Episode Transcript
[00:00:01] Speaker A: Hello. Thank you for joining us. Welcome to what Counts, the podcast where we dive deep into the world of information governance. Here we highlight proven solutions developed through our experience working with companies across various industries, and we talk about how you can apply these solutions to your company.
Whether you're interested in information governance, have a need, or just curious to hear about information management challenges like email management, retention management, or asset data management, this podcast is for you.
This is Lee. And in this episode or and I will talk about operational routes.
How about that? Setting up your business infrastructure. These are the foundational elements that power your operation behind the scenes and shape how your business communicates, operates, and grows.
[00:00:50] Speaker B: Do you think I can cover data in 10 minutes?
[00:00:52] Speaker A: I think you can do it.
[00:00:55] Speaker B: All right. It's either 10 minutes or it's forever.
So let's talk about some of the critical types of data that you as a business are going to encounter. You are going to have probably customer data, and you may keep that in cards in a Rolodex. If anybody out there knows what a Rolodex is anymore, you may just have a notebook. I've seen a lot of stores where customers come in and they sign their name and address into like a guest book almost. And then you've signed up for email or you've signed up for mailings from that manual process. Usually those are very cute stores where they have the guestbooks.
Or are you going to be fully digital and you're going to have, at the very least, contacts in your email system that you're keeping track? And more sophisticated, you might have contacts in some kind of a customer relationship management system that'd be the most sophisticated. In between, you might have a manual spreadsheet where you add and update names and addresses as they change. I'm keeping one of those for a volunteer organization that I'm managing a set of contacts. And every time I send out an email to the 250 people on the list, three people bounce, three of the email addresses are wrong, and I have to change something.
So. And I have to go into my spreadsheet and update it. And I inherited that spreadsheet from somebody else five years ago who had it. So it's possible. It's possible to do that. It's not. It's not easy, it's clunky. But it's certainly possible that you can do it that way. And better to do them all in a spreadsheet than to have a long handwritten list. Because if you're going to send emails or you're going to use a mail merge function or something to print mailing labels. You'd like not to have to type those every time. You like to be able to copy them out of your spreadsheet.
So customer data is one thing and it's important, and it's important that you protect it, because customer data privacy data can be very sensitive.
So that's one thing.
Another set of data that you are going to have is contracts and purchase orders with your suppliers. And how do you, what do you need to do your business that you are getting from somewhere else? Could be ingredients. If you own a bakery and you're getting supplies of flour and sugar and specialized chocolate, you might have standing orders. You might be able to put a special order in and you have certain terms for that. Those are all contracts. And being able to manage and get your hands on your contracts with all your suppliers right away to understand, especially if you have a standing order, are they delivering what they promised to deliver to you on time? Can you count on it? Or are you going to not be able to make the sticky buns tomorrow if somebody fails to send you the honey or something?
And if you are, do you have those contracts, those supplier contracts, what do you owe? What is your accounts? What is your own accounts payable look like? Who are you going to owe money to and what's the cycle for that?
And then you have the contracts with your customers. And if it's a storefront and you just have people walking in, you don't have very, you don't have sophisticated contracts at all. It's just really the receipt for the goods that you are giving them. But if you're, say, an interior decorator, you probably do have a contract that says, this is what I'm going to do. I'm going to redecorate the living room. And that involves three visits with a mood board and samples for the curtains. And then I deliver the final, the final items and set them up. And you have, you know, 30 days to refuse any part of it or something like that. Who knows what the terms are? You do, as the interior designer, know what your terms are? I don't.
But all of those contracts detail out what you're going to provide and how your client, your customer, is going to pay you.
And it's important to have that information to be able to turn to it and say, this is what we agreed and now you're changing.
Happens all the time that.
Go ahead.
[00:05:22] Speaker A: Sorry, I wanted to jump in. It does happen all the time that things change from a contract and you need to do an amendment, which is another piece that you have to keep. So you mentioned customer data, you mentioned contracts.
We could throw financial data in here. We could throw employee data as well. Are they all the same? Do they all have the same type of sensitivity and privacy related to them?
[00:05:50] Speaker B: They don't. That's a good question.
So the privacy piece is.
The privacy piece is about personally identifiable data.
Can something in your data be traced back to an individual? So in the case of an interior designer, your customer's data absolutely has personally identifiable data in it. The case of your suppliers or subcontractors, you might have even tax related information. If you hire a subcontractor for more than a certain amount of money and you need to check with your accountant on how much that is. But you may have to issue a Tax Document 1099 form that says how much you paid that subcontractor to do work for you. And that tax ID is either an employee, a federal id, a federal tax ID or a state tax ID or both. Or it's a Social Security number. In the case of an individual person, it's usually a Social Security number. That's a very sensitive piece of data.
On the other hand, the fact that you are buying flour from, you know, the flower company down the street is less sensitive because everybody knows the flower company exists. They're listed in the yellow pages, they're advertising their flower for sale.
You have less sensitive information there, but you still have your own company financial data. How much are you spending on the flower? What kind of a deal did you get as compared to the bakery next door who maybe didn't get as good a deal.
[00:07:25] Speaker A: So sensitivity and classification, those are two different things.
[00:07:29] Speaker B: Those are two different things.
[00:07:31] Speaker A: Can you weave that in?
[00:07:33] Speaker B: I can, I can. So when we talk to companies about classification levels of data, we're talking about how much protection do you need to put around your data? And we usually talk about three levels of sensitive, of sensitivity. Of three levels of classification that align with sensitivity, the first is publicly available data requires no review to be released out of your company.
And it requires little protection. Like you don't want to leave your data wide open no matter what because there's a lot of menacing going on on the Internet. Bad actors try not to leave your data wide open. But it doesn't require extra care if it's not sensitive, not company confidential, not privacy related, not employee related, not customer related financial information, it's sort of harmless.
[00:08:30] Speaker A: So the stationary we were talking about earlier.
[00:08:34] Speaker B: Even the colors of our logo Harmless data.
If somebody knew which blue it was we had in our trailblazer trail, Nope, that wouldn't hurt us.
The second set of data, though, is that sensitive data. That's customer privacy data or employee privacy data, that has those tax ID numbers, the Social Security numbers, the names and addresses and phone numbers. Because you don't want to expose that data to the world. And there are a number of laws around what happens if you do expose that data around out to the world unintentionally.
In the US the laws vary by state.
California, Massachusetts, both have pretty high standards, very high standards. Other states are following along in the footsteps of those two states. But in all states, there is some law related to protecting the privacy of individuals that you do business with. And you as a business owner have that responsibility to protect that.
Then you have the third level, which is your company confidential information, which is your own financials and your own secret recipes or your intellectual capital, your designs that you don't want to share because that's how you make your money, is having those designs that other people can't copy. So, so that company confidential information requires a lot of protection because it's important to your business. It's bet the company kind of information, you want to keep it safe.
Typically, kind of practically speaking, the employee sensitive or the privacy information and the company confidential information end up with getting the same level of protection.
You want to keep them separate. You want to keep them protected, segregated, not exposed to the outside world.
But internally, they actually might be treated very differently. Because even internally, you're going to limit who has access to customer data or employee data, or who has access to company financial information or company confidential information like designs and recipes.
Because even internally, you don't want to expose that information.
[00:10:54] Speaker A: Need to know basis.
[00:10:56] Speaker B: It is a need to know basis, not because you don't trust people, but because technology does make us vulnerable. And the more information is copied and shared, the more opportunities there are for it to be inadvertently or deliberately released when it shouldn't.
So, okay, one more thing I wanted to talk about around data is how long you have to keep it.
[00:11:22] Speaker A: All right?
[00:11:23] Speaker B: And you started out by asking if all data was the same sensitivity, and the answer is no. And then there's a question of is all data of the same value? And the answer is also no.
Some data has extreme value for a very short term the launch, you know, the launch campaign leading up to a new product launch is extremely valuable right up until you launch it, then who cares? You did the work, you did the testing. You got the emails written, you sent out the ads, then it's done. That data really has very little value anymore. Might have some interest in looking back on did it work? Kind of a short term, lessons learned, project closeout kind of value.
But you don't need that for the long run.
There's no legality behind it. The ads you put out, the. Those might have some legal requirements related to them. Especially if you are selling something that can impact a person's health or impact the land or the environment in some way.
You might have some liability related to those ads. And you'll need to keep the ad that you put out, but keeping all the drafts of the ad or the timing of, we put one out on Tuesday and one out on Thursday and one out next Friday.
That, that planning information, very low value, doesn't need to be kept for a long time. On the other hand, financial information has a lot of value and it needs to be kept for a while. Because your financial data, and in this case we're talking about all those contracts and all the payments that went with them, the payments you brought in, your revenue, as well as the payments you sent out for services or goods that you purchased.
All of that information is the support for your financial statements, for your tax returns, for any documentation that you provide to a lender to get a loan or to an investor to ask them for an investment.
All of that data does have value for longer than just, you know, the immediate, like, I got the bill, I paid the bill.
It has a lot more value than that. And typically that depends on your fiscal year.
Most people follow a calendar year as their fiscal year, but not everyone.
So the year in which you are doing your accounting and on which you are going to submit a tax return.
So we follow our fiscal year is our calendar year. We're halfway through 2025. All of the documentation that we've collected so far this year so will support our 2025 tax returns when we submit them next spring.
And then you have to keep them beyond just the submission of the tax return. You have to keep them until there's no opportunity, until the time limit expires when you could be audited.
And that depends on your business, and it depends on your state, and it depends on the type of business that you're in.
So as in the structure, are you an LLC or are you a publicly traded company? There's different requirements, but it's going to be probably more than seven years at least. Seven years, possibly more than seven years around the financial documentation that supports Tax returns. If you are a publicly traded company, you have obligations to your stakeholders and those might carry audit periods as well. If you are in a joint venture, you might have an audit period written into the contract. Where we often see clients that they have their own partners who have a two year look back and that's essentially an audit period and that's shorter than the tax return audit period.
So when we help a client make a retention schedule, we take all of that into account. What are the legal requirements from the irs if they're a US Company, from whatever states they're operating in, if they're global, what are the similar, the analogous requirements in the other countries and what's the right time for them from an operational perspective?
And we have, based on all of those things with our clients, we often recommend a 10 year timeframe. You get to the end of your fiscal year, you close your books, you do all your reporting, you do your tax returns, and then you start the clock on 10 years. And if an audit occurs at some point in that 10 years, then you stop the clock and you don't start it again until the audit's complete.
Now, some of our clients have requested a longer period. They've requested more like 15 years on that timing because they knew that they had some other requirements that might come into play.
So that's retention around financial documents, but depending on your business, you have retention around other documents as well. If you have employees, then you have retention related to personnel records.
Depending on your business, you might have retention related to employee health records or exposure records to hazardous materials. You probably have retention requirements related to benefits that you're providing to your employees, especially things like a retirement account, if you are holding an actual retirement account, as opposed to access to a 401 that has long term retention requirements.
So there's different things.
[00:16:58] Speaker A: Where could you get a great retention schedule?
[00:17:02] Speaker B: Now we're turning now this is a moment where our podcast might become, just for a tiny second, a little bit of a commercial, because we have published a basic retention schedule for small businesses. And you can find it at trailblazerlearningacademy.com which is all one word.
But if you don't go there, you also can look at things like the Chamber of Commerce or the IRS actually publishes records retention guidelines for small businesses.
If you are in an industry that has regulatory requirements, there is probably a regulatory agency or a professional association related to your industry that is going to give you some guidance as well.
Credit unions, for instance, the National Credit Union association, they have a basic Records retention guideline out there too. So there's different places to look for it. But you could look at us and we would be happy to talk to you about it. Or you could take a look at our records retention schedule that's out there and available.
But I wanted to mention one more example, which is if you are in a business where you are building something, so if you are a construction contractor and you have drawings, designs, material, specs, those have a very long life. If you are building an office building, then those records need to be around and accessible for as long as that office building exists.
Now, do you as the contractor have to hold them? Maybe not. Maybe you give them to the owner of the building, but. But somebody has to hold them. And that's something that you want to plan in your contract with the building owner because you don't want to be stuck with, oh, the building's been out there for two years and I'm cleaning out my office or I'm retiring, what am I going to do with these records? And then find out that something happened in the building and nobody knows where the designs are. Now there's safeguards built in around that. There's a lot of submissions to public authorities and other things. So not trying to be dramatic, but it's something to think about.
There are reasons that you create documentation. There's reasons that we have information that surrounds all of the business transactions in our world. And those reasons are to prove what happened, to document what two parties agreed each would do, either provide a service or a product or a payment or, or some other support or some other obligation and make sure that those things happen.
And then if you're building something tangible, what's the outcome of it? And are there reasons to keep the documentation that describes the thing you built? Whatever the tangible outcome is.
So that was a lot. It turned out. We started out with the boring, the boring subject, the potentially boring subject of office supplies. But we ended up in this very serious place of make sure that you keep your records for the right amount of time. So we fit a lot in here.
[00:20:10] Speaker A: 30 second recap on everything we did in this arc.
[00:20:15] Speaker B: So you've been. If you've been with us from the beginning of our small business arc, I think you've heard a lot about the things we stumbled on and the things that we learned from.
I hope you heard that trailblazer. We've been in business for more than 12 years and we are still excited about our business. And that's an important thing in being a business owner is to be excited. And most of you, if any of you have started a business, you are excited because it's a lot of work and if you don't like it, then there is no reason to go on with it.
And then substantively, from an information governance perspective, we talked about, we talked about the setup, documentation, the incorporation papers or whatever format of structure, business structure that you want to use. We talked about the tax side of things and how you want the IRS to treat you as a business. Are you a pass through entity or are you a standalone entity separate from the owners? We talked about the, the present yourself to the world, your presence online and in logos and in logoed materials and even fonts and the look and feel of your information wherever you put it. We talked about the importance of creating documentation to do your business and to provide the evidence of the transactions, the decisions, the obligations that you take on or that are owed to you and what you need to do with those.
So that's my, that's my 32nd summary. Did I miss anything?
[00:21:55] Speaker A: The professionals that you need to help you along the way, your tax advisor, your insurance advisor, your accountant and your a lawyer for your contracts and so forth. So those are all good things too.
[00:22:09] Speaker B: Yep.
Ask for help.
I'm going to go ahead and put in a plug for all of the organizations that help small businesses.
There's the Small Business Administration, there's local chambers of commerce, there's national chambers of commerce. There are organizations devoted to helping small groups, specialized groups. So women owned businesses. You have the Women Business Enterprise National Council and its local chapters. You have the Women's Business Enterprise association, its local chapters. You have organizations, the Minority Business Roundtable and there are several for people of color and women business owners of color. There are veteran focused, veteran business owner focused organizations. There are Native American focused organizations.
All of them are there to help. And sometimes it takes a little while to sort through all the stuff and get to oh, here's where I need. Here's what I need. Can I ask this question now?
But along the way you will find people who are happy to help you answer whatever they can.
[00:23:24] Speaker A: And we can help you too. If you have any questions, please send us an email at info trailblazer.us.com or look us up in the web at www.trailblazer.us.com or our coaching and courses website which is www.trailblazer learning.
Sorry Trailblazer, learningacademy.com all one word. Thank you for listening and please tune in to our next episode also if you like this episode. Please be a champion and share it with people in your social media network. As always, we appreciate you, the listeners. Special thanks goes to. Jason Blake created our music.
[00:24:03] Speaker B: All right, thanks, everyone. Stay tuned for our next arc.
