By Christina Santillo, SHRM-CP, Senior Human Resources Consultant
With 2026 here and spring cleaning right around the corner, now is a great time for employers to review their record retention practices. Your personnel files contain a significant amount of sensitive information. The proper handling of that information is controlled by various federal and state laws that dictate how long employment-related records must be kept.
Understanding and following record retention requirements will help you avoid legal risks and costly mistakes.
Why Record Retention Matters
Employment, payroll, benefits, and hiring records are all subject to specific retention timelines. Keeping records too long can increase risk, while disposing of them too early can result in compliance violations.
HR Record Retention Requirements
-
Hiring and Employment Records: Hiring and employment records typically include job applications, resumes, screening tools, interview notes, hiring decisions, and related documentation. These records are subject to EEOC record retention requirements and should be retained for at least one year. (Federal contractors have longer retention requirements.)
-
Payroll Records: Time sheets and other compensation records should be retained at least three years after employment ends.
-
Form I-9 Retention: Form I-9s must be retained for three years after the date of hire or one year after termination, whichever is later, in accordance with the Immigration Reform and Control Act (IRCA). Employers should also ensure I-9s are stored separately from personnel files.
-
Medical-related Records: FMLA-related records should be retained for no less than three years. Records related to toxic exposures must be kept for 30 years.
-
Records Related to a Legal Claim: Records related to an EEOC charge must be kept until the final disposition of the charge or the final disposition of any lawsuit based on the charge.
Always check your local and state laws which may include additional handling or retention rules.
Record retention is more than a filing exercise. Taking time each year to review retention schedules, storage practices, and disposal procedures can help employers stay compliant and reduce legal exposure.
Best Practices for Storing Records
In addition to how long records are retained, employers should also consider how those records are stored:
-
Physical records should be kept under double lock, such as a locked filing cabinet located in a locked office.
-
Electronic records should only be accessible to employees who need the information to perform their jobs, and these records should be password protected.
-
Documents that include medical information and personally identifiable information (such as physician reports or certifications, test results, health insurance applications, accommodation requests, injury reports, etc.) should be stored separately from the employees’ personnel files. All medical files should be locked and/or password protected.
-
Employers should have written protocols in place to prevent data breaches and ensure sensitive information is securely stored.
If you are an employer with questions about record retention or if you have questions about any HR issue, contact our Risk Management Division by phone at 855-873-0374 or by email at . We are happy to help!
Disclaimer: This information is for informational purposes only and not for the purpose of providing legal advice. This article does not create an attorney-client relationship between Keystone’s Risk Management Division and the reader.
