19th June 2015
For whatever reason, employees move on. They might have moved to a different company, or a different branch, could have been fired or made redundant. Whatever the reason for their departure, if you kept all employee records you might eventually find yourself with filing cabinets full of documents and details.
Smaller companies might find it easy to store employee records long-term, but for big businesses there are sure to be storage problems further down the line. Regardless, employee records often contain confidential information and are a risk to store for any longer than is absolutely necessary.
Here are the questions to ask when you’re working out how long your employee records should be kept for:
What are the records for?
No doubt you’re keeping all sorts of employee records, from basic contact details to contracts and from appraisal records to financial information. Each record has been created for a different purpose.
According to the Data Protection Act (which as of 25th May 2018 is now the General Data Protection Regulation), records should be stored only for as long as they have a use. Employers therefore have to use their own discretion, not disposing of anything too early but also not keeping records that will never be used again.
Basic contact details might be valuable for years after an employee has left (as long as you have a valid reason to store them), but photocopies of someone’s ID or details about their bank account have less long-term importance and should be quickly disposed of once payments are up to date.
What are the recommendations for specific types of data?
It’s recommended that you keep personal records, contract details and appraisal and review records for at least 5 years.
You should keep financial details and payment records for at least 3 years, as they could be required by the HMRC within a 3 year period.
The safest thing to do, in most cases, is to keep all employee records for a total of 6 years.
What about people that you didn’t employ?
Most companies hold what would be classed as employee records for people that never actually made it to ‘employee’ status. These documents include CVs, interview notes and test results. For your own safety, you should not immediately throw these away.
Candidates that didn’t make the cut have up to 3 months to file a discrimination complaint. You’ll need to have as many documents as possible to support your defence if that happens. For that reason you should keep the employee records of those that you’ve interviewed, for a minimum of 3 months and ideally for a total of 6 months. Don’t keep these for much longer unless you plan to offer another opportunity further down the line.
Who can access employee records?
Within the company, those for whom information is relevant can have access to the data. Bear in mind that whatever employee information you’re storing can be requested at any time, by the person that it relates to. This is true even if that person no longer works for your company.
The Data Protection Act makes it illegal to withhold employee information from the employee that the information is about, which means that you must be ready to hand over whatever you’ve stored for as long as you choose to store it.
It is also worth noting that a previous employee can ask you to update or change the records, if they’re not accurate or up to date. Past employees can also make a request for information to be deleted, if they believe that you no longer need to keep it or that you’re using it for a purpose that is different to the one that it was originally collected for.
How can you keep employee records safe?
You should keep your employee records in paper format under lock and key. Online security is just as important, as well as password protecting the computers that are used to store business data.
Remember that the records that you hold contain names and addresses, bank details and financial information, dates of birth and a whole host of other important personal information. It is your responsibility as an employer to keep that data safe, which is why efficiently disposing of information at the earliest suitable opportunity can help to reduce risk.
When it’s time to dispose of a document you should ensure that it is completely deleted from all computers that it has been stored on, and that it’s not also stored in the cloud. Paper documents should be shredded. Always make sure that hard drives have been cleared and overwritten when disposing of any computer that has held personal information, so that those details can’t be collected by anyone with a bit of tech know-how!