Managing Personnel Records: Practical, Legal and Security Issues
4/11/2014
Overview
Personnel records are the repository of personal, organizational and legal data and documents concerning individual employees and their relationship with the employer. They provide at-a-glance information on an employee's work performance, pay rate, employee benefits, prior work history, work-related background, training and development, advancement, counseling and discipline, and other documented employment facts. A personnel record should be a synopsis of an individual employee's history of employment that is constructed, maintained and relied upon by not only human resources but also other supervisory and management staff within an organization. Personnel records provide the foundation for references, employment verifications and background inquiries.
This article discusses some of the key concepts in managing personnel records, including the design of the personnel records management system, and includes a thorough list of what to include and what not to include in personnel files. The article then reviews computerized personnel systems as many employers are transitioning their personnel records management systems from paper-based records and files to electronic databases integrating HR automation and technology. The article also discusses relevant the federal and state laws and closes with issues to consider in safeguarding of personnel files.
Designing a Personnel Records Management System
While employers have "architectural license" to design legally compliant record-keeping systems, the design should establish a foundation and structure supported by concrete policies and practices that assist in the collection, maintenance, retention and safeguarding of all information essential for handling various job-related matters. The blueprint for this layout should be developed with due consideration of relevant state and federal laws that govern record keeping, the retention and destruction of employee records, employee accessibility to records, and employee privacy concerns. The system must facilitate mandated compliance reporting needs and guarantee the protection and privacy of sensitive employee information.
Issues to consider
An initial assessment of a personnel records management system includes the following inquiries:
- Are all personnel record-keeping policies compliant with applicable state and federal laws?
- What should be placed in a personnel file?
- Should I-9s be kept separately from personnel records?
- Where should medical information be filed? What is considered protected health information?
- Is the system designed to properly safeguard the privacy of employee information?
- Does the system create efficiency in the accessibility and usage of employee files?
- Does the system meet administrative needs of extracting employee data for compliance reporting?
- Should personnel records be automated?
- Are files logistically secure to prevent damage in the event of a catastrophe (flood, fire, vandalism, theft, tampering, etc.)?
- How long must records be retained?
- Can files be consolidated after an employee has been terminated?
- What procedures must be followed in disposing of personnel records?
What to Include in Personnel Files
Personnel records contain all employee information essential for handling various employment-related matters. Information that is collected, maintained and secured in personnel files typically includes the following categories of documents, forms, notes and other writings.
Documents used in recruiting, screening and hiring job candidates
These include applications for employment, résumés and educational transcripts.
Job descriptions
Job descriptions document a job's major functions or duties, responsibilities and/or other critical features, such as skill, effort and working conditions. As such, they are an important part of the employment relationship and should be included in an employee's personnel records. Having documentation of the essential functions of a job in a personnel file becomes critical when responding to an employee's request for reasonable accommodation or defending a claim of disability discrimination under the Americans with Disabilities Act.
Written documentation of actions taken during the course of employment
Personnel records also contain documents, forms, requests, interview notes and other pertinent information related to an employee's promotion, demotion, transfer, layoff or other employment actions. Test documents that have been used by the employer to make an employment decision, such as promotion or transfer to another position, should be included in an individual's personnel records. See, Disciplinary Demotions Can Be a Risky Proposition and How to Conduct a Layoff or Reduction in Force.
Pay and compensation information
Information documenting rates of pay and other forms of compensation, including any changes, is included in personnel records.
Education and training records
A personnel file typically will contain information related to an employee's educational records, which may have been requested or submitted during the interview and hiring process. Personnel files also typically contain records of employee training and development activities. Acknowledgment of completing harassment prevention and other workplace EEO and diversity training sessions should be retained in a personnel file and may become an important part of an employer's defense to a complaint of harassment or discrimination. See, Background Checks: Why should an employer verify an applicant's education?
Receipts for handbooks, employment-at-will disclaimers and policies
Other documents, forms and information that become an important part of employee personnel files include acknowledgements for receipt of employee handbooks, electronic communications policy, employment-at-will statements and other employer policies and notices issued to employees as part of a legal compliance and/or best preventive practices program.
Documentation of employee performance
Documents and forms pertaining to managing employee performance are retained in employee personnel files. These include performance appraisal and compensation reviews, which build an important foundation for employee development and evaluation and for future employment actions. They become especially vital in defending a decision that adversely impacts employment status, such as a demotion or termination.
Employee recognition programs
Letters of recognition, awards and citations for superior job performance, such as those from formalized recognition programs, informal comments of supervisors or customer letters of appreciation also become an important part of an employee's personnel file.
Warnings, counseling and disciplinary actions
Personnel files often play a critical role in an employer's defense of an adverse employment decision. Documentation of employee performance or conduct contained in personnel records may become critical evidence of the employer's legitimate and lawful reason for the administration of discipline or involuntary termination. As such, personnel files should contain documentation of any disciplinary notices, written warnings, incident reports, records of verbal counseling, reprimand/disciplinary reports, action plans for improving performance, last-chance agreements or other documents supporting adverse employment actions.
Documents regarding termination of employment
Documents used in the process of employment termination should be retained in personnel files. They may include a termination action form, termination checklist, waivers and severance agreements, and exit interview questionnaires, among others.
What Not to Include in Personnel Files
Certain types of employee records, forms and information must be kept in separate files and should not be included in personnel files because of the sensitive and confidential nature of the information. These types of documents include, but are not limited to, the following:
- Medical and insurance records, including drug testing results.
- EEO statistical information pertaining to protected employment status.
- Invitation to self-identify disability or veteran status.
- U. S. Citizenship and Immigration Services I-9 forms and supporting documentation (see, How to Retain and File the I-9 Forms).
- Safety training records (so an OSHA auditor would not have access to personnel records).
- Child support or wage garnishment orders.
- Documents created in anticipation of, or in response to, litigation, including investigation reports, notes, e-mails and other writings.
- Confidential, privileged, attorney-client privileged and need-to-know-only information documenting employee performance (see, Watch What You Write When Documenting Employee Performance).
- Claims for workers' compensation.
- Information obtained from background investigations and reference checks (see, Conducting Background Investigations and Reference Checks).
- Requests for verification of employment and/or payroll information and any written responses to such requests.
Personal observations, notes or e-mails of an informal nature about an applicant or employee should not be included in personnel files. Writings that are not protected from discovery by the attorney-client privilege may be and have been used as evidence of discrimination and other unlawful conduct in employment litigation.
Computerized Personnel Records Systems
In the age of automation and implementation of HR technology, many employers are moving toward having a paperless HR environment, which includes the electronic storage and maintenance of personnel records. A human resource information system, or HRIS, is a computer database used to gather, store, maintain and retrieve relevant employee and HR-related information. A computerized personnel records system offers many benefits over a paper system, but it does not relieve an HR department from responsibilities for the maintaining and safekeeping of the information. An HRIS also presents issues concerning access, backup and security for the computerized information. See, Personnel Records: Retention: Can we keep our personnel records on the computer or on microfilm instead of on paper?
In conjunction with the IT department, HR should create a data storage strategy that includes:
- Understanding the laws governing HR records. You need to know what you have to keep and for how long and be aware of the possible legal problems should you fail to retain records properly.
- Keeping up with evolving options for records storage to ensure that information does not become trapped in obsolete technology.
- Learning about the different types of storage media to talk knowledgeably with IT about how to store personnel records.
- Considering off-site records storage, either through transporting tapes or disks to a storage firm or to another of your company's own locations, or sending data over the Internet to online storage firms.
See, Create a Strategy for Data Storage.
Federal and State Laws Concerning Personnel Records
There has always been some confusion among employers concerning legal requirements for record keeping and retention. Not only do various federal agencies have their own record retention requirements, but individual states also have requirements that have to be followed. Some of the requirements apply to most employers, while others apply primarily to government contractors and subcontractors. Many of these requirements are dependent on the number of employees or the purposes for which the record keeping is designed. See, Complying with Workplace Records and Reporting Requirements.
Federal law requirements
A number of federal laws and administrative regulations require employers to maintain and retain for various periods of time personnel records containing specific employee information, including the following:
- Federal tax and compensation records: Federal Insurance Contributions Act, Federal Unemployment Tax Act, federal income tax withholding, Equal Pay Act, Fair Labor Standards Act (FLSA), Lilly Ledbetter Fair Pay Act of 2009.
- EEO laws and regulations: Title VII of the Civil Rights Act, the Americans with Disabilities Act, Age Discrimination in Employment Act, Uniform Guidelines on Employee Selection Procedures.
- Employee benefits: Employee Retirement Income Security Act (ERISA), Family and Medical Leave Act (FMLA).
- Workplace health and safety: Occupational Safety and Health Act (OSH Act).
- Workplace testing: Employee Polygraph Protection Act.
Privacy rules under the federal Health Insurance Portability and Accountability Act (HIPAA)
All covered health plans under HIPAA are required to be in compliance with that law's privacy rule and security rule for employees' protected health information and electronic protected health information, respectively. These rules require employers that maintain their own health plans to physically separate and safeguard protected information received from a group health plan.
Government contractors and subcontractors
In addition to other employee records requirements, federal contractors and subcontractors may be subject to the Davis-Bacon and Related Acts (DBRA), the Service Contract Act (SCA) and the Walsh-Healey Public Contracts Act (PCA), all of which require retention of employee demographic information and compensation records for a period of three years. Federal contractors and subcontractors also may be subject to the records requirements of Executive Order 11246, the Vietnam Era Veterans' Readjustment Assistance Act (VEVRAA) and the Rehabilitation Act of 1973, Section 503, all of which require retention of certain employee records for a period of at least three years, or longer in the event of litigation.
Disposal of personnel records
Since 2004, identity theft has been the country's number one consumer fraud issue. The Federal Trade Commission has issued rules governing employer disposal of applicant and employee records derived from consumer reports under the Fair Credit Reporting Act. The disposal of personnel records containing information derived from individual credit reports is governed by the Fair and Accurate Credit Transactions Act (FACTA), which requires employers to shred any and all documents that contain information derived from a credit report. See, Record Retention and Destruction (specific to government contractors) and New Year's Time to Review Screening Documents to Keep, Toss.
State laws and regulations
Many states have laws governing employee access to personnel files as wells as requirements to provide copies of information from those files. The laws address issues such as who has access (current and former employees), the frequency of access, persons authorized to obtain copies, exceptions to the information accessible by employees, prohibitions on the kinds of records to be kept, record corrections, available legal remedies, and disclosure to third parties. See, State laws governing employee access to personnel files.
Protecting Personnel Files
Personnel records contain a wealth of private and confidential information susceptible to incidents of identity theft, fraud and data security breach. Given the seriousness of this issue, employers should take steps to protect the privacy and security of personnel information.
Developing a personnel file access policy
Adopting a written policy on employee access to personnel files will allow supervisors and the HR department to be consistent in response to employees' requests to access their files. The policy should:
- Comply with applicable laws.
- Define personnel file, both as the term is used within your organization and according to applicable law.
- Specify who is authorized to inspect personnel files.
- State where, when, how often and under what circumstances workers can review or copy their files. To maintain the integrity of records, access should be permitted under some type of supervision.
- Provide an opportunity for employees to rebut or challenge information.
Restricting access to personnel files
Limiting access to personnel files and following the rules for segregation of specific kinds of employee information will help guarantee the safety and security of sensitive employee information. The following chart illustrates categories of employee information and individuals who should be given access:
Personnel
- Employee.
- Supervisor with a need to know.
- Former employee (check your state's provisions).
- Human resources.
Medical/Confidential
- Human resources.
- Supervisor as needed for reasonable accommodation.
- Government/legal agencies conducting investigation relevant to medical issues.
Payroll
- Payroll staff.
- Human resources.
- Auditing/emnvestigating agencies.
I-9
- Human resources.
- Auditing/emnvestigating agencies.
Conducting personnel file audits
Employers conduct audits of personnel files for many reasons, including:
- To ensure compliance with applicable laws and regulations governing the storage, maintenance and protection of employee records and other information.
- To eliminate documents that are no longer required or needed. See, Is it shredding time yet?
- To ensure that personnel files do not contain information that should be maintained separately or that could be used as evidence of unfair or unlawful treatment.
- As part of a comprehensive audit of personnel policies, practices and procedures to determine legal compliance, effectiveness in achieving business and strategic goals and other business concerns.
- To insure that systems for safeguarding employee information are in place, up to date and effective.
Safeguarding the security and privacy of personnel files
Given the increasing concerns over identity theft, data security breach, fraud and other actions that compromise the security and confidentiality of information contained in employee personnel files, employers should conduct audits periodically to evaluate the sufficiency and effectiveness of their personnel records safeguards. If processes are found to be deficient, new safeguards should be implemented. As part of this audit process, employers should include a review of what employee information is maintained, how it is shared with others, both internally and externally, and whether there are nonpersonal identifiers that could be used.
See, "Stolen Identity" Protecting Employees from Identity Theft and Security: Identity Theft Checklist.
Original Article - http://www.shrm.org/templatestools/toolkits/pages/managingpersonnelrecords.aspx