How AI, OpenAI, and ChatGPT impact business and software.
Records retention shrm
1. Complying With Workplace Records and Reporting Requirements Page 1 of 10
Complying With Workplace Records and Reporting
Requirements
12/13/2010
Scope—This article deals with the strategic development of a comprehensive records
management program to ensure that a company files reports in a timely manner with
the appropriate federal and state agencies, and maintains evidence of such records for the
required periods of time. Properly filing reports and maintaining records, and then
regularly disposing of files at the end of the required time periods, can play a strategic
role in ensuring the security and privacy of employee-related records, while reducing the
possibility of governmental fines and litigation exposure. This article will cover only those
records and related laws for which most HR professionals have responsibility.
Overview
Employers are often confused about reporting requirements, as well as what to keep and
for how long. There is good reason for this, given that there are more than two dozen
regulations that govern some aspect of employer recordkeeping and retention. See,
Records Management Rules, Regulations and Standards and Compliance
Resources. This reference article will address reporting, recordkeeping and
retention/disposal requirements under federal and state laws to assist companies in their
compliance efforts. Legal requirements are subject to frequent change; as a result, it is
important to monitor relevant laws closely. For the most current information about new
laws or proposed changes to current legislation, SHRM’s HR News and Federal Legal
News sites provide frequent updates. You can also receive up-to-date information via e-
mail on relevant topics by contacting SHRM’s Express Requests.
See:
• Federal Statutes, Regulations and Guidance.
• Federal Reporting Requirements.
• Federal Recordkeeping Requirements.
Not only do various federal agencies have their own reporting and record retention
requirements, but individual state and local statutes and regulations have
requirements that must also be considered. Some of the requirements apply to most all
employers, while others apply primarily to government contractors and subcontractors. In
addition, many of these requirements are dependent on the number of employees
employed by a company. See, Federal Labor Laws by Number of Employees.
Making the Business Case for a Comprehensive Records Management Program
Human resource departments typically generate and receive a significant volume of
records. And, because the laws are complex, employers often end up keeping more
records than are required. To reduce this burden, it is important for HR professionals to
make a strong business case for best practices in implementing a comprehensive records
management program. See, ARMA International Standards and Best Practices for
Excellence in Managing Records and Information. Key reasons include:
• Controlling the creation and growth of company records.
• Reducing operating costs.
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
2. Complying With Workplace Records and Reporting Requirements Page 2 of 10
• Improving efficiency and productivity, as well as office appearance.
• Assisting regulatory compliance and reducing litigation risks.
• Protecting important company information.
• Ensuring that information available to assist in decision-making is readily
retrievable.
Guidelines for Policy Development
A comprehensive records management program must address several key questions:
• What information is out there?
• Where is it currently stored, and where should it be stored?
• What needs to be kept and for how long?
• Who should have access?
• What system will work best to insure compliance with changing requirements?
Electronic data
A critical part of such a program will include a policy that provides broad guidance
concerning paper documents and electronically stored data.
See:
• HR Document Retention—Are You Legally Compliant?
• Avoiding the Perils of Electronic Data.
• Strategic Electronic Information Policies Can Minimize Legal Exposure.
• Managing Records & Information.
• Hot Topics-Document Retention.
Electronic data includes e-mail, web pages, word processing files, computer databases,
and any other information that is stored on a computer and exists in a medium that can
only be read through the use of computers. It also can include hidden electronic data left
behind when a manager adds or deletes text to a performance review, formulas
employees used for making spreadsheet calculations, edits to a memorandum, and other
unintentionally stored data.
Electronic data is becoming increasingly important in legal proceedings. See, Hard Facts
About Hard Drives: What Every HR Pro Should Know About Computer Forensics
and HR Magazine: E Is for Evidence. Consultation with legal counsel about electronic
data storage, retention and destruction is especially important since the Federal Rules of
Civil Procedure - Rule 34 was amended specifically to address discovery rules for
electronically-stored information. See, IT Needs to Be Involved in E-Discovery.
Key elements of a policy
An effective workplace records policy is the blueprint for compliance with federal and state
laws and regulations, as well as the practical guidance for consistent and effective records
management and retention. A number of key elements should be considered when
developing, implementing and maintaining a workplace records policy.
Definition of “record.” Specifically, a comprehensive policy will clearly define what is
meant by “record” so that the appropriate documents—both hard copy and electronically
stored data—will be governed by the policy.
Retention schedule. The policy should specifically identify the retention period for each
category of documents. In addition, it is fairly common for certain records to be governed
by more than one law; however, the periods of retention often vary, making it generally
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
3. Complying With Workplace Records and Reporting Requirements Page 3 of 10
advisable to retain the information for the longer period of time. See, Federal Record
Retention Requirements for Employers.
Access. A critical component of a comprehensive policy is the access that is granted to
various parties. A number of laws, such as the Health Insurance Portability and
Accountability Act, contain specific provisions for who may access information and how
it may be used. Generally, information should only be made available on a “need to know”
basis. See, Safeguarding HR Records.
Storage and format. The policy should designate the specific location to which records
will be sent for retention, as well as the format in which the records will be maintained—
either hard copy or in electronic format.
Security and privacy. It is critical to protect the confidentiality of your employee records
and the privacy of the information contained in them. See, Safeguarding HR Records
and Employee Records Confidentiality Philosophy Policy. A comprehensive policy will
include measures to ensure the physical security of the records, whether stored in hard
copy or electronically. See, Information Management Journal.
Compliance with retention laws. Failure to comply with state and federal laws on
record retention may have unwanted consequences, such as civil penalties for destroying
records before the end of the required retention period. Additionally, if sued by an
employee for discrimination, records to aid in defending the claim may not be available,
which, in addition to weakening the defense, may support a presumption by the court of
intentional destruction as a cover for the alleged discrimination.
Careful and timely destruction of documents. Records should never be destroyed
without first reviewing record retention and destruction requirements and checking to
ensure that litigation is not pending. Any records containing confidential, personal and/or
financial information should be completely shredded or fully incinerated to protect
employee privacy and comply with applicable laws. See, Record Review and
Destruction Checklist.
Consistent policy implementation and periodic audits. Record retention rules and
procedures must be consistently applied and followed to insure legal and policy
compliance. Those charged with record retention requirements should periodically audit
the policy and practice to ensure that internal requirements are current and are being
followed correctly. See, HR Basics: Human Resource Audits and Self-Audits Prevent
Litigation, Unless They’re Half-Baked.
Required Records and Maintenance of Employee Files
Employee files should be located in a secure location and be kept strictly confidential.
Access should be restricted to those with a legitimate “need to know” or as required by
law. See, Despite Publicity, HR Data Breaches Continue. There are several categories
of records that must be maintained according to specific requirements.
Employee records to be maintained in personnel files
Certain records related to employees and their employment history should be maintained
in an employee’s personnel file. These records include:
Pre-employment documents. These include job descriptions, job applications or
resumes, offer letters, pre-employment reference checks, candidate interview evaluations,
forms relating to employee benefits, signed acknowledgments of receipt and agreement
with the company’s employee handbook and code of conduct and other key policies, and
emergency notification forms, among others.
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
4. Complying With Workplace Records and Reporting Requirements Page 4 of 10
Employee’s work history. These include records related to job performance, promotions
and transfers, compensation, performance appraisals, awards or citations for excellent
performance, records of attendance and completion of training programs, warnings and
any formal discipline, notes on attendance or tardiness, and any contract or written
agreement between the employee and the employer.
Separation of employment. These include exit interviews, separation checklists, notes
about reason for separation, unemployment documents, insurance continuation forms,
any signed separation agreement, COBRA notices, correspondence, and reference
statements.
Other employee and applicant records to be maintained in separate files
Certain employee records should be maintained in files separate from an employee’s
personnel file to protect the privacy rights of employees and to insulate employers from
liability. This category of documents includes the following types of records:
• All medical records, including pre-employment medical exams; disability benefit
claim forms; notes from doctors; requests for FMLA leave; requests for ADA
accommodations; worker’s compensation history; claims and related documents;
fitness for duty results; functional capacity assessments; referrals concerning an
employee’s participation in the company’s Employee Assistance Program; results of
drug/alcohol tests; reimbursement requests for medical expenses; health-related
information about an employee’s family members; and any documentation about
past or present health, medical condition, or disabilities. See, HHS Issues HIPAA
Breach Notification Rule.
• Credit reports, including any consumer-related credit information, personal and/or
financial data. See, Fair Credit Reporting Act (FCRA) of 1969 and Legal
Trends: Just the FACT Act, Please.
• Immigration forms, including USCIS Form I-9 and supporting documents confirming
employment eligibility (keeping these documents separate also makes it easier for a
company to produce the desired records if subject to a government audit).
• Documents related to complaints and investigations, including internal claims,
government agency claims and lawsuits, which are to be kept on file until the claim
or other litigation is fully resolved.
• Payroll data required by Fair Labor Standards Act and state labor laws
governing the types of and requirements for records and related documents (e.g.
garnishment orders) that must be maintained. In addition, under the Lilly
Ledbetter Fair Pay Act of 2009, employers now need to be prepared to document
the reasons for their pay decisions, so these records need to be kept as well. See,
Ledbetter Act Adds Lengthy To-Do List for HR.
• Applicant data for candidates who were not hired, including job advertisements,
resumes, employment applications, job orders submitted to any agency, reference
checks, results of physical examinations, employment test results, credit reports,
validity documentation of tests used in the selection process, and related
information.
See:
• Title VII of the Civil Rights Act of 1964.
• Americans with Disabilities Act of 1993 (ADA).
• Age Discrimination in Employment Act of 1967 (ADEA).
• Executive Order 11246.
Reporting and Retention Guidelines
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
5. Complying With Workplace Records and Reporting Requirements Page 5 of 10
The Human Resources function within an organization typically has the primary
responsibility for compliance with the requirements of the laws that govern reporting,
recordkeeping and retention/disposal for employee and applicant records. The following is
an overview of those laws.
Federal tax and compensation records
A number of federal laws, including the Federal Insurance Contribution Act of 1935
(FICA), the Federal Unemployment Tax (FUTA) and the Internal Revenue Code’s
federal income tax withholding regulations, require that employee records related to
mandatory federal taxes be retained for at least 4 years from the making of the record or
date of filing. These records generally include basic employee demographic records (e.g.,
name, address, social security number, gender, date of birth, occupation and job
classification) along with records of total compensation, tax forms, records of hours
worked (regular work hours and overtime), and payments to annuity, pension, accident,
health, or other fringe benefit plans, as well as all wages subject to withholding and the
actual taxes withheld from wages. In addition, a Form W-2 must be provided to
participants before February 1 and to the Social Security Administration before March 1.
The Equal Pay Act of 1963 and the Fair Labor Standards Act require retention of
basic employment-related records (e.g., those containing employee demographic
information, payroll records, individual contracts or collective bargaining agreements, etc.)
for a period of three years; however, records on which wage computations are based must
only be retained for two years (e.g., time sheets, wage rate tables, work and time
schedules, and documentation of the basis for payment of any wage difference to
employees of different sexes). Certificates of age must be kept until termination of
employment. There are no external reporting requirements.
Employment-related records
The Equal Employment Opportunity Commission (EEOC) has developed a
comprehensive guideline for recordkeeping and retention titled Record Management:
File Creation, Maintenance and Disposition, which should be consulted at the outset
of any policy development or decision-making.
Title VII of the Civil Rights Act of 1964 (as amended in 1991) and the Americans
with Disabilities Act (ADA). Employers with at least 15 employees must retain
applications and other personnel records (e.g., employee demographic data, pay rates,
compensation earned each week, employee benefit plans, written seniority or merit rating
systems, etc.) relating to hires, rehires, tests used in employment, promotion, transfers,
demotions, selection for training or apprenticeship, layoff, recall, rates of pay or other
terms of compensation, terminations or discharge, for one year from making the record or
taking the personnel action, whichever is later. Personnel records relevant to a charge of
discrimination or other action must be retained until final disposition of the matter. These
retention guidelines also include documentation related to candidates for a position who
were not hired.
Uniform Guidelines on Employee Selection Procedures of 1978 (UGESP). UGESP
provides additional guidance for employers subject to Title VII or Executive Order
11246. These guidelines require the collection of information regarding an employee's
race and sex, as well as veteran and disabled status. In addition, the UGESP requires
records showing the impact of employment selection processes on minorities and females.
As a result, information with respect to employment transactions (records with respect to
applicants, offers, hires, rehires, tests used in employment, promotions, transfers,
demotions, selection for training, layoff, recall, terminations or discharge) must generally
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
6. Complying With Workplace Records and Reporting Requirements Page 6 of 10
be retained for 2 years (with certain exceptions based on number of employees or amount
of the contract). See, OFCCP Directive Transmittal Number: 279.
Age Discrimination in Employment Act and Older Workers Benefit Protection Act
(OWBPA). These laws generally require that employers must maintain the same type of
information required by Title VII and the ADA, but for a period of three years. See:
• Federal Equal Employment Opportunity Laws.
• Managing Equal Employment Opportunity.
• Understanding Waivers of Discrimination Claims in Employee Severance
Agreements.
• Affirmative Action Toolkit.
Immigration Reform and Control Act of 1986 (IRCA). IRCA requires that an
employee’s eligibility to work in the United States must be maintained for three years
after date of hire or one year after date of termination, whichever is later. The relevant
documentation is the newly revised USCIS Form I-9, which new employees are required to
sign to confirm their eligibility to work upon being hired. See, Justice Department final
rule on electronic I-9 form and DHS Issues Final Rule on Electronic Signature and
Storage of Form I-9.
Employee Polygraph Protection Act (EPPA). Polygraph test results of an employee,
the reasons for administering the test, and related records must be retained for at least 3
years. No external reporting is required.
Worker Adjustment and Retraining Notification Act of 1988. The WARN Act protects
workers, their families, and communities by requiring most employers with 100 or more
employees to provide notification 60 calendar days in advance of plant closings and mass
layoffs. See, Fact Sheet - The Worker Adjustment and Retraining Notification Act
and Employers Guide to Advance Notice of Closings and Layoffs for required
reporting to employees and the state rapid response dislocated employees unit. The DOL
published regulations on the requirements of WARN; however, the DOL has no
enforcement or administrative responsibility. The DOL’s Employment and Training
Administration (ETA) administers programs for displaced workers. Some states have
plant closure laws of their own. See, State WARN Laws Apply to Employers Not
Covered by Federal Act. Contact should be made with a State Dislocated Worker
Unit Coordinator in advance of any action to ensure compliance with notice
requirements in a specific area.
Employee retirement and welfare benefit plans
Employee Retirement Income Security Act of 1974 (ERISA). ERISA requires
employee benefit plan administrators to provide information to each participant and
beneficiary about retirement (e.g., pension and 401(k) plans) and welfare plans (e.g.,
accident, health, and temporary disability plans, vision and dental benefit plans, long-term
disability plans, life insurance plans, education assistance program, and group legal
service plans, etc.). The required information includes a summary plan description (SPD)
identifying, in understandable terms, the plan participants’ eligibility for participation and
benefits under the plan. Plan changes must be communicated in a timely manner through
either a new SPD or a summary of material modification. While the SPD is not required to
be filed with the DOL, it must be furnished upon request. See, What should a summary
plan description include?
An annual report (Form 5500 and related schedules) must be filed with the DOL
containing financial and other information concerning the operation of each plan. Plan
administrators must also furnish participants and beneficiaries with a summary of the
information contained in the annual report. Smaller plans may be exempt from this
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
7. Complying With Workplace Records and Reporting Requirements Page 7 of 10
requirement. There are both IRS and DOL penalties for failure to file on time. The DOL has
issued a Reporting and Disclosure Guide for Employee Benefit Plans, a
comprehensive guide for employers.
See:
• Benefit Plan Annual Reporting.
• Benefits- Reporting & Disclosure.
• Benefit Plan Audits: New Tips from the IRS.
Employers are required to maintain benefits-related records for 6 years. See, ERISA
Filing Acceptance System.
Family and Medical Leave Act (FMLA) and the Uniformed Services Employment
and Reemployment Rights Act of 1994. These federal laws require the retention of
certain records with respect to payroll and demographic information, as well as
information related to the individual employee’s leave (e.g., dates leave taken, hours if
taken in increments of less than one full day, etc.) for a period of 3 years. See, Managing
Military Leave and Military Family Leave and U.S. Department of Labor - Wage
and Hour Division (WHD) - The Family and Medical Leave Act. As with most federal
employment laws, notices are required to be prominently posted, but there are no other
external reporting requirements.
Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA). COBRA
requires that employers provide timely notice to employees of their right to continuation
of certain employee benefits after their termination of employment. COBRA regulations do
not specify a mandatory recordkeeping period for COBRA-related notices and
correspondence with employees. (Note: since COBRA amended ERISA, most employer
retention schedules are structured to maintain these records for 6 years from the date of
the record, in accordance with ERISA requirements.)
Health Insurance Portability and Accountability Act. HIPAA establishes standards for
the privacy and security of health-related information, as well as for the electronic
interchange of that information. In general, the required retention period for
documentation under HIPAA is six years from the date of creation, or the date last in
effect, whichever is later. If state laws require longer retention, the state requirements
should be followed. See, HHS Issues HIPAA Breach Notification Rules. Similarly, the
Genetic Information Nondiscrimination Act (GINA), which became effective on
January 1, 2010, is designed to protect the privacy of employee medical records. GINA
requires employers to segregate genetic information within confidential medical files so
that only those with access to the files on a need-to-know basis are aware of the presence
of the information related to genetics. See, Coordinate GINA Compliance with Leave,
ADA and HIPAA Policies.
Health and safety matters
Occupational Safety and Health Act of 1970. The OSH Act requires employers to
prepare a log and post an annual summary (OSHA No. 300/300-A) of job-related
injuries and illnesses. In addition, any incident resulting in a fatality, a lost-time case, or
medical expense, including termination and permanent transfer, must be investigated,
analyzed and documented on a supplementary record and kept for five years. However,
records of monitoring exposure to hazardous materials, claims or complaints, and medical
exams (along with toxic substances and blood-borne pathogen exposure) must be
retained for the duration of an individual’s employment, plus 30 years. See, OSHA
Recordkeeping Handbook and OSHA Recordkeeping Policy and Procedures
Manual.
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
8. Complying With Workplace Records and Reporting Requirements Page 8 of 10
Omnibus Transportation Employee Testing Act of 1991. Governed by the U.S.
Department of Transportation, this law requires drug and alcohol testing of safety-
sensitive transportation employees in aviation, trucking, railroads, mass transit, pipelines
and other transportation industries. DOT requires covered employers to submit various
drug and alcohol testing data each year. See, Employer Recordkeeping Regulations
for Drug and Alcohol Testing Information and US DOT Drug and Alcohol Testing
MIS Data Collection.
Employers are also required to maintain records related to drug and alcohol test results,
testing process administration, return-to-duty process administration, as well as employee
and supervisor training records. Records are required to be kept in paper format, in a
secure location with controlled access and in locked file cabinets and/or password
protected if stored electronically. Each federal agency covered by these rules has issued
specific retention schedules, which generally vary from 1 to 5 years, depending on the
specific record, the industry and agency under which a company is operating (e.g., airline,
motor carrier, railroad, transit, pipelines, and maritime). In addition, employers are
required to check on the previous 2 years of drug and alcohol testing background of new
hires and other employees beginning safety-sensitive work and are generally required to
retain those records for a period of 3 years from receipt.
Additional requirements for federal contractors and subcontractors
Federal contractors and subcontractors are subject to the Davis-Bacon and Related
Acts (DBRA), which requires retention of employee demographic information and
compensation records for a period of 3 years from the end of a collective bargaining
agreement. In addition, the Walsh-Healy Act of 1936 also requires the retention of data
with respect to job-related injuries and illnesses, specifically logs with dates and
summaries, as well as the details of any accidents.
Federal contractors and subcontractors are also subject to Executive Order 11246, the
Vietnam Era Veterans' Readjustment Assistance Act, the Rehabilitation Act of
1973, Section 503, and must file a Vets 100 Report annually. See, What is the
Difference Between the VETS-100 and VETS-100A Report Forms and Who Should
File Each? As noted above, AAPs must also be prepared and annually updated.
Contractors are required to maintain the current year’s AAP along with documentation of
good faith efforts, as well as its prior year plan and related documents.
New employment verification laws will require all federal contractors to verify the work
authorization of all new hires and existing employees assigned to federal contracts signed
after September 8, 2009. See, Court Upholds E-Verify Rule for Federal Contractors.
Contractors are also subject to the Drug-Free Workplace Act of 1988, which makes it
a requirement that every employee who is engaged in the performance of the covered
contract or grant be given a copy of the company drug-free policy statement. See, Drug-
Free Workplace Advisor.
Records without Specific Retention Guidelines
While most records retention requirements are typically dictated by federal or state
statutes, there are some situations where no time period is prescribed. The Uniform
Preservation of Private Business Records Act (UPPBRA) sets a 3-year time limit for records
without a statute-specific retention period. This uniform law has been enacted by a
number of states and provides a general guideline in others, although employers should
consult with legal counsel to determine their individual compliance obligations and
suggested best practices.
Record Disposal Requirements
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
10. Complying With Workplace Records and Reporting Requirements Page 10 of 10
http://www.shrm.org/TemplatesTools/Toolkits/Pages/RecordsandReportingRequirements.... 1/13/2011
