How to Handle Employee Data the Right Way | Vision Law®

Call For A Free Consultation (855) 534-1490

A logo of Vision Law® - Trusted Law Firm

Call For A Free Consultation (855) 534-1490

Call For A Free Consultation (855) 534-1490

Close-up of two people's hands reviewing a legal document on a tablet during a business meeting.The Types Of Employee Data You Can Collect And Retain

So what types of employee data are legally permissible for you to collect and hold on to? Statewide, you are lawfully allowed to collect and retain personal information, employment history, performance evaluations, medical information, and I-9 information.

However, this data must be collected and used in compliance with California privacy laws and regulations. For example, all private medical information must be kept separate from employee personnel files and must be made available only to those who need to know (such as management). I-9 documentation must be kept in a separate file from employee personnel files, as well.

Finally, you may not ask about an employee’s salary history or convictions in job applications or interviews. Any inquiry regarding criminal convictions via background check can happen only after you have made a conditional offer of employment.

How Long Can Employee Data Be Kept?

In California, you should retain employee data (pre-employment through termination) for at least four years following their departure from your company. This range is based on the statutes of limitations under the Fair Employment and Housing Act (FEHA) for discrimination, harassment, wrongful termination or retaliation-related claims.

Payroll-related information, including pay stubs and time records, should be kept for at least four years, as well. However, if this data is in electronic form, it is advisable to maintain the data for at least 10 years.

Mistakes In Data Management That Increase Risk

Decreasing risk in data management should be a key goal for any business owner. Common mistakes in data management include failing to implement adequate security measures, not having clear data retention policies, and not regularly reviewing and updating your data management practices.

In a litigation setting, all data (including electronic data) relevant to the claims must be retained and secured. This is known as a “litigation hold.” Failure to implement a litigation hold at the beginning of civil litigation can result in severe sanctions, including potential entry of judgment against your company.

The Consequences Of Data Breaches

Data breaches involving employee information can be especially harmful to your business. Consequences of a breach can include legal penalties, lawsuits, and damage to your company’s reputation. Employees whose information has been compromised may also experience financial loss and identity theft.

To mitigate these risks, you must implement robust security measures, have clear data management policies, and respond promptly to any data breaches.

Author Box logo - Law Offices of David A. Kaufman, APC

Attorney Scott Shibayama has been advocating for California businesses for nearly 30 years. Based in Sacramento, he helps small business employers avoid lawsuits and litigation.

Attorney Shibayama now wants to make sure every business owner and employer can protect themselves by sharing insights learned defending Fortune 500 companies.

Connect with his firm, Vision Law®, to stay updated on the latest developments in California Employment Law and gain valuable insights needed to prevent vulnerabilities or employee litigation.

Call For A Free Consultation - (855) 534-1490.

Home » General Blog » Chapter Three: How To Handle Employee Data The Right Way
Accessibility Accessibility
× Accessibility Menu CTRL+U
Toggle enhanced keyboard navigation Keyboard Nav Big cursor is enabled Big Cursor Contrast + Invert Colors Dark Contrast Light Contrast
Bigger text is enabled Bigger Text
Desaturate colors is enabled Desaturate Underline links is enabled Highlight Links Legible fonts is enabled Legible Fonts Read page Reset All