Who decides how long records should be kept in an organization?
Deciding how long records are kept is rarely the job of any single person. In a well-run organization it is a shared, governed decision: the content of a retention rule is driven by law, business need, and risk, while authority to approve and enforce it rests with leadership and a designated records function.
The Roles Involved
Several parties contribute to retention decisions, each with a distinct responsibility:
- Records and information governance professionals research the requirements, draft the retention schedule, and recommend retention periods. They translate legal and operational needs into clear, applicable rules.
- Legal counsel confirms statutory, regulatory, and litigation-hold obligations, and weighs liability risk.
- Business and program owners identify how long a record is needed to support operations, audits, and reference.
- Compliance, finance, tax, and privacy stakeholders flag their own mandatory minimums (for example, tax, employment, or personal-data rules).
- Senior leadership formally approves the schedule, giving it organizational authority.
In government, an external authority often has the final say. In the U.S. federal sphere, for instance, agencies cannot dispose of records on their own judgment alone—disposition must be authorized through schedules approved by the National Archives.
What the Decision Is Based On
A defensible retention period is not arbitrary. It is justified by:
- Legal and regulatory requirements that set mandatory minimums for certain record types.
- Business value—how long the record is genuinely useful.
- Risk and accountability, including audit, litigation, and historical or evidential value.
International good practice (ISO 15489-1) treats retention as a deliberate, documented appraisal decision rather than an individual preference, so that disposition is consistent and defensible.
How It Is Made Official
The output of all this analysis is a records retention schedule: a written, approved document listing record categories, how long each is kept, and what happens at the end—transfer, archival preservation, or destruction. Once leadership approves it, the schedule becomes the organization’s rulebook, and individual employees follow it rather than making one-off retention judgments.
In short, retention is recommended by records professionals informed by legal and business input, and authorized by leadership (or an oversight body), then applied uniformly through the schedule. To explore related guidance, see the retention and disposition topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Records management (NARA) — National Archives (NARA)
- ISO 15489-1 Records management — ISO
How to cite this page
APA
RM University Editorial. (2026). Who decides how long records should be kept in an organization?. Records Management University. https://www.recordsmgmt.org/questions/who-decides-how-long-records-should-be-kept/
MLA
RM University Editorial. "Who decides how long records should be kept in an organization?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/who-decides-how-long-records-should-be-kept/.
Related questions
- Can a company be fined for keeping records longer than the law requires?
- Can any manager authorize destroying records, or does it have to be someone specific?
- Can deleting emails too soon be considered illegal spoliation of evidence?
- Can different copies of the same document have different retention periods?
- Can GDPR storage limitation requirements force you to delete records you are legally required to keep elsewhere?