As an employer, you handle some very sensitive information regarding the people who work for you. Employee personnel files often contain private information, including everything from Social Security numbers to medical records and bank account information. There are some very stringent federal and territorial laws regarding who is able to access these records and why.
However, despite all of the reasons why employers might feel most comfortable keeping these records under lock and key, there are certain circumstances in which employees might need to access personnel records in the scope of their duties. So how can employers be sure that this information stays private—even when there’s the potential that people will be looking at it?
The following are a few tips that can help you ensure all personal information stays confidential:
- Know the laws: Make sure you are completely familiar with all of the applicable territorial and federal laws that deal with employee records, and have processes in place internally to follow them. The law requires you, for example, to keep employee medical records in separate confidential files.
- Embrace security: All personnel files containing sensitive information should be kept in secure locations. Physical files should be locked away in filing cabinets that are not accessible by other employees—potentially in an offsite facility. Digital files should be encrypted and password protected, and should be kept behind a number of security systems. Again, they should never be available to the general public.
- Keep access restricted: The number of people who have the authority to access personnel records should be kept as low as possible. Only those who have a legitimate need should be able to access them. Examples of people with a legitimate need include employees attempting to access their own records, HR personnel and certain managers.
- Have a written privacy policy: This policy should explain who will be able to access employee files, how employees may go about obtaining copies of their own files and how the company will handle medical documents and other special records with sensitive information. This privacy policy should be distributed to all employees, and there should be an open-door policy to ensure anyone with questions is comfortable with the process.
As an employer, you should also make it a point to occasionally review all personnel files to make sure all of the pertinent information is included and up to date, and to make sure you are abiding by all rules and regulations regarding this information. Reviewing documents and correcting any errors is an important aspect of compliance in this area.
Consult an experienced labor and employment lawyer for more information about how you can protect your employees’ privacy and abide by all relevant privacy laws.
Ravinder S. Nagi is Chair of the BoltNagi Labor & Employment Practice Group. BoltNagi is a widely respected and well-established labor and employment firm proudly representing management clients throughout the U.S. Virgin Islands.