Personnel files: Identifying vulnerable record-keeping practices

Most employees go after records or attack your record-keeping practices when they initiate lawsuits. Most lawsuits in this area center on poor references by managers, the collection of inappropriate records, or the release of sensitive information to an unauthorized person.

Here are 10 steps you should take now to reduce your liability:

1. Restrict access to employee records to those with a business need-to-know.
2. Examine your record-keeping practices periodically and communicate them to all employees.
3. Review each employee’s file annually and remove all dated or inappropriate information.
4. Provide a preprinted request form to allow employees to set an appointment to examine their records.
5. Provide a private, quiet room where employees are allowed to examine their records.
6. Have a knowledgeable person available who can interpret records and help employees correct mistakes or respond to unfavorable charges.
7. Allow employees to make notes or copies of documents.
8. Provide a reasonable amount of time for employees to inspect their records.
9. Provide a change request form so that employees can correct or update personal information.
10. Set up an in-house grievance procedure to review all employee complaints about information contained in their files.

Managers’ Record-Keeping Missteps

Common mistakes by managers can make their respective companies vulnerable to defamation, slander, and invasion of privacy lawsuits. Take these steps to educate managers immediately.

• Every manager and employee with access to confidential information must understand the necessity of restricting this data to those with a “need-to-know.” Discipline managers or employees who divulge confidential information about employees.
• Explain that every comment a manager writes about an employee may someday be read by either the employee or a judge. Managers should write performance and discipline reports with that admonition in mind.
• Make “secret” files about employee performance or behavior off-limits. If the evidence is substantial, it should be included in legitimate, formal records.
• Review all performance evaluations or disciplinary warnings that suggest a retaliatory or discriminatory motive.
• Be careful in selecting employees or managers to purge inappropriate or illegal material from the files. Companies have been found guilty of defamation because information leaked out after purging operations.

Writing A Record-Keeping Policy

You should have a firm, clear policy on how records should be used and maintained, who should have to review the information. Here is sample policy language.

Records Review And Access

The HR department will review each employee’s personnel file annually and eliminate inappropriate or outdated information. Managers and supervisors will review each employee’s file before each performance evaluation and destroy outdated and inappropriate information.

Access to employee records is restricted to the following:

1. HR department employees with a business need-to-know.
2. The direct supervisor or departmental manager of an individual employee with a business need-to-know.
3. Company executives with a business need-to-know.

Employee Access

An employee may examine his/her personnel records once a year. Records exempt from this inspection include potential job assignments or predictions of future salary and personnel planning information. An employee has the right to correct, ask for a deletion, or write a statement of disagreement with any item in the file in the presence of an HR representative. The employee may not, however, remove any item from the file.

Disclosure Of Employee Information

All requests for information about a current, retired, or terminated employee must be referred to HR. The HR manager may disclose to prospective employers dates of employment, final title or position, and job location. With the employee’s written permission, the HR manager may give employment and salary history.

Information will be given to duly authorized requests from law enforcement agencies, including investigations, summonses, subpoenas and judicial orders. The company need not inform an employee that personal information has been disclosed to law enforcement agencies if it concerns an investigation into the employee’s on-the-job conduct, especially when an employee’s actions endanger other employees or company security and property.

Protection Of Confidentiality

Privacy of employee records refers to the collection, use, access, dissemination, retention, and confidentiality of data maintained on employees. The company has a commitment to the privacy of personal information kept in its personnel records. It uses only ethical and lawful means to gather information about or from an applicant or employee.

Records: What Will Be Disclosed

Make a complete list of all records which will be maintained in personnel files. Include a notation as to whether:

1. The record will be disclosed according to company policy.
2. The record must be disclosed under state law, e.g., some states have service laws that require employers to furnish references about former employees.
3. The record will be removed from the file and destroyed when it becomes dated, e.g., disciplinary warnings.
4. The record is exempt from disclosure requirements, which may include:
   • Letters of reference and third-party recommendations.
   • Plans for promotions and future salary increases.
   • Preemployment tests and those which are used to qualify an employee for promotion. Note: Test scores must be disclosed and employees should be allowed to review incorrect answers.
   • Investigations of employee wrongdoing. Warning: While investigations are usually exempt from disclosure, employees who have been found guilty of wrongdoing should be allowed to examine the evidence against them. All unproven allegations must be kept out of employee files. Employees should also be given an opportunity to challenge the information and place written statements to that effect in their files.

Destination: Circular File

If you collect and store information in any of the following areas, consider deep-sixing it.

• Employees’ off-the-job behavior.
• Credit information.
• Arrest records.
• Union records.
• Political affiliations.
• Club memberships.
• Notations that employees may have been suspected of misconduct, but the behavior was never substantiated.
• Comments about the employee’s family.

Except in extreme circumstances, e.g., newspaper articles describing the activities of a convicted felon, all of this information should be purged from the files.