[Learn the latest on staying compliant at the SHRM Annual Conference & Expo 2024. Join us in Chicago or online June 23-26 to access in-depth learning opportunities that will solidify your knowledge of HR fundamentals. Try a deep dive into tactical HR at a preconference Compliance Bootcamp.]
Overview
Record-keeping requirements can be confusing given that there are numerous regulations that govern some aspect of employer record-keeping and retention.
Overview
Guidelines for Policy Development
Retaining Hiring Records
Maintenance of Employee Files
Electronic Record-Keeping
Access to Personnel Files
Security of Employment Records
Record Retention
Not only do various federal agencies have their own record-keeping requirements, but individual state and local statutes and regulations must also be considered. Some of the provisions apply to most all employers, whereas others apply primarily to government contractors and subcontractors.
In addition, many of these obligations are dependent on the number of employees at a company.
See Federal Labor Laws by Number of Employees.
Employers generate and receive a significant volume of records, and it is important for management to make a strong business case for implementing a comprehensive records management program. Key reasons include:
- Controlling the creation, growth and accessibility of company records.
- Reducing operating and storage costs.
- Improving efficiency and productivity, as well as office appearance.
- Assisting in regulatory compliance and reducing litigation risks.
- Protecting sensitive employee information.
- Ensuring that records are readily accessible as needed.
The HR function within an organization typically has the primary responsibility for record-keeping and retention/disposal of employment-related records. Governing laws often provide for civil monetary penalties and, in some instances, there are both individual and criminal liabilities.
Additionally, maintenance of employment records is critical to defending against employment-related litigation. In fact, an employer can be sued for wrongful destruction of employment records under the theory of spoliation of evidence. It is critical that employers ensure their workplace has in place effective procedures for creating and maintaining required records.
See Map Your Data to Keep Your Electronic Records Secure.
Guidelines for Policy Development
An effective workplace records policy is the blueprint for compliance with federal and state laws and regulations, as well as the practical guidance for consistent and effective records management and retention. Several key elements should be considered when developing, implementing and maintaining a workplace records policy.
| Definition of "record." Clearly define what is meant by "record" so that the appropriate documents will be governed by the policy. Generally, records do not include drafts or documents that are works in progress, only final versions of documents. |
| Retention schedule. Identify the retention period for each category of documents. Certain records may be governed by more than one law; however, the periods of retention often vary, making it generally advisable to retain the information for the longest period required. Records related to pending claims or litigation should be retained until the matter is fully resolved. A summary of federal record retention requirements can be found in SHRM's online compliance resources. |
| Access. Limit access to those with a legitimate business need. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) and data privacy regulations contain specific provisions for who may access information and how it may be used. In addition, define current and former employee rights to review and/or copy information within their personnel file. |
| Storage and format. Designate the specific location where records will be sent for retention, as well as the format in which the records will be maintained. |
| Security and privacy. Ensure the physical security of the records, whether stored in hard copy or electronically, to protect the confidentiality of employee records and the privacy of the information contained in them. See Employee Records Confidentiality Policy. |
| Destruction of documents. Identify how records will be disposed of once retention requirements have been met. Records containing confidential, personal or financial information should be shredded or incinerated to protect employee privacy and to comply with applicable laws. |
| Consistent policy implementation and periodic audits. Record retention rules and procedures must be consistently applied to ensure compliance. Periodically audit the policy and practice to ensure that internal requirements are current and are being followed correctly. See Record-Keeping Policy: Records Maintenance, Retention and Destruction. |
See Checklist: Employment Recordkeeping Audit.
Retaining Hiring Records
A hiring file includes the documents and actions taken for the hiring of each position. Included are job advertisements, resumes, employment applications, job orders submitted to any agency, interview evaluations, reference checks, results of physical examinations, employment test results, credit reports, validity documentation of tests used in the selection process, applicant data for candidates not hired, and related information. These records must be maintained for candidates that are hired as well as those that are not.
See EEOC: Unselected Applicants' Information Must Be Saved, Too and What are the federal record retention guidelines for applications and resumes of candidates we do not select?
Federal contractors subject to affirmative action requirements must maintain records related to their hiring and selection, including advertisements; job postings; applications; resumes; interview notes; requests for reasonable accommodations; tests and test results; personnel files; rates of pay and other compensation; selection for training or apprenticeship; and other information regarding hiring, transfers, promotions, layoffs and terminations. As part of their record retention obligations, federal contractors must retain records relating to all individuals who meet the criteria of "Internet applicant," along with other employment records.
The Uniform Guidelines on Employee Selection Procedures (UGESP) are used by the courts to determine if unlawful hiring practices were the basis of a discrimination claim. Although not required by law, applicant tracking is recommended by these guidelines for all employers covered under Title VII and can be done pre-hire when it is part of an employer's decision to follow the guidelines. Adherence to these guidelines would strongly suggest an employer is free from unlawfully discriminatory hiring practices.
Maintenance of Employee Files
Employee files should be stored in a secure location and be kept strictly confidential. Access should be restricted to those with a legitimate need to know or as required by law. Several categories of records must be maintained according to specific requirements. See What should, and should not, be included in the personnel file?
Employee records to be maintained in personnel files
Certain records related to employees and their employment history should be maintained in an employee's personnel file. These records include:
- Pre-employment documents. These include job descriptions; job applications or resumes; offer letters; signed acknowledgments of receipt and agreement with the company's employee handbook, code of conduct and other key policies; and emergency notification forms, among others.
- Employment documentation. These include records related to job performance, promotions and transfers, compensation, performance appraisals, awards or citations for excellent performance, records of attendance and completion of training programs, warnings and any formal discipline, notes on attendance or tardiness, and any contract or written agreement between the employee and the employer.
- Separation of employment documents. These include exit interviews, separation checklists, notes about reason for separation, resignation letters, unemployment documents, separation agreements, correspondence and reference statements. See Should an employer combine employee files after separation of employment?
Records to be Maintained separately from the Personnel File
Certain employee records should be kept separate from an employee's personnel file to protect the privacy rights of employees and to insulate employers from liability. This includes the following types of records:
- Medical. The Americans with Disabilities Act (ADA) requires that employee medical records be maintained confidentially and separate from an employee's general personnel file. This includes employee medical exams, disability benefits claim forms, notes from doctors, requests for Family and Medical Leave Act (FMLA) leave, requests for ADA accommodations, worker's compensation history, claims and related documents, fitness-for-duty results, functional capacity assessments, referrals concerning an employee's participation in the company's employee assistance program, results of drug/alcohol tests, reimbursement requests for medical expenses, health-related information about an employee's family members, and any documentation about past or present health, medical condition, or disabilities. This file would also contain health insurance enrollment, continuation forms and COBRA notices.
- Credit information. Consumer-related credit information, credit reports, and personal or financial data should be maintained confidentially to comply with the Fair Credit Reporting Act (FCRA) of 1969.
- Immigration forms. Form I-9 and supporting documents confirming employment eligibility are kept separate for confidentiality and to facilitate inspection if subject to a government audit.
- Documents related to complaints and investigations. These include internal claims, government agency claims and documents related to lawsuits, which are to be kept on file until the claim or other litigation is fully resolved.
Electronic Record-Keeping
Employers often choose to maintain records electronically rather than keeping paper files. This relieves the need for physical storage space for employment records over a span of many years, which may save money and time. Also, electronic storage facilitates easy retrieval of information and allows for efficient access to documents. Organizations may also elect to go paperless as part of a commitment to sustainability.
Employers have options when creating an electronic record-keeping strategy and numerous vendors and software platforms are available. A cloud-based or software-as-a-service (SAAS) approach allows companies to implement new processes faster, update software with greater ease and remove tech support burdens from HR. On the other hand, some professionals find that private on-premises systems offer more control in determining how to use, store and locate data. See What factors should we consider when converting personnel files from hard copy to electronic format?
Compliance guidance is provided for certain types of records such as I-9 forms and OFCCP rules for federal contractors.
For an overview of specific requirements by type of record, see:
OFCCP: Preserving Employment and Personnel Records in Electronic Format
I-9 Handbook Chapter 9.1 – Using an Electronic Storage System for Form I-9
Access to Personnel Files
Many state laws require employers to allow current and/or former employees access to the contents of their personnel file. Employers need to understand the requirements of the law in the state(s) where their employees work and define internally what access is permitted in states where there is no regulatory requirement. Some considerations include:
- Will access be granted to both current employees and former employees?
- Will employees be allowed to photocopy items in their files?
- What are the procedures for employees to challenge information they believe to be incorrect?
- Are there limitations for confidential information such as former employer reference checks and confidential investigations?
- Should the organization limit the frequency of an employee's access to his or her personnel file, such as the number of times per year or other time frame?
A multistate employer needs a flexible policy, so it is applicable to all employees. For example, a statement such as "Access to personnel files will be provided according to state law" is appropriate.
See:
Access to Employee Personnel File Policy
Security of Employment Records
Employers must implement safeguards to protect personal employee information. Identity theft has become a top consumer fraud issue, and the Federal Trade Commission (FTC) reports that identity theft tops the list of consumer complaints that are reported every year. Every employer maintains records that are at risk of theft and misuse; therefore, employers should develop processes that protect this sensitive employee information.
See:
Record-Keeping Policy: Safeguarding Social Security Numbers
Protecting Personal Information: A Guide for Business
Record Retention
There are numerous federal and state laws that govern retention of employment records. Employers must ensure that all records are maintained, either in hard copy or electronically, for the minimum period of time required. Often, employers will use a 7-year rule for purging terminated employee files as this typically covers state and federal statutes of limitations; although shorter retention periods may suffice for some records such as I-9 forms and longer periods may apply to other records such as OSHA exposure records. SHRM has a chart on federal record retention requirements to assist in identifying statutory requirements.
See:
How to Comply with Payroll Record-Keeping Requirements
Know OSHA's Document Creation, Retention Requirements
How long should written warnings or counseling statements stay on file?
After a business closes, what do we do with company and employee records?
While most record-retention requirements are dictated by federal or state statutes, there are some situations where no time period is prescribed. The Uniform Preservation of Private Business Records Act (UPPBRA) sets a three-year time limit for records without a statute-specific retention period. This uniform law has been enacted by a number of states and provides a general guideline in others, although employers should consult with legal counsel to determine their individual compliance obligations and suggested best practices.
Document Destruction
Once an employer has fulfilled the requirements to retain employment records, an effective disposal plan must be adhered to. Simply tossing employment records in the trash creates a significant risk of theft or misuse of employee information that may result in regulatory investigations, fines, potential civil lawsuits, bad publicity and damage to the employer's brand.
When employment records contain personally identifiable information (PII) such as a name, address, Social Security number, etc., employers must securely dispose of this information.
The Federal Trade Commission (FTC) recommends the following disposal practices:
- Destroying or erasing electronic files so that consumer information cannot be read or be reconstructed.
- Shredding, burning or otherwise destroying paper documents so that consumer information cannot be read or reconstructed.
- Hiring a certified contractor specialized in document destruction after performing due diligence of the company's operations and security policies.
See Record-Keeping Policy - Record Maintenance, Retention and Destruction