If you have employees, you have to maintain personnel files. As soon as the headcount reaches 15, federal guidelines dictate which documents you must retain and for how long. Now you are in the land of document management and walking among critical compliance risks:

  • Incomplete or missing documents
  • Noncompliant record-keeping around how long documents must be retained and how organizations should react to audits or litigation
  • The risks associated with sharing personnel documents

Avoid the risk of not having documented procedures with the right practices and technology.


It is important to address HR technologies as we discuss HR document management compliance because each system impacts compliant recordkeeping. Most organizations have a human resources information system (HRIS), a component of an enterprise resource planning (ERP) system or an outsourced service provider. In the last few years, more companies have adopted onboarding or recruiting software and variations of human capital information management tools. In 2012, analysts estimated this was over a $4 billion market and growing.

Bersin by Deloitte estimates that the average large HR department uses at least seven different systems, and this does not include those for time and attendance. Each technology serves a purpose, but together they create information silos. The same documents or information might exist in more than one system, with people printing out documents from one system so they can put the information into another one. It is nearly impossible to see a comprehensive view of an employee.

Since most of these systems were designed to manage HR data rather than documents, they do not really help with employee document recordkeeping. At best, they offer a way to upload attachments to an employee record. HR technology silos contribute to document compliance risk. HR needs to connect these systems, have them talk to one another and simplify the process of managing HR documents.


It is good practice to use a new hire checklist, but gathering all the required documents, both paper and digital, can be challenging. While hiring managers collect some documents and staffing agencies or recruiters collect others, it is HR that ultimately retains responsibility for complete files. As documents are added to multiple systems, the challenge to locate and keep them up-to-date increases.

Legal and HR experts agree that complete, up-to-date personnel files are an organization’s strongest defense against litigation. However, incomplete records such as missing performance reviews, unsigned acknowledgments or the wrong version of offer letters continue to plague organizations.

The Society for Human Resource Management (SHRM) notes that employee related lawsuits have increased over the last 10 years. In 2012, the Equal Employment Opportunity Commission (EEOC) statistics showed over 99,000 private sector employee discrimination charges, and the EEOC is not involved in most employee lawsuits. The money employers spend on lawsuits is staggering.


The retention requirements and criteria for different documents make record keeping a challenge. In addition to federal regulations of the U.S. Citizenship and Immigration Services (USCIS) and the EEOC, almost every federal employment act (such as ERISA, ADA, FMLA and OSHA) establishes document retention guidelines. States also have requirements that change based on industry.

Every organization needs a records retention schedule with a written policy. Policies should cover which documents are created and retained, by whom, and in what location. You also need a policy and mechanism to preserve records in case of audit or litigation until the issue is resolved.

You should also be careful of over retention, as this drives up costs. If you have records that should have been deleted, they can become part of a lawsuit. A proper retention schedule provides for defensible destruction of documents.

To maintain a compliant record keeping program, HR must manage documents and information throughout the employee life cycle, from hiring through retirement. As new forms, policies and regulations are implemented, files should be updated and out-of-date documents reviewed and deleted.

Legal and HR professionals know that some employee documents do not belong in the same file as other documents. Best practices for compliant record-keeping indicate that payroll, medical documents and background screens should be stored separately. Some companies maintain an investigations file with documentation related to employee complaints. If you have paper files, segregate these documents to avoid inadvertently giving access to the wrong people.

Unemployment claims are another reason to have compliant, well-organized files. Companies with high turnover rates spend a lot of time responding to claims. Personnel documents that are not well maintained make it difficult to fit within the response window.


The last compliance risk is document sharing. HR professionals know employee files must be tightly guarded. In companies where employee files are paper, the file room and/or file cabinets should be locked and a log maintained showing who accessed files.

Personnel files are shared with people outside HR, which creates compliance issues. Employees may request a copy of any document they sign and can request other documents when they leave. Managers often need access to documents in an employee’s file, such as performance reviews and training evaluations. During litigation or an audit, employee documents might be shared with outside counsel or external auditors and regulators.

In a survey conducted by Access, 34 percent of HR professionals said they shared personnel documents with third parties at least once a month. Emailing scanned images and sending physical copies of files were the top two methods for sharing information, but both carry risks.

Emailing a personnel document means you lose control over the document’s security and have no idea how many more copies are created. There is no way to determine who sees the email message or where it ends up. This multiplies risk, increases an organization’s exposure and creates a challenge for following a retention program that requires documents be eliminated at appropriate times.

Compliance issues are compounded when sharing physical copies, too. Copies are mailed, faxed or overnighted — not exactly the best way to protect confidential documents.

HR professionals have a responsibility to protect their organizations while also protecting employee information. Because of the sensitive nature of personnel documents, a data breach can lead to identity theft or worse. HR needs to protect employees’ privacy.


The best way to mitigate these risks is to implement a secure central repository to manage personnel documents. Here are tips to remember as you consider technologies:

Solutions Cannot Ignore Paper

Going paperless can be a waste of time and resources if the technology does not support the needs of the HR department. When the right technology is deployed, HR document compliance risks are reduced, information flows faster and costs are significantly reduced.

Technology that identifies missing documents also eliminates the anxiety of potentially incomplete files. The system works like an automated document checklist: Once it identifies a document as missing, it launches a workflow to track down the document and make sure it gets added to the files. This puts you in a better position to face lawsuits, audits or unemployment claims.

Technology Should Monitor the Retention of Documents

If the repository has document retention rules and is monitoring triggers that drive the rules, such as date of hire or last certification, then the system can drive the entire process. It will become routine to delete documents when their retention period has expired. If records must be placed on hold due to an audit or litigation, your technology should handle that.

Share Links, Not Copies

Rather than send electronic or hard copies of documents, your technology should provide a secure link back to the repository where you can control what people do with the documents. Your technology should provide an audit trail of who reviewed what and when. Be able to send a link that delivers only the documents requested and controls how long the recipient has access.

E-Forms, Not Paper

Paper documents are easily transformed into digital versions, reducing paper, improving efficiency and lowering costs. A robust e-form mechanism manages campaigns and provides a dashboard to monitor progress and results.

Your HR and personnel documents must remain secure, and risk is involved when there is incomplete information, non-compliant record-keeping or document sharing. Being aware of these issues and implementing the right technology will help you avoid risks and stay compliant.

Top 5 Tips To Minimize Risk and Improve Compliance

  1. Implement technology that addresses risk, reduces dependence on paper and improves efficiency.
  2. Develop and enforce recordkeeping policies and procedures.
  3. Create a retention schedule for each document type.
  4. Train your managers to understand their role in maintaining a compliant program — policies and procedures are only effective when supported by training and education.
  5. Consider self-audits to identify areas of improvement; better yet, implement the right technology to continuously perform the audit for you.

By Gordon Rapkin
View the original article in Peer to Peer Magazine