Who is legally liable when records are destroyed without proper authorization?
When records are destroyed without proper authorization, liability rarely rests with a single person. Responsibility is usually shared among the individual who performed the act, the people who directed or permitted it, and the organization that owns the records. The exact exposure depends on the type of record, the rules governing it, and whether the destruction was negligent or intentional.
Who can be held responsible
- The individual who destroyed the records. A person who knowingly shreds, deletes, or alters records they were not authorized to dispose of can face personal consequences, ranging from internal discipline to legal sanctions where a law specifically prohibits the act.
- Supervisors and managers who directed or tolerated it. Those who ordered improper destruction, or who ignored known problems, can share liability. “I was just following instructions” rarely shields the person who acted, and giving the instruction does not shield the manager.
- The organization itself. Agencies and companies are generally accountable for records in their custody. The organization can face penalties, adverse legal rulings, and reputational harm even when a single employee acted improperly.
How the type of record changes the stakes
Liability is heightened when destruction touches records that are subject to special obligations:
- Records under a legal hold or relevant to litigation. Destroying these can constitute spoliation of evidence, exposing the organization to court sanctions, adverse inferences, or monetary penalties.
- Records governed by statute or regulation. Many laws set recordkeeping and disposition requirements; ignoring them can trigger fines or enforcement action.
- Government records. Public records typically may be destroyed only under an approved schedule. Unauthorized destruction of federal records can carry specific legal penalties.
Reducing the risk
The most reliable protection is a defensible program: an approved retention schedule, documented authorization for every disposition, prompt suspension of destruction when a hold is issued, and audit trails showing what was destroyed, when, and under whose authority. Acting within a documented, consistently followed program is the strongest evidence that destruction was lawful and routine rather than improper.
For more on schedules, holds, and defensible disposition, see the retention and disposition topic hub.
This page is general educational information, not legal advice; consult counsel for specific situations.
Sources & further reading
Authoritative government and non-profit references.
- Records management laws — National Archives (NARA)
- The Sedona Conference publications — The Sedona Conference
How to cite this page
APA
RM University Editorial. (2026). Who is legally liable when records are destroyed without proper authorization?. Records Management University. https://www.recordsmgmt.org/questions/who-is-liable-when-records-are-destroyed-without-authorization/
MLA
RM University Editorial. "Who is legally liable when records are destroyed without proper authorization?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/who-is-liable-when-records-are-destroyed-without-authorization/.
Related questions
- Can a company be fined for keeping records longer than the law requires?
- Can any manager authorize destroying records, or does it have to be someone specific?
- Can deleting emails too soon be considered illegal spoliation of evidence?
- Can different copies of the same document have different retention periods?
- Can GDPR storage limitation requirements force you to delete records you are legally required to keep elsewhere?