Law Office of Melissa C. Marsh

Request a Same Day Telephone Consultation

Contact Us
Sherman Oaks, CA
Tel: 818-849-5206
Tel: 323-655-1002
E-mail: MMarsh

Home About Us
Areas of Practice
Articles Business Transactions Corporations Employment Law Internet-Computer Law Landlord-Tenant Limited Liability Company Partnerships Real Estate Law Trademark & Copyright Wills & Trusts
Testimonials Client Alerts Useful Links Contact Us
Request a Same Day Telephone Consultation
Visa Mastercard American Express PayPal


Business Record Retention Policy - When a Business Can Destroy Records

Prepared By: Melissa C. Marsh, Los Angeles Business Attorney
Written: May 2005

Obligation To Properly Dispose of Consumer information.

The Fair Credit Reporting Act (“FCRA”), as amended by the Fair and Accurate Credit Transactions Act of 2003 (“FACTA”), requires businesses as of July 1, 2005 to implement policies and produces to effectively dispose of Consumer Information. The FTC specifically suggests burning, pulverizing, or shredding of papers containing Consumer Information, and the destruction or erasure of electronic media containing Consumer Information so the information cannot practicably be read or reconstructed.

What is Consumer Information?

Consumer Information is defined as any record (paper or electronic) that identifies an individual and contains information about that individual’s creditworthiness, character, general reputation, personal characteristics, or mode of living, etc. and which is or can be used to determine the individual’s eligibility for credit, insurance, or employment. Consumer Information does not include blind data that does not identify the individual. Specifically, Consumer Information includes information like an individual's name, social security number, account number (bank or credit card), password, etc…

All businesses including retailers that accept credit cards, banks, insurers, businesses offering credit, and employers that maintain even a single employee's social security number will likely have to comply with these new rules. The obligation to properly store and later dispose of Consumer Information in a reasonable manner also extends to third-party service providers who dispose of Consumer Information on behalf of a business. A business cannot simply “outsource” its obligations under the new regulations to avoid liability; it must ensure that the third-party disposal company agrees to follow the FCRA requirements.


A business that fails to comply with the FRCA’s proper storage and disposal requirements may be subject to civil liability for willful noncompliance or negligent noncompliance, which could result in the recovery of actual damages (up to $1,000 per violation), punitive damages, and court costs and attorney fees. In addition, a business that fails to comply with the disposal requirement may be subject to administrative enforcement, including fines of up to $2,500 per violation where the FTC is responsible for enforcement.

When Should I Dispose Of The Information.

Neither the FCRA, nor the new regulations, creates document retention periods. Consequently, businesses must look elsewhere to determine how long records containing consumer information must be kept. There is no single statute of limitations for the many categories of records a business needs to retain. To make matters more complicated, the federal and state governments often provide different time tables, and the rules seem to change.

Below is a table that outlines some federal and California record retention periods relating to tax, business and employment records that are likely to contain Consumer Information.


Record Retention Periods
Record CA Law Federal Law
Tax Records, including the employee's name, address, account number, total payments made and date of each payment; the period of the employee's service; the total remuneration constituting wages which are subject to withholding; collected taxes; explanation(s) for any difference between remuneration and taxable income; the fair market value of any non-cash remuneration; an IRS Form W-4, documentation concerning the employee's tax status. 6 years
(Cal. Rev. & Tax. Code § 19704).
4 years
(Internal Revenue Code § 3402).
Contacts and Leases 7 Years 7 Years
Purchase Orders, Sales Records, Customer Invoices & Vendor Invoices, and Accounts Payable Ledgers. 7 Years 7 Years
Job Applications, including all records relating to hiring, job advertisements, job descriptions, and job orders regarding recruitment 2 years after creation or receipt
(Cal. Govt. Code § 12946)
At least 1 year from the date of hiring, or from the date of the relevant personnel action
(Title VII of the Civil Rights Act of 1964, ADA of 1990, and Age Discrim. in Employment Act ("ADEA").
Payroll Records, the employee's name, address, date of birth, occupation, hours worked by day and week, wages paid each pay period, the date of wage payments, straight-time and overtime payments and deductions) 2 Years, but 3 Years for records relating to deductions made from an employee's wages after employment is terminated
(Cal. Govt. Code § 12946; Cal. Lab. Code § 1174 and California Family Rights Act)
3 Years
Fair Labor Standards Act, Family and Medical Leave Act ("FMLA") and ADEA, but ERISA related records must be maintained for 6 years.
Family, Medical and Pregnancy Leave. All employers must maintain an annual summary of work-related illnesses and injuries that result in that result in the need for medical treatment, work restrictions, lost workdays, termination, transfer, a diagnosed work-related illness, loss of consciousness, or death. 2 Years
(Cal. Gov't Code § 12945, 12946)
3 Years
(FMLA records for employers with 50 or more employees)
OSHA Log. All employers must maintain an annual summary of work-related illnesses and injuries that result in that result in the need for medical treatment, work restrictions, lost workdays, termination, transfer, a diagnosed work-related illness, loss of consciousness, or death. 5 Years 5 Years from the date of injury or illness
(8 Cal. Code Regs. § 14304-14311)

Businesses that handle Consumer Information should:

  • Immediately review their policies and procedures with respect to record retention and destruction to ensure there are provisions requiring the proper secure storage of consumer information and timely destruction of such consumer information;
  • If the business does not have a record retention and destruction policy, consider creating one that requires the encryption of sensitive consumer information collected from either your employees or from your customers and stored on a computer network and its proper destruction in a timely manner;
  • Train all employees handling Consumer Information to ensure they are aware of, and will follow, the policy; and
  • Periodically audit your document retention and destruction policy to ensure employees and/or service providers are abiding by the policy.

The FTC has been taking prompt enforcement action against companies for security breaches involving consumers’ personal information even when the company has complied with its own privacy policies. The FTC continues to make “privacy and information security" a top priority in the FTC’s consumer protection program.

If you have any questions, or would like the assistance of business law attorney, Melissa C. Marsh, please call 818-849-5206 or Email MMarsh .

California Business Law attorney, Melissa C. Marsh, is based in Sherman Oaks and West Hollywood, and is available to serve small and midsize businesses throughout Los Angeles County, including: West Hollywood, Miracle Mile, Beverly Hills, Century City, Santa Monica, Burbank, North Hollywood, Valley Village, Toluca Lake, Studio City, Sherman Oaks, Van Nuys, Encino, and Woodland Hills.

© 2005 Melissa C. Marsh. All Rights Reserved.

If you have additional questions, or need specific legal advice tailored to your specific needs, please schedule a low cost Telephone Consultation.
If you would like to inquire about my services, please call 818-849-5206.

Disclaimer: The information presented on this web site was prepared by Melissa C. Marsh for general informational purposes only and does not constitute legal advice. The information provided in my articles and alerts should not be relied upon, or used as a substitute for professional legal advice from an attorney you retain to advise or represent you. Your use of this Internet site does not create an attorney- client relationship. Transmission of this article is not intended to create, and receipt of it does not constitute, an attorney-client relationship. All uses of the contents of this site, other than personal uses, are prohibited. You may print or email a copy of any information posted on this web site for your own personal, non-commercial, use, but you may not publish any of the articles or posts on this web site without the Express Written Permission of Melissa C. Marsh.

Home | Request a Consultation | Practice Areas | Articles | Client Alerts | Testimonials | Terms of Use | Privacy Policy | Contact Us | Site Map
Copyright© 1998 - 2024, Melissa C. Marsh. All Rights Reserved.
Website Design By DK Web Design
Catering By Devon Eats

Located in Los Angeles, California, the Law Office of Melissa C. Marsh handles business law and corporation law matters as a lawyer for clients throughout Los Angeles including Burbank, Sherman Oaks, Studio City, Valley Village, North Hollywood, Woodland Hills, Hollywood, West LA as well as Riverside County, San Fernando, Ventura County, and Santa Clarita. Attorney Melissa C. Marsh has considerable experience handling business matters both nationally and internationally. We routinely assist our clients with incorporation, forming a California corporation, forming a California llc, partnership, annual minutes, shareholder meetings, director meetings, getting a taxpayer ID number (EIN), buying a business, selling a business, commercial lease review, employee disputes, independent contractors, construction, and personal matters such as preparing a will, living trust, power of attorney, health care directive, and more.