Record-keeping requirements
for Web-Based Queries

© 2000 by Charles A. Plesums, Austin, Texas

What are the record-keeping consequences of a customer accessing conducting business through the web?

Traditional business

When a bank provides a statement to a customer at the end of the month, it normally keeps a copy of that statement to support customer inquiries, demonstrate regulatory compliance, and record the status1 of the account as seen by the customer at the time of the statement. The same is true for an annuity quarterly statement, an annual statement for a Universal Life policy, and documents associated with most other financial products.

What if a customer elects to receive the monthly bank statement electronically? Wouldn't the bank keep a copy of that statement, just as when the paper statement was mailed monthly, for exactly the same reasons? The monthly statement is archived, no matter how the statement is delivered.

Now what happens if a customer goes on line in the middle of the month and accesses exactly the same information as on the monthly statement? The need for protection from litigation or embarrassment is the same - an archive copy of the data may be appropriate. And what if the customer checks the electronic statement frequently, but not at the end of the month? Does the periodic archive replace the need for the month-end statement cycle and archive? There is no definitive answer to these questions, although it appears that the prudent action today is to maintain the archive, each time the customer has access to the data, whether as a printed statement or on line.

What has to be in that archive of the on-line activity? A copy of all the data on every screen that the customer saw would be nice but may not be practical - how many thousands of copies of the home page or login screen do you want to store each day? A starting point would be to store the screens that are custom-built for the customer - the data on their account transactions (including the part that could only be reached by scrolling). A periodic copy of the entire web site (perhaps monthly or after each major update) may help demonstrate what the customer perceived2 and how the disclaimers and disclosure were emphasized, presented, and reached ("only one click away.")

There are few "best practices" or definitive requirements for what business records should be retained when a customer does business through your web site. Making no record at all is incompetent. Saving everything is not required. A "good faith effort"3 to do the right thing will go a long way.

E-commerce - web-based business

What records need to be retained if the business is being conducted largely or exclusively on the web?

Terms and conditions and other information about the transaction are probably on separate web pages, so there is not a single document, physical or electronic, that encompasses all the parties, terms, and conditions like a traditional contract. If the value of the transaction is small (one book ordered from amazon.com), the risk of an imperfect contract is small enough to just going ahead (and keep imperfect records of the imperfect contract). If the value of the transaction is higher, a conventional agreement (common in B2B commerce) may specify the terms, condition, approvals, and record keeping requirements.

The web is advancing beyond trivial transactions and special arrangements. Academic studies have identified conditions that define low, moderate, and high exposure sites, and recommended retention strategies for each. For low exposure (amazon.com example), perhaps no special records are required. For moderate exposure cases, a historical log describing the site at any time, with samples of all pages, plus logs of the transactions, may be sufficient. For high exposure web sites the study suggested that the entire site be archived periodically, so that the exact performance of the site at any given time can be reconstructed.


1Recording the status of the account may be for self-defense in case of litigation, or just to avoid embarrassment, but the actions and result are the same.

2Keep in mind that different browser programs may render a site differently, so that information that was adequately emphasized with one browser may not stand out with a different browser. Users can also override the normal rendering of the page, producing a presentation customized to their preferences, needs, or disabilities.

3A "good faith effort" is a legal principle that you should get credit because you tried, and is not just a good-sounding phrase.


Back to the home page

Send e-mail comments to


©2000 by Charles A. Plesums, Austin, Texas USA. ALL RIGHTS RESERVED. You may license additional copies of this document through a nominal royalty payment as specified on www.plesums.com.