Human Resource Records Policy
Purpose
To ensure the Company maintains employee personnel files and related records properly, protects the privacy of that information, and grants access to it only on a proper, documented basis.
What personnel files contain
The personnel file is the primary record of an employee's job-related history. It typically includes:
- Position descriptions and performance appraisals
- The employment application and reference information
- HR system profile information
- Signed confidentiality/invention-assignment agreements
- New-hire paperwork
Kept separately:
- Form I-9 / work-authorization verification records are kept in a separate file, not in the personnel file.
- Medical records are kept in a separate, confidential medical file, released only on a need-to-know basis (see the Employee Privacy / medical-confidentiality policy).
Maintaining the file
- Personnel files are maintained by HR for the employee's business unit or location.
- When an employee transfers, their personnel file should be forwarded to the HR office now responsible for them.
- Personnel records are retained only for the period specified in the Company's records retention schedule.
Releasing personnel information
Laws governing access to personnel information vary by state. HR should be familiar with applicable state law and involve counsel where appropriate.
Handling inquiries:
- A designated HR representative (or backup) should handle all information requests about current or former employees.
- Other managers and employees should not respond directly to such requests — refer them to HR.
- Any inquiry from outside the Company must be referred to HR before any information is released.
Data will not be released to outside persons or agencies unless:
- Required by subpoena, court order, or summons; or
- Authorized by HR leadership.
Information that may be released without the employee's prior approval (in response to a written or telephone request), limited to:
- Confirming the fact and dates of employment, and title/position.
- A properly identified law-enforcement request for dates of attendance and last known address (verify authenticity of the request with Legal if in doubt).
- A request required by a federal, state, or local compulsory reporting law.
- A request from a Company agent or contractor who needs the information to perform services for the Company and is contractually barred from re-disclosing it.
- A lawfully issued administrative or judicial order or subpoena (verify with Legal).
Any other release requires the employee's (or former employee's) written request or authorization.
Letters of reference. As a general rule, avoid writing letters of reference, to limit the Company's liability exposure. Exceptions may be appropriate (for example, a facility closing and a letter would help a displaced employee find new work), and any letter of reference should be reviewed and approved by HR before it is sent.
Document every disclosure. Any release of personnel information outside the Company must be logged in the employee's file, including the date, nature and purpose of the disclosure, who disclosed it, and to whom.
Internal access
HR determines who may access an employee's personnel file for a legitimate business reason. Access outside HR requires that business justification. Unauthorized access to or use of employee information is subject to disciplinary action, up to and including termination.
Employee access to their own file
- An employee may examine their own personnel file by submitting a written request to their supervisor, stating the reason, and scheduling a time with HR during business hours. An HR representative will be present.
- The employee may request a copy of the file's contents after reviewing it.
- Certain records are excluded from employee access (unless required by state law), including: management planning materials (such as promotion/succession notes, planned compensation actions, and internal ratings used for management planning), records prepared for pending claims or grievances, security/criminal investigation files, and privileged attorney-client communications.
Computer-generated data and mailing lists
Requests for system-generated employee data, and any request for employee mailing lists, must be made through and cleared by HR.
Responsibilities
| Role | Responsibilities |
|---|---|
| Managers | Maintain required files; refer information requests to HR. |
| Human Resources | Maintain personnel files; respond to and authorize information requests; provide employees access on request. |
References
- Confidentiality of Medical Records / Employee Privacy policy
- Information Security and Access Control Policy
- Immigration/work-authorization verification policy
General information, not legal advice. Treat this as a drafting starting point, not a finished policy — employment law varies by jurisdiction and changes often, so have a licensed attorney tailor it to your situation before you rely on it.
AI Policy Drafter
Need to draft your own Human Resource Records policy? Do it here — free
Free access for HR professionals and corporate counsel. Complete the form below to apply.
Personal email domains (Gmail, Yahoo, etc.) are not accepted.
Submitting this form subscribes you to the ELINFONET newsletter. You may unsubscribe at any time.
Only your email address is retained after verification. All other information is used to confirm your professional credentials and then discarded.