Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Recordkeeping Compliance Tips

This is a guest post from Noah A. Frank. He practices labor and employment law at SmithAmundsen LLC, a law firm comprised of more than 170 attorneys in the Midwest. The firm handles the transactional, labor and employment, and litigation needs of companies across the U.S. For more information, visit Mr. Frank may be reached directly at

Nondiscrimination and privacy laws make recordkeeping a daunting task. Here are some compliance tips for today’s highly legislated and regulated business world:


Not all files are the same.

A Personnel file contains documents used to determine qualifications for employment (e.g., promotion, transfer, compensation), discharge, and other discipline. Therefore, do not include records indicating protected characteristics – race, religion, marital/dependent status, date of birth (age) and the like - because this information should not determine an employee’s qualifications. In some states, like Illinois, employees have the right to inspect personnel files, and even submit rebuttals! Typically, there are limits to frequency of reviews and the types of records which may be reviewed.

Secure Payroll/Confidential files maintain sensitive personal and financial information, such as date of birth, Social Security Number, financial account information, marital/familial status, wage garnishments/assignments, and self-identifying of race, disability or veteran status records. While subject to discovery in litigation, these files are typically not subject to personnel records review.

Medical files house FMLA and other medical absence records, requests for disability accommodation, and other personal health information. Safeguard these files on a strict need-to-know basis; direct supervisors should almost never have access to a subordinate’s medical file.

Use separate files for each investigation (sexual harassment, theft, or other) and Workers’ Compensation accident.  All Forms I-9 should be stored in one file.


Given the increase in employment litigation, good file hygiene is a must:

  • Ensure forms are compliant. Update applications and other personnel forms to make recordkeeping easier.
  • Develop a record-retention policy – Ensure you keep records for the required period of time. Even employment applications for non-hires must be retained for at least one year from the decision date. In Illinois, employment records should be kept for the length of employment plus 3 years; payroll records and individual employment contracts should be kept for 10 years post-employment. Hazardous exposure/monitoring reports (MSDS) must be kept for 30 years! Other records fall in between, varying by applicable law.
  • Destroy old records! The inclination to cheaply archive old data can significantly increase litigation costs. Before you just purge though, make sure you understand legal obligations in keeping records (see record retention above). When purging make sure to follow your schedule and the law, including any preservation obligations because of actual or pending litigation.
  • Execute an audit plan. Prepare proper files for all new employees. Divide current employees by months, and review a few each week, separating old employment files into the correct categories. While it was once common for job applications to ask date of birth, marital status, gender, and similar questions, this is a ripe source for a discrimination claim. Consider strategies to re-categorize or separate out such information. Consider an overall HR audit to make sure all of your policies, procedures and forms are in line with current laws.
  • Protect your data from breach. Encrypt and password-protect electronically stored files.
  • Seek the advice of experienced employment counsel when faced with a records request or to help with the audit. They know the law, and can quickly ensure that the proper records are produced (or not) and avoid a Department of Labor records review compliance investigation.

Related Posts

Creating a Framework for Classification

This is Part 2 in a series about creating and executing an effective file plan for your organization. Click here to read the previous post: Creating a Retention Schedule that Works.

3 Tips to Ensure KORA Compliance

There has been a spotlight on the Kansas Open Records Act (KORA) in the media lately, largely due to recent violations. Under KORA, any individual can request public records from government bodies. If all requested records are not provided within in a specific timeframe, these organizations are subject to significant repercussions. This is merely one example of a ‘sunshine law’. The purpose of sunshine laws is to provide transparency into government agencies by giving the public access to local government proceedings.

Creating a Retention Schedule that Works

Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information. The first step in the process is creating a retention schedule, which outlines how long records are kept in accordance with the organization’s obligations and the law.