Complying With Workplace Records and Reporting Requirements

Jul 10, 2017
Reuse Permissions

Scope-This article deals with the strategic development of a comprehensive records management program to ensure that a company files reports in a timely manner with the appropriate federal and state agencies and maintains evidence of such records for the required periods of time. Properly filing reports and maintaining records, and then regularly disposing of files at the end of the required time periods, can play a strategic role in ensuring the security and privacy of employee-related records, while reducing the possibility of governmental fines and litigation exposure. This article will cover only those records and related laws for which most HR professionals have responsibility.


Employers often are confused about reporting requirements, as well as what to keep and for how long. There is good reason for this, given that there are more than two dozen regulations that govern some aspect of employer record-keeping and retention.

This reference article will address reporting, record-keeping and retention/disposal requirements under federal and state laws to assist organizations in their compliance efforts. Legal requirements are subject to frequent change; as a result, it is important to monitor relevant laws closely.

Not only do various federal agencies have their own reporting and record-retention requirements, but individual state and local statutes and regulations also have requirements that must be considered. Some of the requirements apply to most all employers, whereas others apply primarily to government contractors and subcontractors. In addition, many of these requirements are dependent on the number of employees employed by a company. See Federal Labor Laws by Number of Employees.

Business Case

Numerous federal laws require employers to create and retain various forms of employment records and, in some instances, to make filings with governmental agencies. The more employees a company has, the more federal record-keeping laws it will be obligated under. Federal contractors have record-keeping thresholds that are accelerated as compared to employers without federal contracts. The laws typically provide for civil monetary penalties for failure to maintain statutory records. In some instances there are both individual and criminal liability. Additionally, maintenance of employment records is critical to defending against employment-related litigation. In fact, an employer can be sued for wrongful destruction of employment records under the theory of spoliation of evidence. The challenges of record retention are affected dramatically by electronic storage methods. Electronic storage eliminates problems associated with maintaining paper files, but increases the likelihood of information being kept forever, regardless of whether it is helpful or harmful to an organization's interests. Accordingly, it is critical that businesses have in place good procedures for creating and maintaining required records.

On a global level, individual countries have different record requirements. Organizations working in multiple countries will need to tailor individual records programs for each country to ensure compliance with local laws. In this case, one size does not fit all.

HR's Role

Human resource departments typically generate and receive a significant volume of records. And, because the laws are complex, employers often end up keeping more records than are required. To reduce this burden, it is important for HR professionals to make a strong business case for implementing a comprehensive records management program. Key reasons include:

  • Controlling the creation, growth and accessibility of company records.
  • Reducing operating and storage costs.
  • Improving efficiency and productivity, as well as office appearance.
  • Assisting regulatory compliance and reducing litigation risks.
  • Protecting important company information.
  • Ensuring that information available to assist in decision-making is readily retrievable.


In this age of digital information, business managers, HR professionals, IT professionals and legal professionals must work closely together to develop policies and procedures related to employment record-keeping. In the event of employment-related litigation, a thorough search will likely be done of an employer's electronic records. See What factors should we consider when converting personnel files from hard copy to electronic format?

Guidelines for Policy Development

A comprehensive records management program must address several key questions:

  • What information is out there?
  • Where is it currently stored, and where should it be stored?
  • What needs to be kept and for how long?
  • Who should have access?
  • Are there multiple locations of the record (i.e., hard copy and electronic)? What system will work best to ensure compliance with changing requirements?
  • What processes will need to be designed to ensure all of the above?

Electronic data

A critical part of such a program includes a policy that provides broad guidance concerning paper documents and electronically stored data.

An important decision will be determining the system of record for each document if multiple copies exist. The system of record should be where policy and retention requirements are focused.

Electronic data include e-mail, web pages, word processing files, computer databases and any other information that is stored on a computer and that exists in a medium that can be read only through the use of computers. It can also include electronic trails left behind, such as when a manager adds or deletes text to a performance review, the formulas employees used for making spreadsheet calculations or edits to a memorandum and other unintentionally stored data.

Electronic data are becoming increasingly important in legal proceedings. Consultation with legal counsel about electronic data storage, retention and destruction is especially important since the Federal Rules of Civil Procedure—Rule 34 was amended specifically to address discovery rules for electronically stored information.

Key elements of a policy

An effective workplace records policy is the blueprint for compliance with federal and state laws and regulations, as well as the practical guidance for consistent and effective records management and retention. A number of key elements should be considered when developing, implementing and maintaining a workplace records policy.

Definition of "record." Specifically, a comprehensive policy clearly defines what is meant by "record" so that the appropriate documents—both hard copy and electronically stored data—will be governed by the policy. Generally records do not include drafts or documents that are works in progress, only final versions of documents.

Retention schedule. The policy should specifically identify the retention period for each category of documents. In addition, it is fairly common for certain records to be governed by more than one law; however, the periods of retention often vary, making it generally advisable to retain the information for the longest period of time required.

Access. A critical component of a comprehensive policy is the access granted to various parties. A number of laws, such as the Health Insurance Portability and Accountability Act and data privacy regulations, contain specific provisions for who may access information and how it may be used. Generally, information should be made available only on a need-to-know basis.

Storage and format. The policy should designate the specific location to which records will be sent for retention, as well as the format in which the records will be maintained—either hard copy or in electronic format.

Security and privacy. It is critical to protect the confidentiality of employee records and the privacy of the information contained in them. A comprehensive policy includes measures to ensure the physical security of the records, whether stored in hard copy or electronically. See Employee Records Confidentiality Philosophy Policy .

Compliance with retention laws. Failure to comply with state and federal laws on record retention may have unwanted consequences, such as civil penalties for destroying records before the end of the required retention period. Additionally, if an organization is sued by an employee for discrimination, records to aid in defending the claim may not be available, which, in addition to weakening the defense, may support a presumption by the court of intentional destruction as a cover for the alleged discrimination.

Careful and timely destruction of documents. Records should never be destroyed without first reviewing record retention and destruction requirements and checking to ensure that litigation is not pending. Any records containing confidential, personal or financial information should be completely shredded or fully incinerated to protect employee privacy and to comply with applicable laws.

Consistent policy implementation and periodic audits. Record retention rules and procedures must be consistently applied and followed to ensure legal and policy compliance. Those charged with record retention requirements should periodically audit the policy and practice to ensure that internal requirements are current and are being followed correctly.

See Recordkeeping Policy: Records Maintenance, Retention and Destruction.

Required Records and Maintenance of Employee Files

Employee files should be located in a secure location and be kept strictly confidential. Access should be restricted to those with a legitimate need to know or as required by law. Several categories of records must be maintained according to specific requirements. See How to Prevent Data Breaches.

Employee records to be maintained in personnel files

Certain records related to employees and their employment history should be maintained in an employee's personnel file. These records include:

Pre-employment documents. These include job descriptions; job applications or resumes; offer letters; signed acknowledgments of receipt and agreement with the company's employee handbook, code of conduct and other key policies; and emergency notification forms, among others.

Employee's work history. These include records related to job performance, promotions and transfers, compensation, performance appraisals, awards or citations for excellent performance, records of attendance and completion of training programs, warnings and any formal discipline, notes on attendance or tardiness, and any contract or written agreement between the employee and the employer.

Separation of employment. These include exit interviews, separation checklists, notes about reason for separation, unemployment documents, any signed separation agreement, correspondence and reference statements.

Other employee and applicant records to be maintained in separate files

Certain employee records should be maintained in files separate from an employee's personnel file to protect the privacy rights of employees and to insulate employers from liability. This category of documents includes the following types of records:

Medical. Medical records include forms related to enrollment in benefits. In addition, the file contains all medical records, including pre-employment medical exams, disability benefits claim forms, notes from doctors, requests for Family and Medical Leave Act (FMLA) leave, requests for Americans with Disabilities Act (ADA) accommodations, worker's compensation history, claims and related documents, fitness-for-duty results, functional capacity assessments, referrals concerning an employee's participation in the company's employee assistance program, results of drug/alcohol tests, reimbursement requests for medical expenses, health-related information about an employee's family members, and any documentation about past or present health, medical condition, or disabilities. This file would also contain insurance continuation forms and COBRA notices. The Affordable Care Act also has record-keeping and reporting requirements regarding employee's benefits coverage and eligibility.

Credit information. Credit information includes any consumer-related credit information, credit reports, and personal or financial data to comply with the Fair Credit Reporting Act (FCRA) of 1969.

Immigration forms. These forms include United States Citizenship and Immigration Services (USCIS) Form I-9 and supporting documents confirming employment eligibility (keeping these documents separate also makes it easier for a company to produce the desired records if subject to a government audit).

Documents related to complaints and investigations. These include internal claims, government agency claims and documents related to lawsuits, which are to be kept on file until the claim or other litigation is fully resolved.

Payroll data. This information includes data required by Fair Labor Standards Act (FLSA) and state labor laws governing the types of and requirements for records and related documents (e.g., garnishment orders) that must be maintained. In addition, under the Lilly Ledbetter Fair Pay Act of 2009, employers need to be prepared to document the reasons for their pay decisions, so these records need to be kept as well.

Hiring documents. A hiring file includes the documents and actions taken for hiring of each position. Included are job advertisements, resumes, employment applications, job orders submitted to any agency, interview evaluations, reference checks, results of physical examinations, employment test results, credit reports, validity documentation of tests used in the selection process, applicant data for candidates not hired, and related information.

Reporting and Retention Guidelines

The human resource function within an organization typically has the primary responsibility for compliance with the requirements of the laws that govern reporting, record-keeping and retention/disposal for employee and applicant records. The following is an overview of those laws.

Federal tax and compensation records

A number of federal laws, including the Federal Insurance Contributions Act of 1935 (FICA), the Federal Unemployment Tax Act (FUTA) and the Internal Revenue Code's federal income tax withholding regulations, require that employee records related to mandatory federal taxes be retained for at least four years from the making of the record or date of filing. These records generally include basic employee demographic records (e.g., name, address, Social Security number, gender, date of birth, occupation and job classification) along with records of total compensation, tax forms, records of hours worked (regular work hours and overtime), and payments to annuity, pension, accident, health or other fringe benefit plans, as well as all wages subject to withholding and the actual taxes withheld from wages. In addition, a Form W-2 must be provided to participants before February 1 and to the Social Security Administration before March 1.

The Equal Pay Act of 1963 and the FLSA require retention of basic employment-related records (e.g., those containing employee demographic information, payroll records, individual contracts or collective bargaining agreements) for a period of three years; however, records on which wage computations are based must be retained for only two years (e.g., time sheets, wage rate tables, work and time schedules, and documentation of the basis for payment of any wage difference to employees of different sexes). Certificates of age must be kept until termination of employment. There are no external reporting requirements.

Employment-related records

The Equal Employment Opportunity Commission (EEOC) has developed a comprehensive guideline for record-keeping and retention titled Record Management: File Creation, Maintenance and Disposition, which should be consulted at the outset of any policy development or decision-making.

American with Disabilities Act (ADA). The ADA, which applies to employers with 15 or more employees, requires documentation be kept on requests for reasonable accommodation as well as actions taken to meet those requests. The law also requires retention of applications and records related to hiring, promotion, demotion, transfer, layoff or termination, rates of pay or other terms of compensation, and selection for training or apprenticeship for one year after the record is created.

Title VII of the Civil Rights Act of 1964 (as amended in 1991). Title VII also requires retention of records related to hiring, promotion, demotion and transfers. The rule of thumb is to maintain documentation to support decisions made both for hiring or eliminating employees or potential employees in these areas.

Uniform Guidelines on Employee Selection Procedures of 1978 (UGESP). The UGESP provides additional guidance for employers subject to Title VII or Executive Order 11246. These guidelines suggest the collection of information regarding an employee's race and sex, as well as veteran and disabled status. In addition, the UGESP suggests keeping records showing the impact of employment selection processes on minorities and females. As a result, information with respect to employment transactions (records with respect to applicants, offers, hires, rehires, tests used in employment, promotions, transfers, demotions, selection for training, layoff, recall, terminations or discharge) should generally be retained for two years (with certain exceptions based on number of employees or amount of the contract). See OFCCP Directive Transmittal Number: 279.

Age Discrimination in Employment Act (ADEA) and Older Workers Benefit Protection Act (OWBPA). The ADEA protects workers age 40 and over against discrimination on the basis of age. The OWBPA enhanced the ADEA specifically around preventing discrimination in offering benefits (including severance) to older workers. These laws generally require that employers maintain the same type of information required by Title VII and the ADA in terms of employment decisions. The ADEA also requires maintaining payroll records for three years. As with the previous laws, record-keeping should document the employment-related decisions made and the reasoning for those decisions.

Immigration Reform and Control Act of 1986 (IRCA). The IRCA requires that an employee's proof of eligibility to work in the U.S. must be maintained for three years after date of hire or for one year after date of termination, whichever is later. The relevant documentation is the USCIS Form I-9  (last revised March 8, 2013), which new employees are required to sign to confirm their eligibility to work upon being hired. See USCIS Developing 'Smart' I-9 Form to Catch Errors

Employee Polygraph Protection Act (EPPA). Polygraph test results of an employee, the reasons for administering the test and related records must be retained for at least three years. No external reporting is required.

Worker Adjustment and Retraining Notification Act of 1988 (WARN Act). The WARN Act protects workers, their families and communities by requiring most employers with 100 or more employees to provide notification 60 calendar days in advance of plant closings and mass layoffs. See Fact Sheet: The Worker Adjustment and Retraining Notification Act and Employers Guide to Advance Notice of Closings and Layoffs for required reporting to employees and the State Rapid Response Dislocated Worker Unit.

The U.S. Department of Labor (DOL) published regulations on the requirements of WARN; however, the DOL has no enforcement or administrative responsibility. The DOL's Employment and Training Administration (ETA) administers programs for displaced workers. Some states have plant closure laws of their own. Contact should be made with a State Dislocated Worker Unit Coordinator in advance of any action to ensure compliance with notice requirements in a specific area.

Employee retirement and welfare benefit plans

Employee Retirement Income Security Act of 1974 (ERISA). ERISA requires employee benefits plan administrators to provide information to each participant and beneficiary about retirement (e.g., pension and 401(k) plans) and welfare plans (e.g., accident, health and temporary disability plans, vision and dental benefit plans, long-term disability plans, life insurance plans, education assistance program, and group legal service plans). The required information includes a summary plan description (SPD) identifying, in understandable terms, the plan participants' eligibility for participation and benefits under the plan. Plan changes must be communicated in a timely manner through either a new SPD or a summary of material modification. Although the SPD is not required to be filed with the DOL, it must be furnished on request. See What should a summary plan description include?

An annual report (Form 5500 and related schedules), which must be filed with the DOL, contains financial and other information concerning the operation of each plan. Plan administrators must also furnish participants and beneficiaries with a summary of the information contained in the annual report. Smaller plans may be exempt from this requirement. Both the Internal Revenue Service (IRS) and the DOL issue penalties for failure to file on time. The DOL has issued a Reporting and Disclosure Guide for Employee Benefit Plans, a comprehensive guide for employers. See also Benefit Plan Annual Reporting.

Employers are required to maintain benefits-related records for six years. See ERISA Filing Acceptance System.

Affordable Care Act (ACA). The ACA has a phased implementation, but reporting is required for all employers with 50 or more full-time or equivalent employees as of 2015. Employers are required to file information forms with the IRS (Form 1094-C) and provide statements to their employees (Form 1095-C) about the health insurance offered by the employer. See

ACA Reporting Requirements: Tips for What''s Ahead in 2016 and Q&A about Information Reporting by Employers on Form 1094C and Form 1095C.Family and Medical Leave Act (FMLA), Uniformed Services Employment and Reemployment Rights Act of 1994 (USERRA), and National Defense Authorization Act (NDAA). These federal laws require the retention of certain records with respect to payroll and information related to an employee's leave (e.g., dates leave taken, hours if taken in increments of less than one full day) for a period of three years. As with most federal employment laws, notices are required to be prominently posted, but there are no other external reporting requirements. See Managing Military Leave and Military Family Leave.

Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA). COBRA requires that employers provide timely notice to employees of their rights to continuation of certain employee benefits after their termination of employment. COBRA regulations do not specify a mandatory record-keeping period for COBRA-related notices and correspondence with employees. (Note: Since COBRA amended ERISA, most employer retention schedules are structured to maintain these records for six years from the date of the record, in accordance with ERISA requirements.)

Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes standards for the privacy and security of health-related information, as well as for the electronic interchange of that information. In general, the required retention period for documentation under HIPAA is six years from the date of creation or the date last in effect, whichever is later. If state laws require longer retention, the state requirements should be followed. Given the increasing threat of cyberattacks, organizations should ensure they have a plan to address any data breaches. See HIPAA Action Items after a Data Breach

Genetic Information Nondiscrimination Act (GINA). GINA, which became effective on January 1, 2010, is designed to protect the privacy of employee medical records. GINA requires employers to segregate genetic information within confidential medical files so that only those with access to the files on a need-to-know basis are aware of the presence of the information related to genetics.

Health and safety matters

Occupational Safety and Health Act of 1970 (OSH Act). The OSH Act requires employers to prepare a log and post an annual summary (OSHA No. 300/300-A) of job-related injuries and illnesses. Employers are also required to report to OSHA within 24 hours any inpatient hospitalization, amputation, or eye loss that occurs within 24 hours of the incident or accident. Fatalities must be reported to OSHA within 8 hours. Employers must retain the OSHA 300 Log, the privacy case list (if one exists), the annual summary (300A), and the OSHA 301 Incident Report forms (or other incident reports) for five (5) years following the end of the calendar year that these records cover. However, records of monitoring exposure to hazardous materials, related claims, complaints and medical exams (along with toxic substances and blood-borne pathogen exposure) must be retained for the duration of an individual's employment, plus 30 years.  

In 2016 OSHA issued a record-keeping rule that would have required certain employers to electronically submit injury and illness data to the agency starting on July 1, 2017. According to the OSHA website, OSHA is not accepting electronic submissions at this time, and has published a notice of proposed rulemaking to extend the date by which certain employers are required to submit the information from their completed 2016 Form 300A electronically from July 1, 2017 to December 1, 2017. Updates to this delay can be found at OSHA Injury and Illness Recordkeeping and Reporting Requirements.

Omnibus Transportation Employee Testing Act of 1991.
Governed by the U.S. Department of Transportation (DOT), this law requires drug and alcohol testing of safety-sensitive transportation employees in aviation, trucking, railroads, mass transit, pipelines and other transportation industries. DOT requires covered employers to submit various drug and alcohol testing data each year. See US DOT Drug and Alcohol Testing MIS Data Collection.

Employers are also required to maintain records related to drug and alcohol test results, testing process administration, return-to-duty process administration, and employee and supervisor training records. Hard copy records are required to be kept in a secure location with controlled access and in locked file cabinets. If records are maintained electronically, they must be  password protected.  Each federal agency covered by these rules has issued specific retention schedules, which generally vary from one to five years depending on the specific record, the industry and the agency under which a company is operating (e.g., airline, motor carrier, railroad, transit, pipelines and maritime). In addition, employers are required to check on the previous two years of drug and alcohol testing background of new hires and other employees beginning safety-sensitive work and are generally required to retain those records for a period of three years from receipt. See Department of Transportation Guidance for Employers for summaries of various industry requirements.

Additional requirements for federal contractors and subcontractors

Federal contractors and subcontractors are subject to the Davis-Bacon and Related Acts (DBRA), which requires retention of employee demographic information and compensation records for a period of three years from the end of a collective bargaining agreement. In addition, the Walsh-Healey Act of 1936 also requires the retention of data with respect to job-related injuries and illnesses, specifically logs with dates and summaries and the details of any accidents.

Federal contractors and subcontractors also are subject to Executive Order 11246, the Vietnam Era Veterans' Readjustment Assistance Act and Section 503 of the Rehabilitation Act of 1973, and they must file a Vets-4212 Report annually. As noted above, affirmative action programs (AAPs) must also be prepared and annually updated. Contractors are required to maintain the current year's AAP along with documentation of good-faith efforts, as well as its prior year plan and related documents.

All federal contractors are required to use E-Verify to electronically verify the work authorization of all new hires and existing employees assigned to covered federal contracts signed after September 8, 2009. Contractors also are subject to the Drug-Free Workplace Act of 1988, which makes it a requirement that every employee who is engaged in the performance of the covered contract or grant be given a copy of the company drug-free policy statement. See Drug-Free Workplace Advisor.

Records Without Specific Retention Guidelines

While most records retention requirements are typically dictated by federal or state statutes, there are some situations where no time period is prescribed. The Uniform Preservation of Private Business Records Act (UPPBRA) sets a three-year time limit for records without a statute-specific retention period. This uniform law has been enacted by a number of states and provides a general guideline in others, although employers should consult with legal counsel to determine their individual compliance obligations and suggested best practices.

Record Disposal Requirements

Every employer (regardless of size or number of employees) that obtains a consumer credit report is covered by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA is the federal law designed to minimize the risk of identity theft and consumer fraud by mandating that employers destroy sensitive personal and financial information obtained from a consumer report before disposing of it.

In addition, the Sarbanes-Oxley Act of 2002 Corporate and Criminal Fraud Accountability Act (CCFA) requires public companies to retain all records that could possibly be subpoenaed in future civil or criminal litigation in an employee whistle-blower case. This means that employers must not destroy employee records until all statutes of limitation have expired on various state and federal employment laws.

Application of State Laws

Many states have laws very similar to the federal statutes, but there are often differences that must be observed. Common variations occur in areas related to new-hire reporting, child labor, discrimination, unemployment compensation, wage and hour issues, and employee access to personnel files, just to name a few. See Links to State Resources for New-Hire Reporting and State and Local Statutes and Regulations

Poster Requirements

Numerous statutes and regulations require employers to post notices providing information to employees about various employment laws in visible places in the workplace. The DOL provides specific posting requirements for each statute and regulation, along with information about how to acquire the posters.



Express Requests

The HR Knowledge Center has gathered resources on current topics in HR management. Click here to view available topics.

Reuse Permissions


HR Education in a City Near You

Find a Seminar

Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect