Skip to content

Records Retention & Legal Hold Policy

Document ID: PLCY-RET-001
Version: 1.0
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team


CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document establishes the authoritative retention schedule for all Hop And Haul records, ensuring consistent data lifecycle management, regulatory compliance, litigation readiness, and privacy protection.

All other Hop And Haul policies defer to this document for retention requirements.


2. Scope

This policy applies to:

  • All electronic records created or maintained by Hop And Haul systems
  • All physical documents related to Hop And Haul operations
  • All backup and archival copies of the above
  • Records held by third-party processors on Hop And Haul's behalf

3. Retention Schedule

3.1 Accident & Claims Records

Record TypeRetention PeriodJustificationDisposal Method
Accident reports7 yearsStatute of limitations + bufferSecure deletion
Police reports7 yearsEvidenceSecure deletion
Photos/video from incidents7 yearsEvidenceSecure deletion
GPS/ELD data (accident)7 yearsReconstructionSecure deletion
Medical records (workers' comp)10 yearsWorkers' comp requirementsSecure deletion
Claim files10 yearsAudit, litigationSecure deletion
Settlement documentsPermanentLegal obligationArchive (no deletion)

3.2 Operational Records

Record TypeRetention PeriodJustificationDisposal Method
Transport/ride records24 monthsDOT audit windowSecure deletion
Match/offer logs24 monthsDispute resolutionSecure deletion
Acceptance/decline logs24 monthsCoercion defenseSecure deletion
GPS traces (routine)12 monthsOperational disputesSecure deletion
Route deviation logs12 monthsSafety analysisSecure deletion
Unplanned stop logs12 monthsSafety analysisSecure deletion

3.3 Validation & Compliance Records

Record TypeRetention PeriodJustificationDisposal Method
Pre-transaction validation logs24 monthsCompliance verificationSecure deletion
HOS verification snapshots24 monthsDOT auditSecure deletion
Insurance verification logs24 monthsCoverage disputesSecure deletion
Manual verification records24 monthsOverride audit trailSecure deletion
Driver eligibility checks24 monthsEmployment verificationSecure deletion

3.4 Incident Records

Record TypeRetention PeriodJustificationDisposal Method
Incident records36 monthsInvestigation + litigation prepSecure deletion
Supporting evidence36 monthsInvestigationSecure deletion
Incident communications36 monthsInvestigationSecure deletion
Post-incident reports36 monthsLessons learnedSecure deletion
Root cause analyses36 monthsContinuous improvementSecure deletion

3.5 Security Records

Record TypeRetention PeriodJustificationDisposal Method
Authentication logs24 monthsSecurity analysis + forensicsSecure deletion
Authorization logs24 monthsAccess reviewSecure deletion
Security alert logs24 monthsThreat analysisSecure deletion
Configuration change logs24 monthsChange trackingSecure deletion
Security system logs12 monthsOperational debuggingSecure deletion
Error logs6 monthsTroubleshootingSecure deletion

3.6 Communication Records

Record TypeRetention PeriodJustificationDisposal Method
Voice call recordings24 monthsDispute resolution, qualitySecure deletion
Voice interaction logs24 monthsCompliance verificationSecure deletion
Push notification logs24 monthsCoercion defenseSecure deletion
Consent records24 monthsConsent verificationSecure deletion

3.7 Financial Records

Record TypeRetention PeriodJustificationDisposal Method
Payment records24 monthsIRS requirementsSecure deletion
Transaction audit trails24 monthsFinancial auditSecure deletion
Rate governance logs24 monthsFinancial complianceSecure deletion

3.8 Quality & Rating Records

Record TypeRetention PeriodJustificationDisposal Method
Rating recordsEmployment + 1 yearTraining follow-upAnonymization then deletion
Aggregated ratingsEmployment + 1 yearPerformance trackingAnonymization

3.9 Policy & Governance Records

Record TypeRetention PeriodJustificationDisposal Method
Policy documentsPermanentLegal/auditArchive (no deletion)
Audit reports7 yearsAudit historySecure deletion
Training recordsEmployment + 3 yearsTraining verificationSecure deletion

4. Retention Period Justifications

4.1 Why 7 Years for Accident Records

FactorDuration
Typical personal injury statute of limitations2-6 years (varies by state)
Discovery rule extensionsMay extend limitations
Insurance coverage disputesMay arise years later
Buffer for litigation hold identification1 year
Total recommended7 years

4.2 Why 24 Months for Operational Records

FactorDuration
DOT audit look-back periodUp to 2 years
Insurance dispute windowTypically 1-2 years
Employment dispute windowTypically 1-2 years
Total recommended24 months

4.3 Why 36 Months for Incident Records

FactorDuration
Base operational retention24 months
Investigation completion buffer6 months
Litigation preparation window6 months
Total recommended36 months

4.4 Why 10 Years for Medical/Workers' Comp

FactorDuration
Workers' comp claim re-opening periodsVaries, up to 7+ years
Long-term disability claimsMay span decades
Medical record retention standardsOften 7-10 years
Total recommended10 years

A legal hold MUST be initiated when:

  • Litigation is filed or reasonably anticipated
  • Regulatory investigation is commenced or threatened
  • Subpoena or document request is received
  • Insurance claim is disputed
  • Criminal investigation involves Hop And Haul operations
StepActionOwnerTimeline
1Identify triggering eventLegal CounselImmediate
2Define hold scope (records, date range, parties)Legal CounselWithin 24 hours
3Issue hold notice to custodiansLegal CounselWithin 24 hours
4Suspend automated deletion for in-scope recordsIT OperationsWithin 24 hours
5Confirm hold implementationIT OperationsWithin 48 hours
6Document hold in hold registerLegal CounselWithin 48 hours

Every legal hold notice must include:

  • Matter name and reference number
  • Description of triggering event
  • Scope: date range, record types, parties/subjects
  • Preservation obligations (no deletion, modification, destruction)
  • Duration: until explicitly released
  • Contact for questions
FieldRequired
Hold IDYes
Matter nameYes
Trigger eventYes
Date initiatedYes
Scope descriptionYes
Custodians notifiedYes
Release dateWhen applicable
Released byWhen applicable

5.5 Hold Release

  • Only Legal Counsel may release a legal hold
  • Release must be documented in hold register
  • Custodians must be notified of release
  • Normal retention schedule resumes from release date

6. Destruction Procedures

6.1 Standard Destruction

StepActionOwner
1Automated identification of records past retentionSystem
2Verification no legal hold appliesLegal Counsel (quarterly)
3Secure deletion (overwrite, not logical delete)IT Operations
4Deletion logged with certificateSystem
5Quarterly destruction report generatedCompliance

6.2 Secure Deletion Standards

Media TypeDestruction Method
Database recordsLogical delete + scheduled purge
File storageSecure overwrite (3-pass minimum)
Backup mediaRotation out of retention or cryptographic erasure
Physical mediaShredding (cross-cut for sensitive)

6.3 Destruction Certification

Each destruction batch produces a certificate containing:

  • Date of destruction
  • Record categories destroyed
  • Date range of destroyed records
  • Method of destruction
  • Operator certification
  • Verification that no holds applied

7. Backup & Archive Considerations

7.1 Backup Retention

Backup TypeRetentionNotes
Daily backups30 daysRolling window
Weekly backups90 daysRolling window
Monthly backups24 monthsAligned with operational retention
Annual archivesPer record typeFollow primary retention

7.2 Archive Migration

When retention period exceeds primary storage needs:

  • Records may be migrated to cold storage
  • Access must remain available for legal/audit
  • Migration does not reset retention clock

8. Cross-Reference to Other Policies

This policy supersedes retention specifications in:

  • PLCY-LIA-001: Accident & Liability Framework
  • PLCY-INC-001: Incident Response Procedures
  • PLCY-DATA-001: Data Classification Policy
  • PLCY-AUD-001: Audit Trail Specifications
  • PLCY-SEC-001: Security Controls
  • PLCY-RAT-001: Rating System Policy

Those documents should reference this policy for authoritative retention periods.


9. Exceptions

9.1 Exception Process

Any deviation from standard retention requires:

  • Written business justification
  • Legal Counsel approval
  • Compliance Manager notification
  • Documentation in exception register

9.2 Prohibited Exceptions

  • Shorter retention for accident/claims records
  • Shorter retention for records subject to legal hold
  • Destruction without verification of hold status

10. Training & Awareness

AudienceTraining RequirementFrequency
All employeesRecords retention awarenessAnnual
Operations staffOperational records handlingAnnual
Legal/ComplianceFull policy, hold proceduresAnnual
IT OperationsDestruction proceduresAnnual

11. Document Control

VersionDateAuthorChanges
1.0December 22, 2025Hop And Haul TeamInitial release

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation