feature

By Stacy H. Rubin and D. Patrick O’Laughlin

Property managers and landlords often ask, “How long should I keep the files of my former tenants?” Just like most questions in law, the answer is, “It depends.” More specifically, the length of time that a document should be kept is dependent upon the respective statute of limitations for any type of case that might be brought for a potential cause of action. Aside from any business considerations that might be independent of law, document retention is a matter of risk management. This article is written to provide a thumbnail sketch for property managers and landlords and addresses only the typical documents that could be found in a former tenant’s file. As such, circumstances that could be considered unusual for the tenant-landlord relationship might fall outside the scope of this article.

Statutes of Limitations
In California, the statute of limitations on a written contract is four years. The
statute of limitations on an oral contract is two years. These statutes run from the date of the breach. Since almost all rental agreements or leases are reduced to writing, landlords should keep leases (or documentary evidence of the terms of the agreement) for four years.

The information contained in a tenant’s rental application can be at issue for claims
concerning fair housing, among other things. Since fair housing issues can be quite
broad and amorphous, there are various statutes of limitations that may be applicable.

While a tenant or former tenant has only a year to file a complaint with the U.S. Department of Housing and Urban Development or the California Department of Fair Employment and Housing, there is a two-year statute of limitations on filing a lawsuit based upon discrimination in state or federal court. That statute is suspended if the person first files an administrative complaint with HUD or DFEH (which is extremely common). The time that the case is with the agency does not count against the statute. So, under some circumstances, the statute can be extended to three or more years.

A real-estate broker must retain copies of all listings, deposit receipts, cancelled checks, trust records, and other documents in connection with real property transactions for which a real-estate license is required, for three years. The time period begins from the date of closing, or if the transaction is not consummated, from the date of listing.

In addition, a real-estate broker must maintain records of funds solicited or accepted for a purchase or loan transaction where the broker obtains use or benefit of funds other than for commissions, fees, costs and expenses.

Safeguarding Sensitive Information
The Gramm-Leach-Bliley Act requires financial institutions to have measures in place to maintain the confidentiality and security of sensitive customer information, such as personal credit information. Financial institutions may be defined as businesses, regardless of size, that are significantly engaged in providing financial products or services.

The Safeguards Rule requires companies to develop a written information security program that describes their program to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information at issue. As part of its program, each company must: designate one or more employees to coordinate its information security program; identify and assess reasonable foreseeable risks to the security, confidentiality and integrity of customer information in each relevant area of the company’s operation; design and implement a safeguards program, and regularly monitor and test it; select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee their handling of customer information; and evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Violating the Safeguards Rule could lead to an administrative enforcement action initiated by the Federal Trade Commission. The GLBA does not provide consumers with a private right of action. However, since a violation of the GLBA may give rise to a claim under a state’s unfair business practices law, consumers may be able to enforce the GLBA utilizing this mechanism.

California specifically requires a business that owns or licenses personal information about a California resident to implement and maintain reasonable security procedures and practices appropriate to the nature of the information, in order to protect personal information from unauthorized access, destruction, use, modification or disclosure. A violation of this California-specific provision may lead to civil liability for damages and/or civil penalties.

Document Destruction: The Disposal Rule
In 2003, the Fair Credit Reporting Act was amended with the creation of the Fair and Accurate Credit Transactions Act. Under the umbrella of FACTA, the Disposal Rule was implemented and became effective June 1, 2005.

Any business, large or small, that uses consumer reports for a business purpose must properly dispose of sensitive information in order to prevent “unauthorized access to or use of the information.” Disposal includes shredding, burning, destroying and/or pulverizing. Sensitive information is defined as data that is identifiable to an individual person and has the potential to be used, such as social security numbers, driver license numbers, credit card numbers, account numbers, passwords, judgments in civil cases, medical information, and financial data like credit ratings.

The Disposal Rule applies to information in paper, on the computer or in any other format. It requires reasonable disposal measures to protect against unauthorized access to or use of the information, so that the personal information cannot be read or is incapable of being reconstructed. Discarding consumer reports in a trashcan is no longer just an irresponsible business practice—it is illegal.
Although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.

Businesses should also conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the rule. Due diligence could include: reviewing an independent audit of a disposal company’s operations and/or its compliance with this rule; obtaining information about the disposal company from several references; requiring that the disposal company be certified by a recognized trade association; or reviewing and evaluating the disposal company’s information, security policies or procedures. The statute indicates that these suggestions are examples and are not exclusive or exhaustive methods for compliance.
Immediately cease destruction of potentially relevant or discoverable documents when a lawsuit or government investigation is pending or even threatened. The two-year statute of limitations period dates from the consumer’s discovery of the violation, not the date of the violation itself. However, the consumer must bring the action within five years of the date of the violation, regardless of the discovery date.

Noncompliance with the Disposal Rule may result in an action initiated by the FTC or a private cause of action, where damages may include, but are not limited to, actual damages, punitive damages, statutory damages up to $1,000 per violation, civil penalties, costs and attorneys’ fees.

Miscellaneous Documents
The statute of limitations for some IRS actions is up to seven years and, in some circumstances, there is no statute of limitations for IRS purposes. In construction defect litigation, the statute of limitations is ten years for latent defects. Please bear in mind that extensions of the limitations can occur in cases where an injured party is delayed in discovering injury, in cases of injury to persons younger than 18 years of age, and in cases of cross-complaints and indemnity claims.
Based upon the foregoing and brief discussion included herein, keeping the files of a former tenant for a five-year period following move-out should protect a landlord or property manager in most circumstances. However, if maintaining the records for a longer period is not cost prohibitive, it is recommended that the records be kept as long as possible. For issues that fall outside of this discussion, please consult your lawyer.

---

The opinions expressed in this article are those of the authors and do not necessarily reflect the viewpoint of SFAA or SF Apartment Magazine. The information contained in this article is general in nature; consult the advice of an attorney for any specific problem. Stacy H. Rubin and D. Patrick O’Laughlin are with Kimball, Tirey & St. John, LLP. If you have questions about this article, please contact Rubin at 800-575-1770. Copyright © 2008 by SF Apartment Magazine. All rights reserved.