Recordkeeping Compliance Tips

Nondiscrimination and privacy laws make recordkeeping a daunting task. Here are some compliance tips for today’s highly legislated and regulated business world:


Not all files are the same.

A Personnel file contains documents used to determine qualifications for employment (e.g., promotion, transfer, compensation), discharge, and other discipline. Therefore, do not include records indicating protected characteristics – race, religion, marital/dependent status, date of birth (age) and the like – because this information should not determine an employee’s qualifications. In some states, like Illinois, employees have the right to inspect personnel files, and even submit rebuttals! Typically, there are limits to frequency of reviews and the types of records which may be reviewed.

Secure Payroll/Confidential files maintain sensitive personal and financial information, such as date of birth, Social Security Number, financial account information, marital/familial status, wage garnishments/assignments, and self-identifying of race, disability or veteran status records. While subject to discovery in litigation, these files are typically not subject to personnel records review.

Medical files house FMLA and other medical absence records, requests for disability accommodation, and other personal health information. Safeguard these files on a strict need-to-know basis; direct supervisors should almost never have access to a subordinate’s medical file.

Use separate files for each investigation (sexual harassment, theft, or other) and Workers’ Compensation accident.  All Forms I-9 should be stored in one file.


Given the increase in employment litigation, good file hygiene is a must:

  • Ensure forms are compliant. Update applications and other personnel forms to make recordkeeping easier.
  • Develop a record-retention policy – Ensure you keep records for the required period of time. Even employment applications for non-hires must be retained for at least one year from the decision date. In Illinois, employment records should be kept for the length of employment plus 3 years; payroll records and individual employment contracts should be kept for 10 years post-employment. Hazardous exposure/monitoring reports (MSDS) must be kept for 30 years! Other records fall in between, varying by applicable law.
  • Destroy old records! The inclination to cheaply archive old data can significantly increase litigation costs. Before you just purge though, make sure you understand legal obligations in keeping records (see record retention above). When purging make sure to follow your schedule and the law, including any preservation obligations because of actual or pending litigation.
  • Execute an audit plan. Prepare proper files for all new employees. Divide current employees by months, and review a few each week, separating old employment files into the correct categories. While it was once common for job applications to ask date of birth, marital status, gender, and similar questions, this is a ripe source for a discrimination claim. Consider strategies to re-categorize or separate out such information. Consider an overall HR audit to make sure all of your policies, procedures and forms are in line with current laws.
  • Protect your data from breach. Encrypt and password-protect electronically stored files.

Seek the advice of experienced employment counsel when faced with a records request or to help with the audit. They know the law, and can quickly ensure that the proper records are produced (or not) and avoid a Department of Labor records review compliance investigation.

Welcome to the Labor and Employment Law Update where attorneys from Amundsen Davis blog about management side labor and employment issues. 



Recent Posts



Jump to Page

This website uses cookies. We use cookies to improve user experience, functionality, and site performance. We do not and will not sell your personal information. If you choose to continue browsing, you consent to the use of cookies. You can read more about our Cookie Policy in our Data Privacy Policy.