Records Retention & Legal Hold Policy

Document ID: PLCY-RET-001
Version: 1.0
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team

---

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document establishes the authoritative retention schedule for all Hop And Haul records, ensuring consistent data lifecycle management, regulatory compliance, litigation readiness, and privacy protection.

All other Hop And Haul policies defer to this document for retention requirements.

---

2. Scope

This policy applies to:

• All electronic records created or maintained by Hop And Haul systems
• All physical documents related to Hop And Haul operations
• All backup and archival copies of the above
• Records held by third-party processors on Hop And Haul's behalf

---

3. Retention Schedule

3.1 Accident & Claims Records

Record Type	Retention Period	Justification	Disposal Method
Accident reports	7 years	Statute of limitations + buffer	Secure deletion
Police reports	7 years	Evidence	Secure deletion
Photos/video from incidents	7 years	Evidence	Secure deletion
GPS/ELD data (accident)	7 years	Reconstruction	Secure deletion
Medical records (workers' comp)	10 years	Workers' comp requirements	Secure deletion
Claim files	10 years	Audit, litigation	Secure deletion
Settlement documents	Permanent	Legal obligation	Archive (no deletion)

3.2 Operational Records

Record Type	Retention Period	Justification	Disposal Method
Transport/ride records	24 months	DOT audit window	Secure deletion
Match/offer logs	24 months	Dispute resolution	Secure deletion
Acceptance/decline logs	24 months	Coercion defense	Secure deletion
GPS traces (routine)	12 months	Operational disputes	Secure deletion
Route deviation logs	12 months	Safety analysis	Secure deletion
Unplanned stop logs	12 months	Safety analysis	Secure deletion

3.3 Validation & Compliance Records

Record Type	Retention Period	Justification	Disposal Method
Pre-transaction validation logs	24 months	Compliance verification	Secure deletion
HOS verification snapshots	24 months	DOT audit	Secure deletion
Insurance verification logs	24 months	Coverage disputes	Secure deletion
Manual verification records	24 months	Override audit trail	Secure deletion
Driver eligibility checks	24 months	Employment verification	Secure deletion

3.4 Incident Records

Record Type	Retention Period	Justification	Disposal Method
Incident records	36 months	Investigation + litigation prep	Secure deletion
Supporting evidence	36 months	Investigation	Secure deletion
Incident communications	36 months	Investigation	Secure deletion
Post-incident reports	36 months	Lessons learned	Secure deletion
Root cause analyses	36 months	Continuous improvement	Secure deletion

3.5 Security Records

Record Type	Retention Period	Justification	Disposal Method
Authentication logs	24 months	Security analysis + forensics	Secure deletion
Authorization logs	24 months	Access review	Secure deletion
Security alert logs	24 months	Threat analysis	Secure deletion
Configuration change logs	24 months	Change tracking	Secure deletion
Security system logs	12 months	Operational debugging	Secure deletion
Error logs	6 months	Troubleshooting	Secure deletion

3.6 Communication Records

Record Type	Retention Period	Justification	Disposal Method
Voice call recordings	24 months	Dispute resolution, quality	Secure deletion
Voice interaction logs	24 months	Compliance verification	Secure deletion
Push notification logs	24 months	Coercion defense	Secure deletion
Consent records	24 months	Consent verification	Secure deletion

3.7 Financial Records

Record Type	Retention Period	Justification	Disposal Method
Payment records	24 months	IRS requirements	Secure deletion
Transaction audit trails	24 months	Financial audit	Secure deletion
Rate governance logs	24 months	Financial compliance	Secure deletion

3.8 Quality & Rating Records

Record Type	Retention Period	Justification	Disposal Method
Rating records	Employment + 1 year	Training follow-up	Anonymization then deletion
Aggregated ratings	Employment + 1 year	Performance tracking	Anonymization

3.9 Policy & Governance Records

Record Type	Retention Period	Justification	Disposal Method
Policy documents	Permanent	Legal/audit	Archive (no deletion)
Audit reports	7 years	Audit history	Secure deletion
Training records	Employment + 3 years	Training verification	Secure deletion

---

4. Retention Period Justifications

4.1 Why 7 Years for Accident Records

Factor	Duration
Typical personal injury statute of limitations	2-6 years (varies by state)
Discovery rule extensions	May extend limitations
Insurance coverage disputes	May arise years later
Buffer for litigation hold identification	1 year
Total recommended	7 years

4.2 Why 24 Months for Operational Records

Factor	Duration
DOT audit look-back period	Up to 2 years
Insurance dispute window	Typically 1-2 years
Employment dispute window	Typically 1-2 years
Total recommended	24 months

4.3 Why 36 Months for Incident Records

Factor	Duration
Base operational retention	24 months
Investigation completion buffer	6 months
Litigation preparation window	6 months
Total recommended	36 months

4.4 Why 10 Years for Medical/Workers' Comp

Factor	Duration
Workers' comp claim re-opening periods	Varies, up to 7+ years
Long-term disability claims	May span decades
Medical record retention standards	Often 7-10 years
Total recommended	10 years

---

5. Legal Hold Procedures

5.1 Legal Hold Triggers

A legal hold MUST be initiated when:

• Litigation is filed or reasonably anticipated
• Regulatory investigation is commenced or threatened
• Subpoena or document request is received
• Insurance claim is disputed
• Criminal investigation involves Hop And Haul operations

5.2 Legal Hold Process

Step	Action	Owner	Timeline
1	Identify triggering event	Legal Counsel	Immediate
2	Define hold scope (records, date range, parties)	Legal Counsel	Within 24 hours
3	Issue hold notice to custodians	Legal Counsel	Within 24 hours
4	Suspend automated deletion for in-scope records	IT Operations	Within 24 hours
5	Confirm hold implementation	IT Operations	Within 48 hours
6	Document hold in hold register	Legal Counsel	Within 48 hours

5.3 Legal Hold Notice Contents

Every legal hold notice must include:

• Matter name and reference number
• Description of triggering event
• Scope: date range, record types, parties/subjects
• Preservation obligations (no deletion, modification, destruction)
• Duration: until explicitly released
• Contact for questions

5.4 Legal Hold Register

Field	Required
Hold ID	Yes
Matter name	Yes
Trigger event	Yes
Date initiated	Yes
Scope description	Yes
Custodians notified	Yes
Release date	When applicable
Released by	When applicable

5.5 Hold Release

• Only Legal Counsel may release a legal hold
• Release must be documented in hold register
• Custodians must be notified of release
• Normal retention schedule resumes from release date

---

6. Destruction Procedures

6.1 Standard Destruction

Step	Action	Owner
1	Automated identification of records past retention	System
2	Verification no legal hold applies	Legal Counsel (quarterly)
3	Secure deletion (overwrite, not logical delete)	IT Operations
4	Deletion logged with certificate	System
5	Quarterly destruction report generated	Compliance

6.2 Secure Deletion Standards

Media Type	Destruction Method
Database records	Logical delete + scheduled purge
File storage	Secure overwrite (3-pass minimum)
Backup media	Rotation out of retention or cryptographic erasure
Physical media	Shredding (cross-cut for sensitive)

6.3 Destruction Certification

Each destruction batch produces a certificate containing:

• Date of destruction
• Record categories destroyed
• Date range of destroyed records
• Method of destruction
• Operator certification
• Verification that no holds applied

---

7. Backup & Archive Considerations

7.1 Backup Retention

Backup Type	Retention	Notes
Daily backups	30 days	Rolling window
Weekly backups	90 days	Rolling window
Monthly backups	24 months	Aligned with operational retention
Annual archives	Per record type	Follow primary retention

7.2 Archive Migration

When retention period exceeds primary storage needs:

• Records may be migrated to cold storage
• Access must remain available for legal/audit
• Migration does not reset retention clock

---

8. Cross-Reference to Other Policies

This policy supersedes retention specifications in:

• PLCY-LIA-001: Accident & Liability Framework
• PLCY-INC-001: Incident Response Procedures
• PLCY-DATA-001: Data Classification Policy
• PLCY-AUD-001: Audit Trail Specifications
• PLCY-SEC-001: Security Controls
• PLCY-RAT-001: Rating System Policy

Those documents should reference this policy for authoritative retention periods.

---

9. Exceptions

9.1 Exception Process

Any deviation from standard retention requires:

• Written business justification
• Legal Counsel approval
• Compliance Manager notification
• Documentation in exception register

9.2 Prohibited Exceptions

• Shorter retention for accident/claims records
• Shorter retention for records subject to legal hold
• Destruction without verification of hold status

---

10. Training & Awareness

Audience	Training Requirement	Frequency
All employees	Records retention awareness	Annual
Operations staff	Operational records handling	Annual
Legal/Compliance	Full policy, hold procedures	Annual
IT Operations	Destruction procedures	Annual

---

11. Document Control

Version	Date	Author	Changes
1.0	December 22, 2025	Hop And Haul Team	Initial release