When it comes to the storage and retention of employee files, what you don’t know CAN hurt you. In fact, proper recordkeeping is an essential aspect of being a compliant organization.
Co-sponsored with our HR partner, Mineral, this session offers a deep dive into general federal recordkeeping compliance, including required retention times for employment documents, payroll and tax information, and other important employee file recommendations.
This session was recorded on August 17 2023.
Hello, and thank you so much for joining me today. I am so excited to welcome you to our training Employee Record Keeping: Know Your Requirements.
Before we begin, I would like to just quickly introduce myself. My name’s Marisa. I am a manager here on our HR advisory team. I’ve worked in a variety of HR areas, including payroll and staffing and on and off boarding, and I’ve worked with all different sizes of companies and quite a few industries and I just love it. I have a lot of experience that helps inform what I share with you all, so I’m looking forward to jumping into that. And please remember that if you have questions, you can wait until the end at our Q&A or you can chat them in while we’re moving along and we’ll see if we answer them along the way.
So just some quick housekeeping items. We will email you the recording of this presentation and the slides within 24 hours. And of course, please do use the Q&A box for questions. I’ll answer as many as I can during the Q&A session at the end. And in the next half hour, we’re going to be talking about paperwork. We’ll start our session really discussing the different storage methods that are available to employers. We’re also going to be talking about the different kinds of files that you should be keeping along with recommendations for organization and safekeeping. We’ll also talk about required retention periods, how long you should keep these files and these documents. We’ll also talk about who should have access to these files and how to destroy them properly when that time comes.
We do have a lot to get through today, so just sit back and let the information settle in, and feel free, like I said, to ask your questions along the way or you can wait until the end at our Q&A session.
Now, before we even talk about what file types you might need or how long you should keep them, we’re going to talk about storage. Now, thinking about where and how to store your employee files, you should really conduct your due diligence to determine how to best protect your employee’s confidential information. Regardless of how your files are stored, confidentiality and security are paramount since our employees are trusting us with their private information, including social security numbers, medical information, information about their families or their home lives. Really, pretty much any employment related information should be secure and only accessible on a need to know basis, even if it’s not confidential to the same extent as something like a social security number or medical information.
Many employers still maintain physical files when it comes to at least some portion of their personnel records. Electronic storage, however, is quite common and it’s really a great option. Can have a lot of benefits for some or all of your employment files. So we’re going to discuss both today, but I do want to review some considerations that are specific to electronic storage of employee files.
So one, any obligation to produce an employee’s personnel record extends to all covered records, including those you store electronically. Records must also be accessible in the event of a legal request if you get a subpoena for specific information or records or in the case of an audit. Confidentiality rules must be followed and employers must ensure data is kept secure, like I mentioned already. Electronic records should be able to be readily converted into legible and readable paper copies in the event of, like I mentioned, audits or legal requests or an employee request. And employers with paperless files should establish and implement records management practices. That should include following procedures for labeling the records, creating backup electronic copies, selecting an offsite storage location, documenting an effective way to know when to destroy certain electronic records, organizing them in a way that the right people can find what they need.
We get a lot of questions about the integrity of an electronic signature, and in our experience, electronic signatures are valid so long as the service provider uses some form of identifier approve the person viewing the message notification or the document is who they claim to be. That could be something like a login, a username and password, or some kind of timestamp and other identifier. If you’re concerned about a system’s credibility or whether they meet the appropriate security requirements, you should go directly to that vendor and ensure that they can guarantee those features.
And lastly, there are specific considerations for completion and storage of both the W-4 and the I-9 to be certain of the integrity of the electronic system. Unfortunately, we don’t have time to chat about those specifics today, but there is helpful information on this that’s available in our platform resources, and our HR experts are more than happy to discuss these requirements as well.
Okay, so let’s talk about some of the important things to think about when using a paper filing system. For security purposes, where are the files stored? I recommend a locked office and a locked file cabinet. Ideally, this locked cabinet would be in the HR office or another safe and accessible place and stored in a way that can be readily inspected or examined by those who should have access and whenever necessary. It’s common to consider file storage and security for your current employees as you’re probably accessing these files more regularly, but remember to also consider file storage for your terminated employees. I’ve spoken with several clients who box up terminated employee files and ship them off to a storage unit somewhere really far away to collect dust. And while this may help clear clutter and make space for current employee files, confidentiality and organization must be considered as well as accessibility.
Disaster recovery is another consideration that’s coming up a lot these days. I strongly recommend fireproof cabinets for storage. And while more expensive, there’s really no other way to secure these paper files in the event of a disaster. I certainly would not want to have to attempt to recreate an employee’s file.
Any review of a file should be done in the HR office or the designated area that is secure. You don’t want any confidential documents wandering around the company or outside of the office even. And the employer manager should really review the file in the presence of an HR representative and nothing in the file should be altered or modified without proper procedures being in place. If you do determine something’s incorrect or the employee would like to challenge something in the file, we typically recommend adding a memo or a statement to document it, not changing the actual document itself.
Files should be well organized and maintained in a reasonable order within the file. I recommend organizing them by placing the most recent documents on top. So for example, when I open an employee’s personnel file, I want to see their current position and rate of pay on top or at the front instead of the position and pay that they began employment with, for example. You might also decide to have a file cover sheet that indicates in what order different documents are included in the file so they’re easy to find.
In the next few slides, we’ll discuss the five, yes, I did say five, types of employee files and what would be included in each one. Keep in mind that these days employers often use various platforms for things like onboarding, recruitment, performance reviews, et cetera. It’s entirely up to the employer whether they choose to store documents in separate platforms or if they wish to export records to store in one place. So we’re going to discuss how you might organize files if you’re not storing them in separate platforms.
As you can see from the list on the slide, the employee’s personnel file should include documents related to an employee’s original hire, all of the recruitment and selection information, documents related to the employee’s job acceptance such as the signed offer letter, job description and handbook acknowledgement form. You’ll also include documents related to continued employment over the course of time.
The next file is the confidential medical and benefits file. There should also be one of these for each eligible employee. You don’t yet need a file for those who aren’t eligible for the benefit plans such as part-time employees, for example, if that’s the case in your company, but you will need to add a file if they do become eligible. This file should include all insurance and medical enrollment forms. Other medical documents might be added to this file as well over time, such as doctor’s work releases after a medical leave of absence or documentation of an accommodation request for a temporary or a permanent disability. You’ll also want to include COBRA notification forms in this file once employment has ended.
Finally, remember that confidentiality is especially important with the medical and benefits files. Various privacy laws and the Americans with Disabilities Act require that you keep confidential employee medical records separate from basic personnel files. Supervisors and managers can’t legally base personnel decisions, such as who gets promoted and who doesn’t or who gets a raise and who doesn’t, on the medical histories of the employees involved. So it’s really important that these documents remain separate from that basic personnel file and are accessible only to the office administrator or the HR representative.
Next up is the payroll file. Now, for the sake of confidentiality, I recommend maintaining payroll related records separate from your other files that we’ve discussed and we’ll discussed. For example, if your HR team doesn’t do payroll, the payroll person would likely not need full access to all information in the employee’s personnel file. In this case, the payroll employee is not on a need to know basis for the employee’s basic personnel information or medical information. The payroll file can be hefty if it’s in paper and it will include the W-4, any time sheets, pay increase or decrease status changes, time off, leave records, vacation, sick time records, wage garnishment documentation. If you are running your payroll on a platform that stores all these documents in a way that you find easily accessible and easily organized, then you don’t need to keep these in a separate place. You can keep all the payroll information within that payroll platform, but if you do prefer to store it elsewhere, then you’ll want to make sure it is kept as its own file.
You’ll want to create a file also for any employee who’s been injured while on the job. This file should contain workers’ compensation claim records, injury reports, any additional medical records on the injury such as the doctor’s work release or details regarding light duty, return to work, other insurance documentation. I recommend maintaining also a separate file for each injury for organization and ease of annual OSHA reporting if that’s applicable for your company.
And the last file that I’m going to talk about is the I-9 file. Best practice is to keep all I-9s in either a separate primary file or even a three ringing binder if you’re storing paper I-9s. And since I-9 files have unique record retention laws, a separate file will help ensure that you retain these forms for as long as necessary and that you can readily discard them when you’re supposed to. For ease of organization, I typically recommend removing an employee’s I-9 from the master folder or binder on their termination date and storing it in a separate terminated employee section in the file until the appropriate destroy date. One good reason for this is that if you’re ever audited and there are errors on your forms, you can still be fined for those errors even if the employee is no longer active. But if you’ve made sure you’re tracking the destroy date for the individual I-9s, then you’re eliminating those forms from any future audits.
Remember that the law requires an employer make the forms available upon request by authorized government officers after being provided three days notice prior to an inspection, and these should not be stored in the employee’s personnel file because those who would audit the I-9 information don’t need access to the employee’s personnel information other than what is with the I-9.
Today I’m covering federal record keeping requirements. So you’ll want to note that many states go above and beyond the guidelines that we’re going to discuss today, and there might be additional record keeping requirements for federal contractors as well that we’re not going to be able to cover. It’s important you review your state’s regulations or any other federal contract or other industrial requirements when you’re implementing your record keeping policy.
Over the next few slides, we’re going to discuss file retention best practices and specific retention guidelines for the different documents. It’s important to note that absent more strict state specific or federal contractor requirements, these guidelines would apply to employers of all sizes.
Now, before we jump into record retention specifics for your current employees, I do want to mention that applications, resumes and any other records relating to the refusal to hire an applicant must be maintained for one year following the date of the decision, not the date of the applicant’s submission. For easy organization and proper retention, I prefer to maintain a file for each company position opening along with the date the final hiring decision was made. So this means that candidates who submitted a resume or an application, maybe even interviewed with you but you didn’t hire, you are responsible for still retaining those records for one year. And the easiest method I have found is create a file and put the person’s name, the position and the date that the decision was made. Or if you’re keeping multiple candidates’ information in the file, you can just put the position title and the date the decision was made.
Now, when it comes to files for your current and former employees, the general best practice is to maintain employee files for the length of employment plus seven years following the separation date. There are specific guidelines for each type of employment record, which we’ll go over, and please note that these requirements are all minimum requirements. If there is a pending claim or litigation, the relevant records should be kept until that claim is closed and your legal counsel should be able to assist you with making sure that you’ve retained these types of records as long as you should.
All right, so why do we recommend seven years? Well, it’s really for two reasons. First, for state and federal purposes, retaining a personnel file for seven years after separation generally satisfies all retention requirements, except for one, which is an OSHA requirement, and I’ll get to that one a little later.
Now, I-9s should be retained for as long as the employee is working for you and for three years after the date of hire or one year after separation, whichever date is later. I know that’s kind of complicated. So we put an example here on the slide so it requires a little math and you can see the simple equation here. It utilizes the employee’s higher and separation dates to calculate the accurate I-9 destroy date. So as I mentioned, I recommend you pull an employee’s I-9 at their separation and add a sticky note with the destroy date or a little tab and move it to a terminated I-9s section or separate file for safe storage until that date.
Payroll records, such as pay rates, dates of payments, regular and overtime hours, worked, pay and benefits deductions, and direct deposit authorizations should all be retained for the length of employment plus an additional three years thereafter. And tax records should be retained for four years from the date the taxes is due or paid. These include the amount of wages subject to withholding agreements with employees to withhold additional taxes, actual taxes, withheld, and dates that they were withheld.
Benefits information, such as insurance plan documents, summary plan descriptions and so on, should be retained for six years. And additionally, all FMLA documentation should be retained for three years from the last entry, which is likely the close of the file or end of that leave. Now, like I said, OSHA has a requirement that’s a little bit different, so we’re going to talk about those here. Safety data, including all company-wide logs and records, along with the claim details for occupational injuries and illnesses, those should all be retained for five years following the year the record pertains to. But in the event of exposure to toxic substances that result in medical exams or treatment, OSHA does require material safety data sheets and related records be retained for the duration of employees job tenure plus 30 years. So be sure you mark those records well.
All right, I’ve briefly touched on file access and how electronic and paper file viewing should be limited to only those with a need to know basis. You’ll want to ensure that You are protecting applicants and employees from identity theft, breaches of privacy, et cetera. So we’re going to switch gears and go over When an employee has or requests access to their personnel file and your company policies around this access.
Now, there are no federal laws that require an employer to provide access to an employee’s own personnel file. However, many states have laws that grant an employee access to their personnel file, or part of it, so It’s really important you know what your state requires. For those of you in states that don’t have requirements for employee access to their own files, we recommend having a policy as a best practice. So let’s take a look at what that policy should include on the next slide.
Your personnel records policy should include a statement to employees informing them that the company takes reasonable precautions to protect employee files and personally identifiable records, that employee files have restricted access, and that in the event an employee wishes to access their file, they must make a written request to their supervisor, manager, or directly to HR, whoever’s most appropriate in your company. You’ll also want to notify an employee that file review will be supervised by HR or whoever you’ve designated.
Now, as a best practice, nothing in an employee file should be a surprise to the employee. This means no documents should be added without the employee’s awareness. I mean, don’t contact an employee every time you add a document to their file, but just ensure they’re not surprised by anything in it. For example, if you have a meeting between an employee and their manager to discuss performance improvement, the manager may email a summary of the meeting to you, and this email may be included in the personnel file to document the performance or disciplinary meeting. And the employee was well aware that meeting occurred, so that wouldn’t be a surprise to them.
Some employers certainly opt not to allow file access, but this isn’t my personal recommendation. Nevertheless, If you review your company files and determine they’re not currently up to your standards and you’re in a state that doesn’t require allowing employee access, you may want to implement the company policy after you’ve fixed up those files and made sure they’re at a place that you feel comfortable with them.
Now, a couple of tips and best practices when it comes to employee requests to access their files. First, don’t panic when an employee, current or former, requests access to their file. I realize this is easier said than done. It can often make you feel a little nervous, but in my experience, there are a lot of reasons why employees request access to their files, and usually it’s for something simple like they want to see a past performance review or copy of a previous year’s W-2. And you may wish to grant access and also try to identify whether they’re looking for something specific, especially if you’re unaware of anything risky or questionable in their file.
Now, as I mentioned before, maintain good files. My mantra, again, is that nothing in an employee’s file should be a surprise to the individual should They request access.
And lastly, if an employee requests access and you do find something problematic in the file as you’re reviewing it ahead of time, it’s a good time to call your legal counsel for additional advice on how best to handle that situation and mitigate legal liability.
To end our presentation, I am going to talk about destroying records once the time comes. Employers should be aware of the Federal Fair and Accurate Credit Transaction Act, which imposes rules for the proper disposal of confidential consumer information. The federal law applies to any employer with one or more employees and applies to paper as well as electronic information. The law also requires that employers take reasonable measures to dispose of consumer information that is obtained or derived from consumer reports, consumer reports being background checks, credit checks, those types of things you might run.
Reasonable measures have not been defined in this law. However, employers should dispose of records in a way that will reduce the chance that information could be stolen or be put in a situation where identity theft might be possible. So we typically recommend using a secure shredding company, the companies that give you a locked bin and then they come from time to time and empty it to be shredded. You could also store these in encrypted files that require higher level of security to access them. I also recommend maintaining a list of files that you’ve destroyed for easy reference should you be asked about a document that’s already passed its retention period so you can say, “Yep, we have that, but it reached its destruction date on this date, and then we did get rid of it.”
Okay, we made it through. I hope that you enjoyed the presentation and learned a lot and have a better understanding of how to complete, organize and store your employment documents. I’m going to pause for half a second just to review the questions that you’ve all chatted in. If you haven’t chatted your question in, now is a great time. I left us definitely enough time to get to them, so please do chat those in and I’ll be back in just a moment.
All right, we have some really great questions in here. One question here is, if your organization is remote, is there a need to keep hard copy employee files within a fireproof cabinet or are electronic file sufficient? Yeah, as I said in the very beginning, it’s really up to you whether you choose to store files on physical paper in cabinets or whether you wish to have everything be stored electronically. Every business has different needs, different capabilities, different infrastructures, so it’s just really based on what you think is most reasonable and most secure for your business. If you’re entirely remote and don’t have a physical location, then storing them physically in file cabinets is probably difficult unless you’re storing them in somebody’s house, which also probably presents its own issues. So there’s no requirement to have physical files or electronic files. You get to choose, and you can also have a combination.
We have a question here about I-9 storage. Do we need to separate the IDs from the I-9 page? That’s a great question. Depending on whether you choose to store those I-9s electronically or whether you are storing them physically, one might be easier than the other if you’re also taking copies of their IDs, but it’s up to you. You can store the IDs with the I-9s or you can store the copies of the IDs in your regular personnel files just with all their other sensitive information. Do keep in mind you are not required to keep copies of the IDs that are presented for an I-9 if you are doing a physical inspection of those documents, but if you do choose to keep copies of them, you need to do that for everyone. So you can’t just do it for some folks and not others.
Somebody did ask that whether or not the employment application retention requirements for two years versus the one year I stated. Federally, it is one year. There are states, like we mentioned, that have various different retention requirements for different types of records. So you might be in a state that has a longer retention requirement for those types of records, and you’ll just want to verify those state requirements specifically.
We have a great question here about storing interview records and resumes and applications when you use companies or platforms like Indeed or other hiring platforms. This is really up to you. You may elect to export those documents and store them yourselves. You also can just store them on the platform you’re using. You may need to check out how long you’ll have access to those. I would be surprised if any of those platforms don’t store those records for at least a year, but you’ll need to keep in mind, it may be tied to how long you have an account. So if you move away from that vendor, you may need to export those records before you close that account. So just keep that in mind. But again, you can store them electronically, you can store them in a physical file, you can store them in a platform or on your own servers. It’s really up to you.
Does a bookkeeper have the right to look through personnel files and write down the employee’s date of birth? The term do they have the right isn’t exactly the situation. There is no list of who has the right to view information, but what is important to consider is, do they need access to all the information that they would have access to to do their job? If the answer is no, then they shouldn’t have access. If they need specific pieces of information, you can explore whether there are ways to give them access to just that information or you can simply provide that information to them when they need it.
All right. And somebody did ask if there’s a good quick reference guide that you all can utilize. We have lots of different resources on our platform, so be sure to check that out, including laws pages and resources regarding record retention. So not only will you receive this webinar within 24 hours in your email, but you can find all this information on our platform and we do update that anytime anything changes.
Somebody asked if I could re-explain how long to keep I-9s, so I’m going to move back to that slide here for just a moment. And I’m happy to review that again because it can be a little complex. All right. Essentially, you’ll want to look at the date you hired an employee. So in this example, let’s say you hired them on February 14th, 2023 and they only work for you for a week. So you would take February 14th, that higher date of 2023, and you would add three years to that. That would give you February 14th, 2026, and then you’d look at their termination date. And the termination date is February 21st, 2023. So you’d add one year to that and then you’d pick whichever date is later. So three years after their hire date or one year after their termination, whichever is later. Hopefully that helps.
Let’s see here. Go back to our Q&A slide. All right. Is there anything that you need to keep longer than seven years, such as employment dates? Like I mentioned, the OSHA hazardous exposure records, that all needs to be kept for 30 years. I know that sounds like a really crazy long time. Kind of is, but that is the requirement. Other than that, as far as federal law goes, you are not required to keep any other records longer than seven years. Do keep in mind that just because you don’t have to doesn’t mean you shouldn’t. I can think of a number of reasons that would be helpful to a business and an employer to at least keep some basic information for much longer, potentially even for the life of the business, like employment dates and positions held and eligibility for rehire status example.
All right. Let’s see. We have a few more questions here and a couple minutes left. Someone said, “If an employee has been here for 10 years, I can destroy it.” I believe that was in reference to the I-9s. So it would be the length of employment plus three years, and then you would evaluate from there. So if they’d worked for you for 10 years, you’d want to keep it for up to one year after the termination date or three years after hire. In that case, one year after termination would be much later than three years after hire. So just keeping that in mind. 10 years would mean, if we’re talking about today, you hired someone of August 17th, 2013. If you add three years to that, it’d be August 17th, 2016, and then you’d compare that to, if you let them go today, one year from today would be August 17th, 2024, so you’d be keeping it until 2024.
All right. Should we have written permission to share payroll information with lenders and such verifying employment? We always recommend that you have an employee consent signature or other authorization to release information about their employment history. Anything other than dates of employment and the title they held is really something we would recommend you have authorization for. It is pretty standard that whenever any… Let’s say someone’s applying for a mortgage or an apartment, typically those forms that they send to employers to verify information, those are going to have a place for that authorization and consent built right into the form. So you should always be receiving a form to provide the information on, and that form should have consent. If it doesn’t, we always recommend asking for that or at least checking with the individual that the information is pertaining to before releasing that.
Okay, last question here. “We went electronic a few years ago, but we still get physical forms. Once I scan that form to their online file, is it okay to shred the physical or do I need to keep it if it has wet signatures?” Generally, there’s not a lot that requires a wet signature to be in your file, but if it’s a specific type of record that you aren’t sure about, we always recommend checking with legal counsel if there’s any issue with having a copy rather than that wet signature. But generally, once you’ve preserved that file or that record and you’re confident that your electronic storage is sufficient and secure and has a backup, then there’s no need to keep the physical forms in addition.
All right. Lastly, I just want to say thank you for joining us today. I hope you learned a lot. And like I said, if you have other questions or if you want some more detail about any of these requirements, I highly recommend checking out the resources available on our platform. And if you have access to the HR experts, we’re always happy to help you work through a specific situation or to explain something further. I hope you all have a wonderful rest of your day.