The hard copy retention of records is timeworn. For the progressive and tech-savvy office manager, the notion of storage rooms piled high with files can be daunting. Where certain legislation requires the retention of records for up to 15 years, one can easily imagine situations where the hard copy retention of such records is simply not practical or cost effective.
Most businesses have transformed to digital record management practices. With just one click, all your records are available digitally, be it value-added tax documentation to substantiate a zero-rating claim or annual financial statements required for an audit.
Aside from the practicability of such an exercise, the legal aspects thereof must also be considered.
Section 16 of the Electronic Communications and Transactions Act No 25 of 2002 (“ECTA”) provides that where a law requires any information to be retained, that requirement is fulfilled by retaining such information in the form of a data message (i.e. an electronic record), provided that:
- the information contained therein remains accessible so as to be capable of use for subsequent reference;
- the electronic record is retained in the form it was originally generated, sent or received, or in a format which can be demonstrated to represent accurately, the information generated, sent or received; and
- the origin/destination of the electronic record and the date and time it was sent or received can be determined.
Have you already implemented an electronic record management system? No problem, but have you considered introducing a record management policy which governs the electronic storage of your records and ensures compliance with applicable legislation?
Food for thought simply because, although ECTA enables the electronic retention of records, certain legislation, for example, the Protection of Personal Information Act No 4 of 2013 requires personal or “de-identified” information to be destroyed if no longer required for the purpose for which it was retained and SARS has set out encryption considerations which must be taken into account when storing records electronically.
Such policy would need to ensure that your record management practices are in line with applicable laws and in the event of a SARS audit or where records are required by third parties, that you are compliant with best record retention practices.
A bit of a quagmire we would suggest!