How Long to Keep Employee Files: 5 Best Practices for Compliance

Keeping accurate and organized employee records is a critical part of HR, not only as a basic business function but also as an important legal protection. HR compliance mistakes can cost a business thousands of dollars. For example, I-9 mistakes can cost employers upwards of $2,500 per instance, with one business recently being fined over $1.5 million dollars.

In addition to being risky to your business’s bottom line, incomplete data and discordant systems can create HR headaches. Employee records, or personnel files, are important documents that track your employees’ relationship with your company over time and document important employment interactions and decisions. Plus, the information you collect will depend on your business’s needs and the many state and federal legal requirements.

What’s the best way to maintain employee records, especially as employee hires and exits create a constant flow of data to manage? And how long does your business need to keep records to stay compliant with legal regulations?

We’ve got answers to these important questions and will cover everything you need to know to keep your employee records accurate, up-to-date, and compliant, so you can focus on the peoplework, not just the paperwork.

1. How Long to Keep Employee Files

The length of time you need to hold onto employee records depends on the type of document and your state and local regulations. According to SHRM, many employers use a seven-year rule for getting rid of employee documents, as that generally covers state and federal regulations. Keep in mind that shorter rules exist for I-9 forms and longer time periods apply to documents like OSHA exposure records.

The laws around how long to keep employee records vary depending on the record type and by state. It’s important to check with your legal team or a consultant to make sure you understand the regulations that apply to your organization and your location. Here are some good rules of thumb to get you started:

Employee Personnel File Documents: 2+ Years

Keep hiring records, including interview notes, resumes, drug test results, and any other documents related to the hiring decision for at least one year after making the hire, unless state law dictates otherwise. Note that this year-long timer doesn’t start until your hiring decision is official (offer letter sent and accepted).

Maintaining employee records for at least this long will help your organization show that your hiring process is fair and unbiased (assuming it is both of those) if questions arise down the road.

Performance or disciplinary records should be kept at least two years after the end date, especially if an unemployment claim or lawsuit happens.

Employee personnel files can include any of the following documents:

Hiring and Applicant Tracking Documents

Employee Personal Data

Onboarding Documents

Employee Performance Records

Get the full picture with powerful employee data insights.

With BambooHR, you can manage and report on your sensitive people data with an organized, secure database—no technical experience required.

Get a Free Demo Today!

Employment Eligibility Documentation: 3+ Years

Your company should keep an employee’s Form I-9 for at least one year after termination or three years from their hire date, whichever date is later. These rules come from the U.S. Citizenship and Immigration Services; they offer a handy calculator on their website to help you figure out how long you need to keep these employee records.

Because this form contains personal information protected by the EEOC like age and national origin, it’s best to keep these files separate from personnel files to protect against discrimination claims and to ensure they can be accessed and shared quickly if requested.

Family and Medical Leave Act (FMLA): 3+ Years

Whenever an employee requests FMLA leave, you should immediately begin maintaining related records, even if your organization ultimately denies that employee’s request. FMLA regulations state that employers must keep any related records for at least three years. These records include:

Make sure to keep any FMLA-related medical records of the employee or their family members confidential and separate from their regular employment records. It’s also worth checking with your legal team to ensure your recordkeeping is in compliance with laws that may apply like the Genetic Information Nondiscrimination Act and the Americans with Disabilities Act.

Payroll and Tax Records: 4 Years

This is where maintaining employee records can get a little confusing and is why most companies round up to seven years to more than cover most legal requirements. There are many documents related to payroll and just as many regulations. (We’ve written an entire article just on keeping payroll records.) It’s best to err on the side of caution and speak with a professional about how long to keep employee records around pay, but here are some basic numbers.

According to the Department of Labor, companies should keep records that have to do with wage calculations for at least two years, including:

Companies should retain the following documents for at least three years:

The IRS has its own regulations for tax records as well. Employers must maintain employee tax records for four years, and these records should include:

Benefit Records: 6+ Years

The Employee Retirement Income Security Act of 1974 (ERISA) requires organizations to keep employee records around retirement plans, such as fiduciary plan documents, contracts and agreements, participant notices, and compliance documents for the length the employee is enrolled, then “at least six years from the date the report was filed.” You can find more specifics here, as there are quite a few rules to understand.

As one ERISA attorney advises, “[M]y advice to plan sponsors? When in doubt, keep it. Keep a written records retention policy, and always consult your ERISA counsel before destroying any plan records.”

In addition to these regulations, the Equal Employment Opportunity Commission (EEOC) also requires employers to “keep on file any employee benefit plan (such as pension and insurance plans) and any written seniority or merit system for the full period the plan or system is in effect and for at least one year after its termination.”

Medical Records: 30+ Years

HIPAA regulations require that medical files be kept secure and stored separately from personnel files because they contain sensitive and confidential information.

Personal information in medical files like age, sex, disability, or genetic information is also protected by EEOC.

2. How to Store and Maintain Employee Records

Now that you know which employee records you need to keep and for how long, it’s time to answer the next question: How do you properly maintain employee records so they’re organized, accurate, and secure? There are three methods for keeping employee records, and we’ll give you a snapshot of each.

Best Option: HRIS

There’s a reason so many HR professionals are shifting to cloud-based employee databases.

When you use a platform like BambooHR for your employee records, you have access to everything you might need in a single, secure (and paperless) database. Staying organized is a breeze, tracking down the right document is a matter of clicking a few buttons, and you can trust that your data is secure at all times.

Manage employee data the easy way.

Say goodbye to outdated spreadsheets and hello to centralized employee records! From electronic signatures to tax documents, BambooHR keeps employee data organized and secure.

Explore Employee Database Software

Physical Records

If you’re a small organization with only a handful of employees, physical recordkeeping with paper forms and filing cabinets quickly gets out of hand given how many records you need to keep for extended periods of time. Besides the physical space requirement of this type of recordkeeping, paper records are less secure and easier to lose (or accidentally destroy).

Physical time tracking leaves too much room for error and is time consuming to process. Thankfully there are better options!


A step above physical records, spreadsheets and digital documents can be easier and faster to navigate than a pile of paper. This method may also offer another layer of security depending on how your computer is set up and who has access to the files. However, even spreadsheets have their limitations, are hard to reconcile, and quickly become more complicated than helpful, especially as your organization grows.

Expert Tip: Protect Employee Data Security and Access

Let’s state the obvious: all stored employee data should be kept secure and confidential while you’re its steward. A data breach will mount enormous costs in customer confidence, employee trust, and your bottom line. Prevention is the best defense, so make sure your system of choice employs data protection measures like SOC-2 compliance.

Limit access within your organization to only those with a legitimate business need. Train employees who do have access to employee records on data privacy (GDPR) and protected class laws.

3. How to Handle Employee Record Requests and Audits

Companies are required to securely keep employee records in the event an employee exercises their right to access per state law or another situation where court or government requests or audits company files for compliance. HR managers should have a process in place to handle employee record requests.

Only authorized and trained employees should have employee record access to ensure sensitive information is protected. Proactively auditing employee records for completion, accuracy, security, and compliance is wise.

4. How to Properly Dispose of Employee Records

HR managers should have a process in place for disposing of employee records that are no longer needed. After the legal requirement for employee records has lapsed, all records should be destroyed in a manner that any information cannot be reconstructed and in accordance with state and federal regulations regarding record disposal.

5. How to Keep Employee Records the Easy Way

At first glance, employee records are easy to overlook, as they are usually a means to an end. However, the risks and costs associated with compliance mistakes and data breaches can sink a company overnight!

The sheer volume of information for incoming and outgoing employees creates constant opportunities for mistakes and errors. With the stakes being so high, careful employee data storage, security, organization, and disposal is non-negotiable.

The good news is, you don’t have to manage it all by yourself. BambooHR can help you collect and maintain your employee records in a single, secure system. Employees can input, edit, and access their data digitally. Sensitive employee information is kept in separate folders only visible to those with permission. Reports make data audits easy and provide insights into what’s working well and where to focus. And our easy-to-use software is backed by an award-winning support team.

You can side-step complexity and compliance issues while creating efficiency and security all with a great HRIS and some helpful legal counsel. Create peace of mind knowing your employee records are in order and focus on building people instead of processes and spreadsheets.

An Award-Winning, Complete HR Platform

In BambooHR everything works together to help you manage data and benefits, hire talent, run payroll, and help employees thrive. Best of all, it's easy and intuitive for busy HR teams!

Learn More Today