In practice, this means shredding paper and deleting electronic files such that they can’t be easily recovered or restored. Such records include background checks or consumer reports on prospective employees or contractors, and any compilations of that information.[3] Destruction measures must also be sound whenever ESI or a hardcopy document contains health, medical, insurance, or other sensitive information on any individual.[4]

    C. What about wikis?

    Wikis are an important part of how we work at the Foundation. Simultaneously, by creating a permanent historical record that is difficult to delete, wikis create an interesting exception to this document retention policy. Due to the relatively permanent nature of wikis, information subject to deletion according to this policy does not need to be removed. However, please ensure sensitive information (e.g. donor, contributor, and personnel-related data) is never uploaded onto a wiki without their explicit written permission or checking with the GC. This section also applies to Phabricator, Gerrit, Git repositories, and similar public facing work areas that are intended to preserve public work history.

    VI. Suspension of destruction: “Litigation hold”

    A. What is a litigation hold?

    A litigation hold is the requirement to preserve relevant documents if we “reasonably anticipate” litigation. If a litigation hold happens, you’ll hear about it from the Foundation's legal team and will need to follow their directions to preserve documents as soon as you’re contacted.

    B. Why do litigation holds matter?

    Failing to comply with a litigation hold may result in civil or criminal liability for Wikimedia or the individuals involved. At a minimum, it may lead to subsequent allegations of improper, selective destruction – and the need for Wikimedia to expend time and resources defending such allegations. This can happen even if the destruction occurs by mistake.

    C. When will a litigation hold occur?

    Wikimedia has a legal obligation to preserve relevant information when it knows of or reasonably anticipates:

    • a lawsuit by or against Wikimedia; or
    • an investigation, inquiry, enforcement proceeding, or criminal prosecution regarding Wikimedia by a government agency, regulatory body, or prosecutor.

    This obligation may also arise if the Foundation receives a government request (e.g., a subpoena) to produce information in a lawsuit or proceeding in which the Foundation itself is not a party, such as when we receive a subpoena about a reader of one of the Wikimedia project websites.

    D. Who should we contact if we know about potential litigation or a subpoena?

    You should notify the Foundation's legal team as soon as you have reason to believe one of the listed triggers (a lawsuit or an investigation by some kind of government body by or against Wikimedia) in VI.C has occurred. The GC will assess whether a hold is warranted.

    E. What will happen when a litigation hold occurs? How will we be notified?

    Each time a triggering event is determined to have occurred, Wikimedia must institute a litigation hold. The litigation hold will entail the Foundation's legal team ordering a suspension of certain typical destruction procedures, perhaps including some regular backup recycling/rotation regimens. To start the litigation hold’s implementation, the legal team will issue a litigation hold notice to all pertinent recipients.

    When you receive a hold notice, you must preserve any information discussed in the notice. Please take extra care to keep the information separate and maintain it over time. If the information is lost, there could be disciplinary action.

    The legal team will oversee the administration of the litigation hold process, including contacting and working with all affected personnel, as well as the Foundation's IT team, to ensure the Foundation’s legal obligations are met as effectively and efficiently as possible.

    F. Does this apply to outsourced information storage?

    When a hold notice is issued, it applies to every outside vendor to which the Foundation outsources the management or storage of any applicable Foundation information in the same way it would apply to Foundation-hosted storage. The Foundation's legal and IT teams, and any other responsible teams will coordinate with such vendor(s) to ensure they comply with the litigation hold obligations.

    G. How long must I retain information and refrain from destroying it?

    The Foundation's legal team will determine the scope and duration of each litigation hold, and include that information in the hold notice. Once a hold is issued, the legal team will work with affected people and teams to ensure that the covered information is retained for the duration of the hold period. Until the legal team issues a notice that the period has expired, do not resume normal destruction activities for any covered information.

    VII. Separating/departing employees

    Consistent with Wikimedia’s Staff Handbook and other human resources ("HR") and IT policies and procedures, Wikimedia handles information maintained by terminated/departing covered parties as follows:

    A. Notice

    When a covered party separates from Wikimedia, the IT team will provide an opportunity according to IT policies for the individual's manager, the legal team, and the HR team to determine if there is any ESI (electronically stored information) or hard copy information created by or pertaining to that person will be retained.

    B. Retention of information

    During the review period, Wikimedia will retain any ESI or hard copy information according to IT policies. After the review period, the information will be deleted if not required to be retained or if there is not an extension granted according to procedures in the Staff Handbook.

    C. Application only to individual information

    This section applies to an individual's laptop and ESI that individual maintained, which will be wiped after 15 days if not required to be retained. It does not apply to staff-wide system backups (such as email accounts, mailing lists, and google docs) which may be retained for a longer period of time up to 10 years per the appendix below.

    VIII. Emergency planning and backups

    The Foundation’s records must be stored in a safe, secure, and accessible manner. Information and financial files that are essential to keeping the Foundation operating in an emergency will be duplicated or backed up regularly and maintained off-site.

    Wikimedia’s IT team has established procedures for frequent and systemized backups of information stored in central locations and repositories. As the details of the Foundation’s backup procedures change over time, the IT team with the legal team’s review and approval will revise this policy accordingly.

    All personnel must comply with IT procedures requested of them and take reasonable precautions to ensure vital data is not lost due to equipment failure, to natural disaster, and/or to only being stored in a non-backed-up location on a local machine or device. All personnel are responsible for paying attention to backup changes announced by the IT team.

    Backups of individual laptops will be retained for no longer than one year. These backups of centrally stored information are maintained for disaster recovery and business continuity and not for information-management or retrieval. Therefore, to further this policy’s guiding principles, the Foundation will retain backups only for the respective periods in IT team protocols, subject to any suspension of recycling/rotation required by a litigation hold, law, or a business interest.

    IX. Compliance

    This policy will remain in effect unless revoked or modified by the CFO or the GC in writing. The CFO and the Audit Committee Chair will periodically review this policy’s procedures and the schedule’s categories with the Legal Team or certified public accountant to see if updates are warranted.

    At least once a year, the CFO will remind WMF accessors and third parties covered by the policy about this policy and its contents. Periodically, to ensure that best efforts are being made to follow this policy as consistently as possible, the CFO will commission an assessment that analyzes the degree of compliance by WMF accessors, third parties, and outside storage vendors.

    Reasonable variances as to the scheduling of retention-related activities, including such reminders and assessments, may be permitted based on business needs – such as involvement in time-sensitive transactions at the time of a scheduled reminder or assessment. To the extent possible, records memorializing adherence to this policy, including periodic reminders, will be retained by the CFO following the timing rules of this policy.

    X. Enforcement

    Failure on the part of employees to follow this policy can result in possible civil and criminal sanctions against the Wikimedia Foundation and its employees and contractors as well as possible disciplinary action against responsible individuals.

    Any Wikimedia covered party found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or services.

    XI. Schedule of retention periods

    By default, the above three guiding principles of this policy apply to all Wikimedia information. This list is non-exhaustive and subject to change over time with approval of the legal and IT teams. Records that are not listed, but are substantially similar to those listed in the Schedule, will be retained for the same amount of time as those records. Unless paper storage is specifically noted as required, electronic storage is acceptable and highly encouraged. In the event that a document falls into multiple categories below, it should be retained for the longest period of time required.

    Part A - Finance & Administration Departments

    Record Category Retention Period

    Financial Statements
    General Ledgers
    Audit Reports

    Permanently

    Appraisals
    Deeds and Bills of Sale
    Depreciation Schedules
    Fixed Asset Records

    Permanently

    Construction Documents

    Permanently

    Correspondence, if (i) essential to one or more of the “permanently” categories in this Part A; or (ii) if deemed to warrant permanent retention by the CFA or the legal team

    Permanently

    Annual Reports to Secretary of State/Attorney General

    Permanently

    IRS Annual Return (Form 990 or 990-EZ) and Worksheets
    IRS Application for Tax-Exempt Status (Form 1023)
    IRS Determination Letters

    Permanently

    All books of account or records as are sufficient to show specifically the items of gross income, receipts, and disbursements, and to substantiate the information reported on the annual Form 990 tax return.

    Such records include, without limitation, those that reflect information concerning expenses, proof of deductions, business costs, accounting procedures, and other information concerning Wikimedia Foundation's revenues.

    Permanently

    State Sales Tax Exemption Letter
    State Tax Returns and Worksheets

    Permanently

    Stock and Bond Records

    Permanently

    Bank Deposit Slips
    Bank Statements and Reconciliation
    Accounts Payable Ledgers and Schedules
    Expense Reports
    Invoices (to customers, from vendors)
    Inventories of merchandise
    IRS 1099s
    Journal Entries
    Sales Records (merchandise sales)
    Sales & Use Tax Filing Records

    7 years

    Leases

    7 years after expiration, unless longer period:

    • specified by terms of lease; and/or
    • indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute

    Correspondence with Vendors

    2 years after expiration of contract or agreement

    Part B - Fundraising Department

    Record Category Retention Period

    Fundraiser Records
    A fundraiser for charitable purposes must maintain records reflecting the following:

    1. The date and amount of each contribution received as a result of the solicitation campaign and, for non-cash contributions, the name and mailing address of each contributor.
    2. The name and residence address of each employee, agent, or other person involved in the solicitation campaign.
    3. Records of all revenue received and expenses incurred in the course of the solicitation campaign.
    4. For each account into which the commercial fundraiser deposited revenue from the solicitation campaign, the account number and the name and location of the bank or other financial institution in which the account was maintained.
    5. If a commercial fundraiser sells tickets to an event and represents that they will be donated for use by another, he or she must keep the number of tickets purchased and donated by each contributor, and the name and address of all organizations receiving donated tickets.

    During each solicitation campaign, and 10 years following its completion, the Wikimedia Foundation must maintain a copy of its contract with the commercial fundraiser and records of solicitations and donations according to the list of items (a) through (e) in the left column for this category

    Solicitations for Contributions

    See “Commercial Fundraiser Records” above

    Donor Records (typically maintained in CiviCRM)

    10 years

    Correspondence, if (i) essential to one or more of the 10 years categories in this Part B; or (ii) if deemed to warrant permanent retention by the CFA or the GC

    10 years

    Endowment gift agreements between donors and Tides, as well as other documents pertaining to Wikimedia Endowment fund gifts

    10 years

    Part C - Human Resources Department

    Record Category Retention Period

    Benefits Plans

    Permanently

    Benefits Data & Records:

    Benefits Claims
    Benefits Insurance Policies (medical, dental, vision, LTD/STD/life, EAP, FSA, HSA, etc.)
    Retirement Plan Data & Documents
    COBRA

    Overall Payroll Records:

    Payroll Tax Returns
    Payroll Summaries & Registers
    State Unemployment Tax Records
    W-2 Statements

    6 years

    OSHA Documents

    Accident Reports

    5 years

    Reduction In Force records

    5 years from date of reduction

    Workers’ Compensation Records - Claim Files

    Latest of these dates:

    (1) 5 years from date of injury;

    (2) 5 years from date compensation last provided;

    (3) 2 years after claim is closed; or

    (4) if a governmental audit is conducted within the time specified under applicable law, then until the audit has become final

    Worker’s Compensation Records - Injury Claims

    5 years

    Individual Employee Wage Records:

    Deduction & Garnishment Records
    Timesheets
    Compensation Increases & Approvals

    4 years after termination

    Employee Personnel File:

    General Records (contracts, agreements, reviews, etc.)
    Private-Information Records
    Leave-Related Documents (FMLA, CRFA, PDL, etc.)
    Promotion, Demotion, or Discharge Records

    5 years after termination

    Employment applications or any other form of employment inquiry submitted to Wikimedia in response to an ad or other notice of job openings, including:

    Records Pertaining to the Failure or Refusal to Hire
    Employment Referral Records
    Applicant Identification Records

    Successful candidates – 3 years after termination
    Unsuccessful candidates – 2 years from the date the position is filled

    Legal Disputes:

    Claims, Investigations & Legal Proceedings
    Personnel & Payroll Records About Complaining Parties
    Personnel & Payroll Records of Others in Similar Jobs

    Through disposition of dispute or case and appeal plus any additional period that the GC might, in his/her discretion, determine to be appropriate

    I-9 Forms

    The later of 3 years from hire or 1 year after termination

    Child Labor Certificates

    3 years after termination

    Affirmation Action Records

    3 years

    Injury & Illness Prevention Program:

    Inspections:

    Records documenting scheduled and periodic inspections as required to identify unsafe conditions and work practices, including:

    Name of person(s) conducting the inspection;
    Unsafe conditions and work practices identified; and
    Action taken to correct the unsafe conditions and work practices.

    Illness Prevention Training

    Records documenting required safety and health training for each employee, specifically including:

    Employee name or other identifier;
    training dates;
    Type(s) of training; and
    Name of training provider.

    1 year


    Note– likely kept in respective individual personnel "files" (except that training records of employees who have worked for less than one year for the employer need not be retained beyond the term of employment if provided to the employee upon termination).

    Part D - Legal Team

    Record Category Retention Period

    Articles of Incorporation

    Permanently

    Board Charters, Policies, Resolutions, Notices, Waivers of Notices, & Written Consents
    Board Meetings’ and Board Committees’ Meetings’ Minutes
    Bylaws and Amendments

    Permanently

    Press Releases and Publicly Filed Documents

    • Purpose: Wikimedia should have its own copy to test the accuracy of any document a member of the public can theoretically produce against Wikimedia.

    Permanently

    Records Designated for Retention by the Bylaws (if any)

    Specified Period

    Legal Matters Records – The GC will decide the disposition date for each (sub)set of records covered by the following categories: Subject to a litigation hold issued as to a situation or claim that does not ripen into a lawsuit or into an actual proceeding;

    1. Records from open and closed lawsuits and governmental proceedings, including but not limited to correspondence, pleadings, written discovery requests, and responses and information produced and received in discovery;
    2. Records produced by Wikimedia in response to non-party subpoenas; and
    3. Due diligence files.

    To be determined by General Counsel or designated representative within the legal team

    Contracts – ALL, subject to three exceptions listed below

    7 years after expiration, unless longer period:

    • specified by terms of contract; and/or
    • indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute

    Contracts –  exception # 1 - FUNDRAISING contracts

    See “Fundraising Records” under “Fundraising” category (Part B above)

    Contracts – exception # 2 – FEDERAL GOVERNMENT (sub-)contracts and leases, as well as records directly pertaining to and involving transactions relating to the agreement – including, without limitation, all information required to be retained by the Federal Acquisition Regulation (FAR), including: civilian or military contracts, and every contract as to a public or private university, college, laboratory, or the like, whenever some or all of the funding is coming from a federal agency

    Longer of:

    • Period stated in contract; or
    • Period stated in FAR regulations; or
    • Period stated in any superseding agency-specific federal regulations  [e.g., D.O.E., per FAR 4.702(b)]; or
    • If no period stated, then permanently See 41 U.S.C. § 254d (civilian) and 10 U.S.C. § 2313 (military)

    Contracts – exception # 3 – STATE OR LOCAL GOVERNMENT (sub-)contract and lease, as well as records directly pertaining to the agreement

    Longer of:

    • Period stated in contract; or
    • Period provided in state and/or local statutes, regulations, guidelines, ordinances, specifications, and/or bid/RFP materials
    • 7 years after expiration
    Filings with the Registry of Charitable Trusts 10 years

    Grant Agreements Applications and Contracts

    7 years after expiration

    Licenses involving the intellectual property rights of Wikimedia or any other affiliated person or entity

    7 years after expiration, unless longer period:

    • specified by terms of license; and/or
    • indicated by breach-of-contract statute-of-limitations period in force in state (e.g., 15 years for Ohio), country, or province whose law would control any contractual dispute

    Intellectual Property other than Copyright, Patent, or Trademark:

    • Royalties and Assignments Records; and
    • Trade Secrets Records:
      • all records containing trade secrets; and
      • related documentation, including records evidencing measures taken by Wikimedia to protect its trade secrets and avoid the unauthorized use of trade secrets of others (including under all trade secret licenses)

    Expiration of protected status plus 7 years

    Patents granted by USPTO and all significant related records, including applications, invention/engineering notebooks, workpapers, correspondence, memos, and any speeches, recordings, and any other information demonstrating what was made available to the public and on what date(s)

    Expiration of patent plus 7 years

    Trademark Registrations

    Expiration of protected status plus 7 years

    Trademark – all significant related records, including applications and work papers

    Expiration of protected status plus 7 years

    Copyright Registrations

    Expiration of copyright plus 7 years

    Copyright – all significant related records, including applications and work papers

    Expiration of copyright plus 7 years

    Correspondence with parties who have contracted to receive services from WMF

    2 years after expiration of contract or agreement

    Part E: Third-Party Information Collected via the WMF Websites

    Information collected from third parties through the Foundation's public-facing websites, like en.wikipedia.org, must be retained as described in the public Data Retention Guidelines. Note that the retention guidelines commit to keeping such information for the shortest time consistent with the maintenance, understanding, and improvement of the Wikimedia sites and our obligations under applicable U.S. law. As a result, litigation holds still apply to data collected under the Privacy Policy and Data Retention Guidelines.

    Part F: Other Information Not Mentioned

    Information not covered by any of the above categories will be deleted after 10 years of nonuse.

    Notes

    1. Most WMF sites are governed by the main privacy policy, which can be found at https://wikimediafoundation.org/wiki/Privacy_policy. Our donor policy is at https://wikimediafoundation.org/wiki/Donor_policy/en, and the privacy policy for the blog is at https://wikimediafoundation.org/wiki/Wikimedia_blog_privacy_policy. We may also update other specific sites with their own privacy policy.
    2. Types of personally identifiable information can include a real name, Social Security Number, driver’s license number, phone number, physical address, or perhaps even e-mail address. See WMF’s privacy policy for a full definition of such information.
    3. Other examples include employment background, check writing history, insurance claims, residential or tenant history, or medical history.
    4. Although the Foundation is only subject to U.S. law, adverse parties may argue that we should, in some instances, comply with applicable international laws when it relates to our international contractors. If you are dealing with international citizens, see the GC to determine what your retention and destruction obligations are. For many international contractors, data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, sex life, or criminal convictions may be subject to special rules.