The amount and sensitivity of information employers have about their workers is pretty staggering: bank account numbers, background checks, Social Security numbers, drug test records – and that is just the tip of the iceberg. Then there’s physical examination results, counseling notices or performance evaluations, with additional supporting notes such as email prints. What has the manager submitted to file? Anything inappropriate, discriminatory or potentially risk creating in there? The challenge with employee files is two-fold; the contents and security.
Let’s first address the contents of what should be kept in an employee’s file. We have found that the most compliance sensitive employee file system involves two separate files for each individual employee. One file contains employment-related information and the other file contains benefits and/or health related information. The two-part filing system ensures that managers, employees and outside auditors see only relevant information on an as-needed basis.
Primary File (employment)
Employment-related files include relevant employee documentation which a manager may review when making employment decisions. Information contained in the employee’s employment-related file should strictly be job-related and should include the following:
- Full name
- Employee number and/or Social Security Number
- Home address
- Basic payroll records (such as a payroll set up data form and tax forms)
- Pre-hire document such as job applications, resume, college transcripts, signed Offer Letter (with Job Title)
- Post-hire documents such as a signed Job Description or signed Confidentiality Agreement
- Ongoing compensation and performance related document such as rates of pay, other forms of compensation, education and training records, letters of recognition and performance review
The Americans with Disabilities Act and HIPAA requires employers to keep all medical records separate from personnel files. These files are considered confidential and privileged documents and should be stored separately. Medical records include any benefits-related information including: Benefits enrollment information; Physical examination results; Medical leaves; Workers’ Compensation claims; Drug and alcohol testing
Form I9 & EEO Survey
Two I9 files should contain all completed I9s and supporting documents.
Any materials and data relating to race (EEO form), age, and gender should be kept in a single “EEO Information” file.
Keep active and terminated employee files separate and forms should be filed alphabetically by employee name.
Safeguarding Sensitive Data
Too often we read about some company who has had a data breach by some computer hackers exploiting software flaws but the truth is more complicated than that. An unexpected work interruption can take you away from your desk, leaving personal information accessible. Therefore, ironclad policies and practices for handling personal information from within the workplace is critical to protect sensitive data. A few questions to ask yourself for ensuring security of personally identifiable information:
- Is physical access restricted to computer operations that contain sensitive documents?
- Are filing cabinets containing sensitive information locked? Are computers, laptops, and networks password protected?
- Are sensitive files segregated in secure areas/computer systems and available only to qualified persons?
- Do you use password-activated screen-saver programs?
- Do you have employees who handle sensitive, private, or personally identifiable information sign a confidentiality agreement?
Security of information is key and special consideration to where and how files are maintained, limiting access to only those with a need to know and protecting applicants and employees from discrimination, identity theft and breach of privacy is the main objective.
Keeping Notes – “Working” Files
Recognize that there is a difference between a manager’s personal notes about his or her reporting staff and official company personnel records. Managers may maintain a “working“ file as a place to include information and notes related to an employee’s overall performance during the year, and can be used to facilitate a corrective action session or complete a performance evaluation. Because a manager’s notes can be subpoenaed in the instance of a law suit, notes should always focus on facts, not opinions, and site specific examples, not hearsay.
The litmus test when trying to decide what may or may not be included in the “working” file is that any document or entry that does not relate to the employee’s job performance of qualification should not by kept. Period. Nothing should be created or filed that is not professionally necessary. Employer records are frequently used as evidence in employment-related litigation. Maintaining a separate file for any investigative materials is critical as materials kept in an employee’s file may become discoverable if the issue escalates from an informal complaint to a formal complaint or litigation filed with a government agency or the courts.
How long an employer retains records is an issue that legitimately trips up many organizations. This is largely due to the fact that time lengths vary by government agency and by state. If want simple and live by a single length of time, you should be safe to apply the number 7. Hold onto everything for active employees as long it is reasonable to do so. Hold onto to terminated employee records for seven years following termination of employment.