Document Retention & Security
Document Retention & Security
In this short article, we’ll briefly discuss basic requirements for both the retention and the security of documentation.
Retention
Landlords need to keep records on all applicants, current tenants, and past tenants. Records should be kept that show periods when vacant properties were available.
Documentation related to all applications, whether withdrawn, rejected, or accepted, should be retained. Included are the following items:
Advertising copy, including flyers or other handouts related to marketing of vacancies
Phone logs for all in/out calls with applicants
Application forms and supplemental information provided with application forms
Third party screening reports
Written memorandums of all landlord conducted investigations
Screening criteria, checklists, and logs
Selection criteria, checklists, and logs
Contemporaneous memorandums or notes regarding oral conversations
Communications to and from tenants, including emails
Adverse action reports (rejection letters)
Lease agreements and amendments thereto
Move-in/out checklists
Maintenance requests, logs, and work done
Security deposit accounting records
In other words, absolutely everything related to every inquiry and application should be kept. While the retention period will usually be in the range of 2 to 5 years, depending on the possible future reason for which the information might be important in defending an action taken, the statute of limitations periods for potential litigation begins only on the date when the plaintiff discovers that he has been damaged rather than on the date when damage occurred.
The minimum retention period can depend on the content of the document. A landlord should consider the following guidelines for records retention:
The Federal Equal Credit Opportunity Act requires a creditor to preserve all written or recorded information connected with an application for 25 months. This is a minimum period which could be increased by technicalities related to a particular case.
Under federal law for fair housing discrimination claims, claims must be filed within 2 years of the claimed discriminatory action, but some states may have longer filing periods, so landlords should know the law of their particular state and, if the period is longer, keep records for a period of at least the greater of the two.
The best defense against a Fair Housing claim is being able to produce both documentation related to a particular person making a discrimination claim and a set of records that shows long-term consistent nondiscriminatory application of written screening and selection criteria.
Landlords who have or have had employees need to be concerned with many of the same items in the above list regarding employment, but must understand that the requirements for some items can be different for employees than for tenants.
The IRS can audit a return within 3 years after (1) the April 15th due date, (2) the date the return was filed, if filed later than April 15th, or (3) the date the return was last amended, whichever period is longer. However, the more prudent real estate investors will retain all documentation related to both the purchase and the sale of a property until at least the above-mentioned period after the sale of a property. This is because the taxable gain upon the sale is dependent on the purchase documentation and depreciation taken during the period of ownership. When a property is in a chain of tax deferred exchanges, this includes documentation for each property that was within that chain. There is no limit if fraud is involved.
Security
Just as important as the period for which a document must be retained is the security with which it is retained. FTC regulations under Fair and Accurate Credit Transactions Act (FACTA) require that landlords and employers must safeguard the use of and eventual destruction of all documentation containing information regarding applicants and tenants. This includes everything from application forms submitted by applicants to credit reports and any information obtained from credit reports or other screening processes.
Requirements include that records are secured under lock and that reports and information stored on a computer or portable devices must be secured by password protection. In all cases, access to records must be limited to trusted individuals and only on a need-to-know basis. For example, credit reports should not be available to every employee in the office of a landlord or management company, but only to the employees who are involved in obtaining the reports and making decisions based on the reports.
When there is no longer a legitimate business need to retain an applicant, tenant or employee’s credit report, FACTA requires disposal of the credit report along with any information taken from such report. The FTC refers to proper disposal as the discarding or abandonment of consumer information and the sale, donation or transfer of any medium including computer equipment in which consumer information is stored.
Adequate implementation of the disposal rule should include written procedures for determining when the sensitive information is no longer needed and a system for effectively purging it.
Deliberate refusal to comply with the law or even failure to take reasonable actions regarding it can result in costly fines and damages by the FTC and/or state agencies as well as lawsuits by tenants’ or employees’ for actual and punitive damages and attorney fees for each violation.
In spite of a landlord’s best efforts, it is possible that there will be a security breach. Many states require that anyone (including landlords) maintaining consumers’ sensitive information to promptly notify those consumers when there is a theft or loss of Social Security numbers, drivers’ license numbers, or other sensitive account information so that they can take action to protect themselves. Consult your state’s office of consumer affairs to determine if your state has such a law. Federal legislation regarding this issue is also expected.
Whether or not you are subject to such disclosure requirements, it is probably good business practice to provide disclosure of a security breach. FTC guidelines regarding alerting consumers in the event of a breach can be found at www.consumer.gov/idtheft.
Additional Information
For additional discussions regarding a wide variety of real estate investing and management issues see our other eCourses and our Mini Training Guides.