"Let's hope that I was the only outsider to come across this gem," data breach hunter Chris Vickery commented after he’d discovered 11GB of unprotected US military personnel data online in 2015. The dump contained sensitive details of nurses, doctors, and mental health support staff employed by the US Special Operations Command, along with unit assignments and postings dating back to 1998.

The personnel records were apparently exposed when the IT staff of subcontractor Potomac Healthcare misconfigured a data back-up, the BBC reported. Having reviewed samples of the data, ZDNet confirmed that the personal data of US military personnel, some of whom held top-secret security clearances, “was open for all eyes to see, with little in the way to prevent it from being abused.”

Even if they don't pose a direct threat to an entire country’s national security, mishandled personnel files can easily lead to workers being exposed to identity theft and employers being held accountable and shunned for violating their trust. This week, we’re taking a closer look at the whats and whys of managing human resource records, including the dos and don'ts of keeping them safe.

First things first: what are personnel records?

According to Law Insider, personnel records include all records pertaining to employment, such as benefits, eligibility, training history, performance reviews, disciplinary actions, job experience, and compensation history. In other words, they cover an employee’s entire relationship with an employer and can be a valuable source of information for both parties.

Personnel file folders are pulled up for calculating raises and bonuses based on workers' performance metrics as well as for setting up new goals for professional development. Records of misconduct and disciplinary action are often referred to for termination of employment, especially if it comes to defending a wrongful termination lawsuit.

Just as importantly, employee records provide organizations with key insights into staff demographics as well as turnover, attendance, and engagement rates. Human resources can then use this knowledge to develop training or reskilling programs, increase workplace diversity, prevent absenteeism, improve employee retention, and boost productivity.

What should be kept in a personnel file?

• General records: The backbone of any personnel folder. General employee records should include personal information such as the employee’s full name, date of birth, social security number, phone number, home address, and emergency contact numbers.
• Hiring records: These are typically documents that were created prior to and used during the process of hiring an employee. Think: job advertisements, job applications, including CVs and cover letters, job offer letters, and job descriptions.
• Employment-related agreements: These include any agreements that regulate the terms of employment in any shape or form, such as the employee agreement, union contracts, non-competition agreements, and NDAs (non-disclosure agreements).
• Payments and benefits records: These records contain all information related to an employee’s compensation history for payroll, like tax and other personal financial purposes, including tax forms (W-2, W-4 and W-9 in the US), check stubs and reimbursement records.
• Performance records: This grouping covers documents related to employees’ performance and disciplinary histories, including performance reviews, promotion and demotion records, education and training information, as well as warnings, disciplinary and corrective measures.
• Post-employment documents: Similarly to employment records, termination-related documents should also be kept on file. These might include the resignation or termination letter, benefits notice, exit interview documentation, leaver’s checklist, and last paycheck.

What goes into confidential personnel files?

Certain information in employee records should be kept from prying eyes – that is, people outside the HR department without any legal and warranted access to them. Meaning that records like these should be held on to but stored separately from personnel folders:

• Medical records: Documents that contain health and medical information have no place in personnel files. According to HR consulting services firm ERC, these might include insurance and benefit enrollment forms, doctor’s notes, and medical exam and drug test results.
• Background check results: Background and reference checks are often conducted by employees to mitigate business and security risks that come with potential new hires. The results of these investigations can cover anything from credit to criminal history.
• Litigation documents: Any document that’s brought into a litigation process should automatically go to confidential personnel files where they can only be accessed by legal counsels. These documents can relate to past, pending and anticipated litigation proceedings.
• Form I-9s: In the United States, all employers must properly complete a Form I-9 for each individual they hire to verify their identity and employment authorization. By definition, the forms contain highly sensitive information such as age or marital status.
• Employee investigation: records: While warnings, counseling and disciplinary notices can be stored in the personnel folder, workplace investigation records (e.g. initial complaints, summary of findings) shouldn’t,warns the Society for Human Resource Management.

How long should you hold on to personnel file folders – and why?

As we’ve pointed out earlier, having a robust, well-thought-out employee records management program in place can offer clear benefits to any organization, including improved productivity and efficiency, and reduced litigation risks. But proper employee record keeping is just as essential to tick off various employment and privacy law compliance boxes.

In the US, for example, the Equal Employment Opportunity Commission, or EEOC, requires employers to preserve employee records for at least one year. Should an employee be involuntarily terminated, their personnel records must be retained for one year from the date of termination. Under the Age Discrimination in Employment Act (ADEA), employers must hold on to all payroll records for three years, plus keep on file any employee benefit plan and written seniority or merit system for the full period the plan or system is in effect and for at least one year after its termination. According to the Fair Labor Standards Act, FLSA for short, employers must keep payroll records for at least three years, while records that explain the basis for paying different wages to employees of opposite sexes in the same establishment should be preserved for at least two years.

“If in doubt, it's a good idea to keep records for at least 6 years (5 in Scotland), to cover the time limit for bringing any civil legal action,” advises the Chartered Institute of Personnel and Development in regard to the UK’s legislation regulating statutory retention periods. In terms of EU-wide regulations, it’s important to note here that the GDPR (General Data Protection Regulation) doesn’t define any minimum or maximum time limits for keeping employee data. However, both the UK’s Data Protection Act 2018 (DPA) and the GDPR stipulate that data must not be kept any longer than is necessary for a legitimate purpose and it must not be excessive. CIPD points out: “The emphasis is on the employer (the data controller) to have systems in place to determine how long the data should be retained and when records should be destroyed.”

Common pitfalls when handling personnel records – and how to avoid them

1. Leave the paper trail

It’s time for HR departments to go paperless. More often than not, however, their failure to do so isn't for lack of trying. Human resources professionals continue to receive hiring and other employment-related materials in a variety of formats through different channels, then proceed to store them in a patchwork of systems and databases. Start by finding out at which point of the data collection or retention process paper enters the picture and make sure it gets digitized right away before being moved into a single, secure digital platform.

2. Win over colleagues

Your employee data management tools and practices are only as effective as the training HR staffers receive on how to use them properly. Whatever sample personnel file structure and workflow you introduce as a new or better way to handle personnel records, make sure that thorough training is a key part of the implementation process. Even more importantly, focus on building a culture of compliance by providing information not only about how to maintain employee records but also the risks of poor data handling and the efficiency and productivity benefits involved.

3. Access: take it or leave it

If in doubt, take it. When it comes to employee records, or any company data asset really, having the right access control strategy in place is of utmost importance. Limit employee records to a need-to-know basis, giving access only to those who have a legitimate business need or legal obligation to look into them. At the same time, make sure that the records can be easily and securely filed, searched, and retrieved by authorized staff members. For example, supervisors should be able to get a hold of team members’ attendance sheets or performance reviews with ease.

How Tresorit can help

Tresorit completes your HR toolkit with the secure management and sharing of job applications, personnel records, and payroll data. Here’s how:

• Keep data in protected staff folders Ensure the privacy of your employees by limiting access to authorized staff only. Use individual folders to archive hiring documents, deliver payslips, update documents, or to protect medical and insurance records. Benefit from zero-knowledge end-to-end encryption, a protocol that ensures that no keys, passwords, files, or sensitive information ever gets transferred in an unencrypted or reversible form.
• Collaborate with hiring managers and candidates with ease Save interview notes to your folders right away for faster internal processing. Share assessment results or contract drafts with candidates directly from Outlook and add an extra layer of protection by setting an expiry date, limiting the number of downloads, or adding password authentication. Receive information and confidential documents securely from candidates with end-to-end encrypted file requests.
• Stay in control and compliance Use the central admin dashboard to keep track of who accessed, modified, shared, and deleted what and when. Set up security policies, IP restrictions, and mandatory 2-factor authentication to ensure compliance and avoid accidental breaches caused by employee errors. Control user permissions for each project or personnel folder and revoke access from external collaborators after their assignment is completed.
See what Tresorit has to offer