Fact Sheet 12a:
Personal Data Retention and Destruction Plan
Send to Printer
Privacy Rights Clearinghouse
At Privacy Rights Clearinghouse, we believe your right to privacy is about being in control of your personal information. An obvious part of that equation is keeping good personal records. Just like companies have data retention and destruction policies, so should you.
1. Why should I keep records?
2. What is a record?
3. How should I maintain my records?
4. Where should I keep my records?
5. How long should records be kept?
6. How do I destroy records I no longer need?
- For tax purposes. It will make your life easier when tax season rolls around if you have all of your financial information neatly organized.
- To save time. When something comes up that requires an old receipt or document, you won’t have to go digging through your junk drawer. You’ll know where to find it.
- In case of an emergency. If a natural disaster struck or if you suffered an accident, you’d want to make sure your documents were in order and safe.
- As documentation in case of disputes. You never know when you’ll need to go back and prove that so-and-so really did call you on such-and-such date. Keeping detailed records of all your important transactions may help you in such a situation.
- As proof of ownership. This is an obvious one. If you sell an asset, you’ll need to transfer over ownership, including proper title. Not to mention, if your ownership is challenged, you’ll have the documentation readily available to prove it.
The first step to good recordkeeping is knowing what you should keep and what you should toss. Not everything has to be saved. In fact, keeping only the things that are necessary will make it easier for you to find something when you need it.
A record is something that provides permanent evidence about a past event. Examples include:
- Bank statements
- Correspondence with companies you do business with
- Medical bills, notes from doctor visits, test results, prescription information
- Membership and account numbers, frequent flyer numbers
- Official government documents (birth certificate, marriage license, etc.)
- Important job-related documents (employment contract, performance reviews, etc.)
First, decide if you want to keep primarily paper or electronic records. For some documents, it's best to keep the original paper form, like your birth certificate. For example, in youth sport leagues, parents are often required to show the participant's birth certificate to the coach or league administrator. But, other paper records can be scanned into an electronic version.
Next, create a filing system that works for you. We suggest grouping your records into buckets:
- Financial – Any receipts, credit card and bank statements, bills, credit card agreements, loan documents, credit reports and home/car insurance documents can go here. Create subcategories for:
- Past tax returns - You should save any records that support items shown on your submitted tax returns. When in doubt, ask your accountant, attorney or tax preparer. For a complete guide to tax recordkeeping, see Internal Revenue Service Publication 552: Recordkeeping for Individuals
- Future tax returns - Also, save any records that may be needed for future tax returns. For example, keep receipts of home improvement projects so that when you sell your home, you can calculate the capital gains tax.
- Delinquent payments - If you are delinquent on payments to a company, it is very important to keep good records of all of your correspondence with the company, debt collectors or debt repayment programs. Keep all related receipts or other records of payment. Also, keep copies of any letters you send to debt collectors. Good recordkeeping will help you prove past payments or agreements in case the debt is sold to a different debt collector.
- Medical – Save bills, notes from doctor visits, test results, and prescription information. It’s best to simply organize all medical documents by date so that you have a clear timeline of events.
- Professional/Career – Save employment contacts, performance reviews, employee manuals, vacation authorization, documentation of your sick days, continuing education certificates, and any important notices that affect your benefits. Assuming you’ll work for more than one employer in your lifetime, it’s best to organize these by company first and then by date.
- Proof of Ownership/Purchase – Save any documents that prove you own your big purchases and most valuable assets. This includes deeds for real estate, other mortgage papers, automobile titles, major appliances, electronics, jewelry, and bond and stock certificates. It’s easiest to organize these by date.
- Proof of Person – This bucket includes any official government documents that pertain to you as a person, such as your birth certificate, your passport, marriage license, military service papers, Social Security card, citizenship records, adoption papers, and so on. Organize these by date issued.
If you have lost any of these documents, consider applying for replacements before there is a pressing need. For more information, visit Centers for Disease Control and Prevention: Where to Write for Vital Records.
- Other – Any important documents that don’t fall under the other categories can go here. Organize these documents by “situation” or company, then by date. Examples of “situations” include:
- Recovery from identity theft – If you discover you’re the victim of identity theft, good recordkeeping is an important part of the recovery process. You’ll need to take detailed notes of all conversations as well as contact information. Keep all documents that provide avidence that you are the victim of fraud. And don't forget to keep track of your expenses to document the cost of recovery. To learn more, read Identity Theft Resource Center: Organizing Your Identity Theft Case.
- Divorce – If you go through a divorce, keep your own copies of the final divorce settlement paperwork, any child custody paperwork, and alimony arrangements.
- Child custody – After a divorce, if you are a custodial parent, you need to keep a record of any child-related expenses in case you need to ask for additional child support or in the event that your ex-spouse lapses on child support payment.
- Stalking and/or harassment - If you are being stalked and/or harassed, in order to get the police involved, you need to have proof. It is critical that you keep detailed logs, including the date and time, of every incident. You will also want to collect any recordings or photographs that support your claim. For more information, read University of California: Stalking Documentation and our Fact Sheet 2a: Hang up on Harassment.
Organize receipts by date. All else can be organized by company first (for example, Bank of America, COX Cable, or Allstate Insurance) and then by date.
Once you have a filing system in order, be sure to properly file your records as you obtain them. Some find it helpful to have an “inbox” where you can place records temporarily. If you use an inbox, be sure to set aside time once a week or month to go through the inbox and file the records away.
Once a year, go through your records. For each record, decide if it should remain active, be permanently archived, or be destroyed. Active records are ones that you’ll need to have handy in the near future (usually less than three years old). Archived records are important records that you don’t need to keep on hand, but that may be helpful in the future. Records that can be destroyed are those that no longer serve any purpose. See the section below on “How Long Should Records be Kept?" for more information.
When considering how to store your records, think about all the worst-case scenarios: snooping family members, house burglary, fire, natural disaster, a personal injury or even death. Consider keeping an “emergency kit” with your attorney or a trusted family member that contains copies of critical documents and records in addition to the below storage tips:
- Safe deposit box – Keep all of your original “Proof of Person” and “Proof of Ownership/Purchase” in a safe deposit box at your local bank. We recommend making copies of these documents and keeping them with your “easily accessible” documents for quick reference. Read the FDIC's guide "5 Things to Know About Safe Deposit Boxes, Home Safes and Your Valuables" for more information.
- Easily accessible – Your active files should be kept secure, but in a place that’s easily accessible.
- Paper – Keep in a locked drawer or filing cabinet inside your home. A fireproofed safe is best.
- Electronic – Encrypt, encrypt, encrypt! For your electronic records to remain private, you must encrypt the files and hide the encryption key. Also, make sure the data is backed-up and consider keeping copies in a fireproof safe or in your safe deposit box.
- On a computer – Keep your computer secure. Make sure your computer has the latest anti-virus and anti-spyware software installed. In addition to encrypting the files, password protect your computer.
- In the cloud – Storing data in the cloud has its own risks because you aren’t in control of the physical servers that contain your data. Make sure you encrypt the files and hide the encryption key.
- On a portable storage device – There are many products on the market that securely store data, such as USB drives, CDs, and external hard drives. Whatever you choose to use, make sure the data is encrypted.
In long-term storage – Your archived files should be kept secure, but in a way that isn’t taking up valuable space.
- Paper – Lock important papers in a safe place. It could in be a secure storage unit, or a remote part of your home.
- Electronic - Create a zip file for your permanently archived records. See Microsoft: Zip or Unzip a File.
You might be tempted to hang on to records permanently, especially if you’re storing them electronically. But, storing records you no longer need takes up space and makes it more difficult to find the records you need. When deciding how long records should be kept, it’s helpful to look again at the buckets we outlined above.
- Financial –
- Receipts – Every month, match your receipts up to your credit card and bank statements to make sure you’ve been charged correctly. Put any receipts that should be saved in the appropriate files. For example, receipts for big purchases should go into your “Proof of Ownership/Purchase” file. Destroy the rest.
- Credit card and bank statements – After a year, destroy them unless they have tax significance (file these with past tax returns).
- Bills – Keep for a year.
- Credit card and loan agreements – Keep for as long as the account is active.
- Credit reports – Keep for a year, until you order your next free annual credit report.
- Home/car insurance – Keep until you get your next policy in the mail.
- Past tax returns - For tax records, the general rule is three years, because the IRS can audit your return within three years of its filing date. However, if the IRS suspects you of underreporting your gross income by at least 25% or if you’ve filed a fraudulent report, the agency has longer to challenge you (six years and indefinitely, respectfully). If your state has an income tax, you should also check with your state’s taxing authority to see if they require you to hold your tax records for a longer period of time. For example, in California, the Franchise Tax Board can issue a tax assessment for up to four years after the tax return’s filing date or due date. As a practical matter, this means that California residents would need to hold onto their records for an additional year beyond the federal requirements.
For additional information, see Bankrate.com: How Long to Keep Financial Records.
- Medical – Keep active for one year. Then permanently archive.
- Professional/career – Every time you leave an employer, go through your file and destroy employee manuals, vacation requests, and other documents you won’t need moving forward. (Note: if you’re parting ways on bad terms, you may want to hang on to these documents a little longer, just in case you need to dispute something.) Save everything else. You will find it helpful during future job searches.
- Proof of ownership – Keep active until you sell the asset. Then, permanently archive the associated records.
- Proof of person – These should be permanently archived.
- Other – It depends on the record. If you aren’t sure, 10 years is a good retention period for legal reasons; that span exceeds the statute of limitations for most purposes.
After you’ve determined that you no longer need a record, it is very important that you permanently destroy it. Otherwise, you run the risk of identity theft. Crooks will dumpster dive or buy used computers, looking for sensitive personal information.
- Papers - Shred or incinerate them. Always use a cross-cut, diamond-cut, or confetti-cut shredder. Unlike strip-cut models in which the pieces can potentially be put back together, these shredders will produce much smaller pieces.
If you have a large amount of shredding and are not able to handle it at home, consider taking it to a shredding facility that guarantees and certifies that your documents are fully destroyed. If you have a large amount of papers to destroy (this can occur, for example, when an elderly family member passes and the family must dispose of decades of documents), there are services that will send a shredding truck to your home. Fees are charged for both types of services.
- Electronics – Destroying electronic files is tricky, because “deleting” a file doesn’t really erase all of the information. If you’ve been properly storing your data, all of your files are encrypted anyway, and you don’t keep your encryption key on the same device, so even if someone finds your files, it’s unlikely they’ll be able to read them. But, it’s still a good idea to permanently destroy the information.
- On a computer – Use specialized software such as Eraser to remove specific files. To delete an entire hard drive’s data, use software like Darik’s Boot and Nuke. Note: before recycling or selling your old computer, make sure you've successfully destroyed all personal data. You may be better off physically destroying the hard drive and taking the computer and destroyed drive to an electronics recycling center. For more details, read Popular Mechanics: How to Absolutely, Positively Destroy Your Data.
- On a portable storage device – Flash drives use the same methods as computers. CDs and DVDs should be physically destroyed by breaking them into many pieces. Some shredders can do this. If you are destroying older media, such as floppy disks and tapes, remove the film and cut it into small pieces.
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.