How Long to Keep Employee Files: A Guide for 2025

Maintaining accurate personnel records isn’t the most glamorous part of HR, but it’s among the most important. Beyond keeping daily operations running smoothly, proper record maintenance ensures legal compliance and minimizes risk exposure. 

But what should you keep, where should you store it, and for how long? With a medley of federal, state, and local laws to contend with, the answers aren’t so simple — and neither are the consequences. Getting it wrong can result in significant penalties, leave your organization vulnerable to lawsuits, and create operational inefficiencies that impact your entire HR function.

Below we explore the key laws that govern employee record retention and provide practical guidance for managing employee information effectively.

{{rich-takeaway}}

How Long to Keep Employee Files 

Overlapping regulatory bodies, federal and employment laws, and jurisdictions dictate record retention requirements. Because of the complexity of the regulations, many employers prefer to keep records longer than is legally required. Some HR professionals opt for a “better safe than sorry” approach and retain records indefinitely. 

I like to default to the most conservative route because a lawsuit could require documents [beyond] federal guidelines.

Broadly speaking, employers have covered most of their bases if they keep records for seven years post-employment. Within this framework, specific types of records have their own retention guidelines or requirements.

“I like to default to the most conservative route because a lawsuit could require documents from beyond what federal guidelines require you to keep documents for,” said Stephanie Wallaert, HR strategic partner at Atomus Partners, a consulting firm for small and mid-sized businesses.

Pre-Hire Records: 2+ Years

Documenting why and how you decided to hire an employee is essential to proving your recruitment and hiring process is fair and unbiased. For at least two years following a hiring decision, retain records like: 

• Job description
• Job application
• Resume
• Cover letter 
• Background checks
• Interview notes
• References 

Active Employee Records: 3-7 Years 

While pre-hire documentation focuses on recruitment decisions, active employee records encompass a broader scope of information. These include everything from an employee's personnel file to employment verification, performance reviews, and benefits enrollments. Organizations are advised to retain all of these documents while employees work at the company, plus for 3-7 years post-employment. Below, we look more closely at different types of employee records and break down the time requirements for each.

Employment Eligibility: 3 Years After the Date of Hire or 1 Year After Employment Ends

Keep Form I-9 for up to 3 years after the date of hire or one year after employment ends — whichever is later — according to the Immigration Reform and Control Act (IRCA). The US Citizen and Immigration Services provides a helpful calculator that allows you to simply plug in dates and determine how long you need to keep these records. 

To remain fully compliant with I-9s, you’ll likely need to store them separately from an employee’s general personnel file. “If a supervisor has access to an employee's personnel file, they are not permitted to have access to their citizenship information or eligibility to work in the US. So be sure to keep I-9s separate from an employee file,” Wallaert said. 

Correctly managing employment eligibility records is expected to become even more important under the Trump administration, as we’re already seeing an increase in workplace raids and experts expect the administration will increase audits, too. 

Payroll and Tax Forms: 4+ Years Post-Employment

Per IRS guidance, employers should retain tax records like W-4s, pension plan details, reported tips, time cards, records of paid fringe benefits, and copies of returns filed for “at least four years after filing the 4th quarter for the year,” post-employment.

Under Fair Labor Standards Act (FLSA) recordkeeping requirements, employers must keep payroll records for non-exempt workers for at least three years. HR teams should be prepared to hold on to them for longer in case of the need to defend against discrimination claims.

Signed 46 years after the Equal Pay Act, the Lilly Ledbetter Fair Pay Act strengthened workers’ ability to challenge pay discrimination by allowing them to file claims when they discover the discrimination, rather than when it first occurred, significantly extending the statute of limitations on bringing claims. While the Ledbetter Act itself doesn't specify how long employers must retain records, the Society for Human Resource Management (SHRM) recommends keeping payroll records for at least five years after employment ends — or even indefinitely — to ensure proper documentation is available if needed.

{{rich-highlight-1}}

FMLA Records: 3+ Years

Medical records and other documents related to requesting leave under the Family and Medical Leave Act (FMLA) should be retained for at least three years, according to FMLA recordkeeping requirements. 

These records include but are not limited to:

• Payroll and identifying employee data
• Dates that employees took FMLA leave
• All documents or notices provided by employees and employers about the FMLA leave
• Your company’s leave policies
• Information related to premium payments for employee benefits
• Well-documented records of any dispute between an employee and the employer relating to FMLA leave

OSHA Records: 5+ Years

The Occupational Safety and Health Administration (OSHA) governs work-related injuries and illnesses. To comply with OSHA recordkeeping guidance, HR should retain all records relating to workplace injury for a minimum of five years. SHRM recommends including: 

• Logs and records of injuries and illnesses and a summary of each incident 
• Employee medical records as related to the incident
• Documentation of any exposure to toxic substances

Per OSHA, between February and April of each year, companies are required to post a summary of workplace injuries or illnesses that occurred in the previous year. Employers are also required to share these records with employees or their representatives if requested. 

ADA Records: 1 Year

Employers should retain all medical records and documents related to requests for disability accommodations from employees and applicants, as well as the employer’s responses or accommodations. Under the Americans with Disabilities Act (ADA), private employers should keep such documents for one year after the request was made, or for a year after any involuntary termination. 

Termination Records: 1-6 Years

The US Equal Employment Opportunity Commission (EEOC) requires that employers retain employment records of involuntarily terminated employees for at least one year from the date of termination. 

Companies are wise to hold on to exit interviews, termination letters, and severance agreements for 5-6 years, depending on company policy and jurisdictional legal requirements.

Why Employee Record Retention Matters

Proper employee record management protects employers by ensuring compliance and providing evidence in the case of future claims. 

• Compliance: Avoid legal penalties by meeting regulatory requirements. As mentioned, the compliance requirements that govern employee records span multiple regulatory bodies and laws. Recordkeeping requirements vary across agencies, and employers must comply or risk non-compliance fines and penalties. 
• Risk Management: Protect the organization against future claims or disputes. Proper recordkeeping provides evidence against claims since discrimination claims can come months or years after an employee separation. 
• Operational Efficiency: Ensure quick access to records when needed. Companies often rely on a number of different software or digital locations to store employee information. A clear, organized, and documented recordkeeping policy helps you find the documents you need, fast. 

• Employee Privacy: Employee records and personnel files contain the most sensitive information. An effective record retention policy keeps employee data private and secure.

Best Practices for Employee Record Retention 

While record retention requirements vary by industry and jurisdiction, following these key best practices will help HR departments maintain legal compliance while operating efficiently.

1. Set clear policies.

Establish retention schedules and categories for different types of records. “Companies should maintain clear recordkeeping procedures that establish expectations for document storage, retention periods, and handling protocols across all HR team members,” said Wallaert. 

2. Digitize and automate.

Cloud-based HR information systems (HRISs) streamline document management by providing a centralized, secure database for all employee files. Select an HRIS that’s strong on access permissions, so HR teams can quickly retrieve documents while maintaining privacy, all while eliminating the need to manage physical copies.

3. Ensure secure disposal.

Follow privacy laws and best practices for disposing outdated records. Shred physical documents and be sure your HRIS or online database uses secure deletion strategies. Delete any information backed up in the cloud that could be synced to other devices. 

4. Conduct regular audits.

Proactive audits give you visibility into how well HR team members have adhered to document retention policies and help you spot potential snags before real issues arise. 

5. Think global.

If you’re an international company, you may have different requirements. “Don’t forget the global dimension. Different regions impose different privacy and recordkeeping rules, so be prepared to adapt your policies,” said Nadia Eran, a fractional head of people and people ops leader for Series A through C startups.

6. When in doubt, keep or consult.

Even with your HR expertise and industry resources, you may still have questions when navigating record management. In those cases, keep the documents or consult an expert. Employment attorneys or HR compliance specialists can advise on the more ambiguous cases and ensure the business is protected.

{{rich-highlight-2}}

Cost of Noncompliance in Employee Record Retention 

Getting employee recordkeeping wrong can be disastrous for employers, resulting in fines or even criminal charges. Here's an overview of the main costs associated with noncompliance.

Fines: Fines are the most common consequence of improper recordkeeping and can be levied against a business on the federal, state, or even local level. Fines may come from OSHA, the IRS, or other agencies, but there are also state-specific penalties. 

Lawsuits: Not only does compliant, secure recordkeeping provide evidence in the case of a lawsuit, but failure to do so could be cause for litigation. In the precedent-setting case of Dittman v. UPMC, the judge ruled in favor of plaintiffs in a class-action lawsuit that alleged the University of Pittsburgh Medical Center and UPMC McKeesport breached its “legal duty to exercise reasonable care to safeguard its employees’ sensitive personal information” after 62,000 UPMC employees' data was stolen from computers. The data accessed and stolen included such sensitive information as social security numbers, birthdates, addresses, and tax forms. The Pennsylvania Supreme Court ruled that it was the employer's responsibility to ensure this employee data remained safe and secure while stored in their digital systems. 

Loss of Licenses: Companies or individuals in certain industries, notably heavily regulated industries like healthcare, are liable to lose licenses if found to be in violation of secure and compliant employee recordkeeping.

Criminal Charges: In serious cases, business owners, board members, or executives can face criminal charges for failing to properly maintain records.

Balancing Compliance and Practicality

Federal laws create a complex framework of record retention requirements that HR departments must navigate carefully. For example, the EEOC and IRS each have different requirements for employee documents. 

As both a business and HR leader, you have to balance compliance, risk, and practical implementation.

Some states and industries may have specific rules, too. For example, Illinois passed the Biometric Information Privacy Act in 2008, which requires private companies to obtain written consent before collecting or storing biometric data. For companies, that might mean fingerprints or facial scans used to access digital or physical workspaces. Financial institutions, healthcare companies, and manufacturing businesses also have specific documentation requirements. Given their particular regulatory frameworks, businesses in these industries would benefit from specialized HR expertise. 

“Ultimately, as both a business and HR leader, you have to balance compliance, risk, and practical implementation. When your record retention strategy integrates these priorities, you set your company up for smarter growth — and avoid the legal and operational pitfalls that can stall success,” said Eran.

How Lattice Can Help

Choose the right system of record to help organize and automate the specifics of employee records management. Lattice helps HR teams avoid the crux of record management challenges by supporting compliance and risk management with a system that powers operational efficiency. Lattice ensures employee information is stored with respect to privacy and security while remaining available to those who need access. 

‍Book a demo with Lattice HRIS today to learn more. 

{{rich-highlight-4}}