The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 55 litigation. However, incomplete records such as missing performance reviews, unsigned acknowledgements or the wrong version of offer letters continue to plague organizations. The Society for Human Resource Management (SHRM) notes that employee- related lawsuits have increased over the last 10 years. In 2012, the Equal Employment Opportunity Commission (EEOC) statistics showed over 99,000 private sector employee discrimination charges, and the EEOC is not involved in most employee lawsuits. The money employers spend on lawsuits is staggering. NONCOMPLIANT RECORDKEEPING The retention requirements and criteria for different documents make recordkeeping a challenge. In addition to federal regulations of the U.S. Citizenship and Immigration Services (USCIS) and the EEOC, almost every federal employment act (such as ERISA, ADA, FMLA and OSHA) establishes document retention guidelines. States also have requirements that change based on industry. Every organization needs a records retention schedule with a written policy. Policies should cover which documents are created and retained, by whom, and in what location. You also need a policy and mechanism to preserve records in case of audit or litigation until the issue is resolved. You should also be careful of over- retention, as this drives up costs. If you have records that should have been deleted, they can become part of a lawsuit. A proper retention schedule provides for defensible destruction of documents. To maintain a compliant recordkeeping program, HR must manage documents and information throughout the employee life cycle, from hiring through retirement. As new forms, policies and regulations are implemented, files should be updated and out-of-date documents reviewed and deleted. Legal and HR professionals know that some employee documents do not belong in the same file as other documents. Best practices for compliant recordkeeping indicate that payroll, medical documents and background screens should be stored separately. Some companies maintain an investigations file with documentation related to employee complaints. If you have paper files, segregate these documents to avoid inadvertently giving access to the wrong people. Unemployment claims are another reason to have compliant, well-organized files. Companies with high turnover rates spend a lot of time responding to claims. Personnel documents that are not well- maintained make it difficult to fit within the response window. SHARING DOCUMENTS The last compliance risk is document- sharing. HR professionals know employee files must be tightly guarded. In companies where employee files are paper, the file room and/or file cabinets should be locked and a log maintained showing who accessed files. Personnel files are shared with people outside HR, which creates compliance issues. Employees may request a copy of any document they sign and can request other documents when they leave. Managers often need access to documents in an employee's file, such as performance reviews and training evaluations. During litigation or an audit, employee documents might be shared with outside counsel or external auditors and regulators. In a survey conducted by Archive Systems, 34 percent of HR professionals said they shared personnel documents with third parties at least once a month. Emailing scanned images and sending physical copies of files were the top two methods for sharing information, but both carry risks. Emailing a personnel document means you lose control over the document's security and have no idea how many more copies are created. There is no way to determine who sees the email message or where it ends up. This multiplies risk, increases an organization's exposure and creates a challenge for following a retention program that requires documents be eliminated at appropriate times. Compliance issues are compounded when sharing physical copies, too. Copies are mailed, faxed or overnighted — not exactly the best way to protect confidential documents. HR professionals have a responsibility to protect their organizations while also protecting employee information. Because of the sensitive nature of personnel documents, a data breach can lead to identity theft or worse. HR needs to protect employees' privacy. About the Author Gordon Rapkin has more than 35 years of experience as an executive in the software industry. He served as CEO of Archive Systems for six years before the company's recent acquisition by Access Information Management. Prior to that, Gordon was president and chief executive officer of Protegrity, a leader in enterprise data security management. Contact him at grapkin@archivesystems.com. In 2012, EEOC statistics showed over 99,000 private sector employee discrimination charges, and the EEOC is not involved in most employee lawsuits.