HR Tip of the Week

Posted on  |  Policies, Compliance

The Essential Recordkeeping Checklist for Employers

Many federal, state and local laws require employers to retain certain employee records. These laws typically dictate which records employers must retain, for how long, and who should have access to those records. Here’s a checklist to help you review your company’s recordkeeping practices.

check_approvedAre personnel files complete for each employee?

Review each personnel file to ensure that it includes all relevant employment information. Generally, personnel files should contain records related to:

  • Hiring (such as application and resume, promotion, demotion, transfer, layoff or termination)
  • Status as exempt or non-exempt
  • Rates of pay and salary history
  • Training records
  • Job descriptions
  • Employee handbook acknowledgments
  • Performance reviews and any disciplinary actions taken against the employee 

check_approvedDo you keep separate files for medical and other sensitive information?

Some laws specifically call for certain records to be kept in a separate confidential file. The following information should NOT be kept in personnel files:

  • Any information reflecting an employee's membership in a protected group, such as their voluntary self-identification of gender, ethnicity or race, veteran's status or as an individual with a disability.
  • Any document relating to an employee's health or medical condition, including doctors’ notes and medical certification forms, drug test results, and leave of absence requests based on an employee's injury or disability.
  • Form I-9 and supporting identity and work authorization documents. It is a best practice to store all I-9 forms together in one file, since they must be produced promptly following an official request.
  • Records concerning workplace investigations (written statements from all relevant parties, interview notes, final investigation report, etc.) should be kept in a separate workplace investigation file.

check_approvedDo you have a completed Form I-9 for each employee?

Employers must complete and retain an I-9 for every employee hired in the United States. Employers must retain I-9 forms for at least three years, or for one year following the employee's separation from the company, whichever is later. If an I-9 was never completed or it is missing, complete the current version of the form as soon as possible.

check_approvedAre records retained for at least the minimum period required by law?

Various laws establish minimum retention periods, and some of these extend well beyond termination. For example, the Immigration Reform and Control Act (IRCA) requires all employers to retain I-9 forms for three years from the employee's date of hire or one year following their separation from the company, whichever is later. The Fair Labor Standards Act (FLSA) requires timecards, work schedules, and other records on which wage calculations are based be kept for two years. Other pay-related records must be kept for three years.

Federal nondiscrimination laws require certain documents (e.g., hiring documents, performance records and accommodation requests) to be kept for at least one year from the date the records were made, or from the date of the personnel action involved, whichever is later. If a complaint is filed, employers must retain these records until the final disposition of the complaint. Other federal laws also have recordkeeping requirements. Additionally, your state and local laws may require longer retention periods and/or employers to maintain additional records.

check_approvedAre records kept securely?

Establish adequate administrative, technical and physical controls to properly secure employee records. Paper records should be stored in a locked location, with access limited to one individual who is chiefly responsible for maintaining the files. Electronic records should be encrypted, password protected (which should be changed frequently), and maintained on a secure server. Evaluate electronic systems regularly to ensure that new technology and viruses don’t compromise security.

check_approvedIs access to records restricted to those who need to know?

Verify that access is restricted to those who have a need to know the information. For example, managers should only be given access to performance information, such as their employees' attendance records and performance reviews. Keep a log of who accesses employee records, the date of access, and why. If employee records are stored electronically, ensure that the software is able to control and log when records are accessed and by whom. Audit paper and electronic logging systems frequently to help ensure access is properly traced.

check_approvedAre employees granted access to their own personnel files in accordance with state law?

Several states require employers to grant employees access to their own personnel file upon request. If you’re not subject to this type of requirement, you can decide whether you will grant employees access to their files. However, the practice must be applied consistently — that is, if you permit one employee to view their records, you must allow access under the same conditions for all employees who request their access. It's a best practice to keep records of when employees request and access their files.

check_approvedAre employees allowed to submit a written rebuttal to information they dispute in their personnel files in accordance with state law?

Many of the states that require employers to give employees access to their personnel files also require employers to allow employees to submit a written rebuttal to information they dispute. If you are in one of these states and you and the employee cannot agree to change or remove the information, you must allow the employee to submit a written statement, and then keep it with the disputed information.

check_approvedAre records disposed of properly?

Generally, at the end of the retention period, employers must dispose of all employee records, so they can't be read or reconstructed. Examples of disposal include, but are not limited to, burning, pulverizing or shredding the records; ensuring the destruction or removal of electronic media containing the employee information; and contracting with a reputable third-party vendor to properly dispose of the records in compliance with federal regulations.


Ensure that your recordkeeping practices comply with federal, state and local laws. Use this helpful checklist as you review your current practices, and consider any adjustments you need to make.

    Most popular