With Europe ramping up data protection compliance under GDPR and Facebook coming under scrutiny for its failure to keep user data safe, employers should also be aware of the responsibility of collecting employee data. Employees have a right to privacy under federal and state laws. Their personal identifying information is to be kept confidential, stored securely and disposed of properly.
When a person applies for a job at an organization, the employer begins collecting pieces of data about that individual. Over time, the employer builds quite a database of records that could include:
Employers need to know:
Some records do need to be kept for a while, for instance, in the case of an employer taken to court by applicants for failing to follow the rules of the FCRA. Employers are also expected to comply with federal and state regulations on storage and disposal of employee records.
See also: Employee Criminal Records - How far back should you look
Different statutes dictate which records should be kept, the retention period and destruction methods. Depending on the type of record, the storage and disposal could be different. The Department of Labor, for instance, has a Fact Sheet that summarizes the record keeping requirements under the Fair Labor Standards Act (FLSA). It doesn't specify if the records should be kept as paper or electronic, however, it does offer that employers must maintain these and other identifying employee data:
The Fact Sheet also specifies which records are to be maintained, for how long, and how they should be stored. The EEOC also instructs employers of record keeping obligations.
As a best practice, employers should keep all employee records for a minimum of 3 years. HR managers should also check their own state requirements for employee record retention or record keeping as they may require more stringent time periods.
Other best practices include creating a consistent policy as suggested by the Society of Human Resource Management. Consider these standards: