HR record keeping requirements — stay in compliance

HR record keeping-500x350px

Human resource departments have extensive record-keeping obligations under the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), the Occupational Safety and Health Act (OSHA Act), Title VII of the Civil Rights Act, and other state and federal laws. Records must be kept from the beginning of the employment relationship until well after it ends. HR departments must retain hiring records, job applications, resumes, interview notes, job descriptions, rates of pay, time cards and payroll records, performance appraisals , evaluations, I-9 forms, benefits records, and many other documents. To complicate matters, some employment records must be kept confidential and in separate files while other records only need to be retained temporarily and then undergo shredding. Others must be kept long-term. Record-keeping requirements vary by the state or federal law retention period set.


Record keeping and record retention requirements under the FLSA include payroll records that are accurate and allow the employee to calculate wages owed, including overtime due. Payroll and personnel records must be retained for at least 3 years.

HR must also retain records that support payroll numbers including:

HR must also retain employee information like:

  • Date of hire
  • Address
  • Social security numbers
  • Dates of demotion and promotion
  • Dates of layoff or discharge.

Employers must also maintain tax records showing deductions from payroll. This includes deductions for benefits provided under the Employee Retirement Income Security Act (ERISA.) Types of records kept also include taxes withheld under state laws.

There is no specific way payroll records must be kept. You may retain paper copies or maintain electronic records as long as all records are readily accessible by the Department of Labor (DOL) within 72 hours of a request. The key is that the records are easily accessible and allow DOL, the employer, and the employee to verify how much the employee is owed.

Equal Employment Opportunity Commission (EEOC)

Record keeping and record retention requirements under laws administered by the EEOC include everything from employee applications to job descriptions to termination notices. The EEOC administers many federal employment discrimination laws including Title VII, the Americans with Disabilities Act (ADA), the Age Discrimination in Employment Act (ADEA), the Equal Pay Act (EPA), and the Genetic Information Non-Discrimination Act (GINA).

Generally, the EEOC requires that employers retain personnel records for one year. If an employee is involuntarily terminated, his/her personnel records must be retained for one year from the date of termination. Include any disciplinary action records in employee records too. As a practical matter, employers must retain personnel records in the employee’s personnel file showing hiring, promotions, demotions, and related disciplinary actions, as well as pay increases or decreases as long as an employee affected by those personal actions is employed plus one year from termination. That’s because under the Equal Pay Act, employees can sue anytime they discover that their paycheck was affected by a sex discriminatory act even if it happened decades ago. Thus, there is no period of time excluded from record retention if the action shows up now in a worker’s paycheck.

The EEOC also requires that job applications, resumes, and related records are kept a full year. Employee records also include requests for reasonable accommodations under the ADA. Related records such as medical information, drug test results, and FMLA certifications must be kept confidential in separate files accessible by authorized human resource personnel and not others. Note that while the FMLA is administered by the DOL, human resource departments typically merge record retention for all medical records into one confidential file. That file should also include medical records related to genetic information protected under GINA. In addition, COBRA information should be kept in the same or a similar confidential record file. Medical information related to HIPAA should also be kept confidential.

Employers must also keep background check information confidential.

Employee handbooks

Your employee handbook should include information on your record-keeping practices. For example, employees should be informed that you keep medical records, test results, requests for reasonable accommodations and supporting documents, FMLA medical certifications, and other sensitive information confidential and in a separate employee file.

Record destruction and shredding

There is one circumstance under which you should never shred or otherwise destroy personnel records. If you have any reason to believe that a lawsuit is coming, you must stop even regularly scheduled record destruction. For example, if an employee tells you she’s consulted an attorney, filed an EEOC of DOL complaint, or otherwise signaled that a lawsuit is coming, DO NOT destroy any records. if you do, a court may sanction you and rule against your organization based on the shredding of records.

Vaccination programs and medical records

Employers may want to create their own vaccination mandate programs to combat workplace COVID-19 and other infectious diseases like influenza. Unless specifically prohibited by a state or local law, employers may legally do so. There are two important limitations. One is for objections based on religion and the other is for objections based on disability. In both those cases, employers have to consider and accept reasonable accommodations to meet religious and medical needs. Reasonable accommodations may include assignment to a different position or shift, telework, frequent testing, masking and social distancing, and other mitigation measures. If no reasonable accommodations are possible, employers may discharge those who don’t comply.

If you do institute a vaccine mandate, make sure you properly protect medical information. If you allow a frequent testing option in lieu of vaccination or as a reasonable accommodation, remember that test results must be kept confidential. That means making sure that vaccination records, COVID-19 and influenza tests, and related medical information are kept separate in a file marked confidential. The file must only be accessible to authorized personnel.

Here’s a sample proof of vaccination rule:

Acceptable proof of vaccination status is:

  1. The record of immunization from a healthcare provider or pharmacy;
  2. A copy of the COVID-19 Vaccination Record Card;
  3. A copy of medical records documenting the vaccination;
  4. A copy of immunization records from a public health, state, or tribal immunization information system; or
  5. A copy of any other official documentation that contains the type of vaccine administered, dates of administration, and the name of the healthcare professionals or clinic site administering the vaccine.