Federal, state, and local agencies require businesses to maintain employee documents and records, and failing to comply can result in costly fines, plus the potential for audits or legal disputes. Whether you have one employee or hundreds, you need to know which records to keep, for how long, and how to store them properly.

Employee record retention requirements

Employee record retention requirements vary depending on the document and the government agency. Listed below are the most common categories and federal timelines, though your state may require longer retention periods. 

Hiring and eligibility records

  • I-9s: You must have a Form I-9 on file for each person you hire for up to three years after the date of hire or one year after their employment ends, whichever is longer.
  • Job applications: The U.S. Equal Employment Opportunity Commission (EEOC) requires employers to retain job applications for at least one year after the hiring decision is made. 

Tax and payroll records

  • W-4s: You must have W-4s on file for each employee for at least four years.
  • Payroll records: You must keep employee payroll records for at least three years, and two years for wage calculations and adjustments.
  • Tip and overtime records: You must maintain tip and overtime records for at least three years to comply with wage regulations. 

[Read more: A Complete Guide to Filing Your Business Taxes]

Leave and benefits documentation

  • Family Medical Leave Act (FMLA) records: You must keep accurate FMLA records for each employee for three years.
  • Health Insurance Portability and Accountability Act (HIPAA) records: You must keep HIPAA records on file for at least six years after the day they were created or from the date when they were last in effect, whichever is longer.
  • Health plan records: COBRA and health plan records must be kept for at least six years after the plan ends. 

Safety records

  • Occupational Safety and Health and Administration (OSHA) records: You must keep OSHA records for five years following the calendar year they cover.
  • Exposure or toxic substance records: OSHA standards require employers to keep exposure or toxic substance records for 30 years after the employment ends. 
You must have a Form I-9 on file for each person you hire for up to three years after the date of hire or one year after their employment ends, whichever is longer.

How to store sensitive records securely

Employee files often contain personally identifying information data, like Social Security numbers, medical records, and bank details. Mishandling this data can expose your business to identity theft risks and data privacy violations. Here’s how to store these records securely:

  • Digitize your files: Digital records are easier to organize, back up, and access securely. Use reputable cloud-based HR or payroll systems that come with encryption and multifactor authentication.
  • Limit access: Use role-based permissions to ensure that only authorized personnel can view sensitive data. Keep an access log so you can see when files are opened or changed.
  • Protect physical records: If you do have paper records, store them in locked file cabinets within a restricted area.
  • Dispose of outdated records properly: Use shredders or secure data deletion tools to ensure old files can’t be recovered. This step is especially important for compliance with HIPAA and state privacy laws.

[Read more: 7 Things Your Small Business Should Still Document on Paper]

Recommended retention tools for small businesses

The following tools can help you organize and manage employee records, even if you don’t have a large HR department. 

HR and payroll platforms

Platforms like GustoQuickBooks Payroll, and BambooHR allow you to maintain digital employee files, payroll records, and benefits documentation in one place. Many also provide compliance checklists and retention reminders.

Cloud-based storage systems

Small businesses can use Google WorkspaceMicrosoft 365, or Dropbox Business to securely store digital files. These platforms provide encrypted storage, permission-based access, and automated backups, keeping sensitive information secure. 

Document management software

If you handle a high volume of employee records, document management tools like Zoho WorkDrive or DocuWare can streamline your recordkeeping. They support automated retention schedules, audit trails, and file access tracking.

Finally, create a written record retention policy that defines which records are stored, where they’re kept, who maintains them, and when they’re destroyed. Having a formal policy ensures consistency and can serve as proof of compliance during an audit.

Jessica Elliott contributed to this article.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Brought to you by
Enter the FedEx Super Bowl LX Sweepstakes
Register now* for a chance to win a trip for two to Super Bowl LX!* The rush of excitement. The roar of fans. The thrill of the ultimate game-day experience. You and your guest could be there, cheering your team on from the stands.
*NO PURCHASE NECESSARY. See fedex.com/nflsweeps for rules and regulations.
Learn More
a football in a stadium
Published