Many organizations use the quiet summer period to purge their cupboards of long collected papers and documents.
While larger organizations have moved to the use of computerized human resource information systems (HRIS), this too is included in the annual summer purge. Yet, don’t be too hasty, especially with personnel records. In fact, personnel records as well as other important documents may have a “legislated” life cycle and specific protection requirements that you need to be aware of and abide by.
Personnel records are created to help ensure good decision making, monitoring and accountability with respect to the life cycle of a staff person in an organization. Typically, these files include documents relating to the hiring process as well as personal address, social insurance number, next of kin, pay and benefit information, attendance and leave notations, performance reviews, training, transfer, promotion, disciplinary actions and grievance proceedings, as well as termination information.
The information needs to be accurate and since it is sensitive and private, it must be kept confidential with restricted access. Access may have been easier to manage in the paper-based world, and must be even more carefully managed now that information technology has taken hold of our lives.
As a professional HR consultant, I frequently meet many managers who are confused and/or ignorant of many regulations pertaining to personnel records. This can easily be overcome by reviewing the various pieces of legislation that govern these documents, such as the Employment Standards Code, the Canada Labour Code as well as PIPEDA (the Protection of Personal Information and Electronic Documents Act), FIPPA (the Freedom of Information and Protection of Privacy Act) and PHIA (the Personal Health Information Act). Corporate managers and HR professionals need to be fully aware of all the requirements under these statutory instruments.
As well, I often find managers are confused about how many personnel files there should or could be. According to Tracey Epp, a labour relations lawyer with Pitblado, LLP, organizations may maintain two types of personnel files — that of a “master” file typically kept by an HR manager and a medical file, should this be required. Some employers also maintain supervisory files containing routine day-to-day work information that is typically unrelated to an employee’s contractual relationship. However, collective agreements may prohibit having more than one personnel file.
Medical files, on the other hand, require special attention. Once an HR manager receives any medical information on an employee, they become a trustee and are fully responsible for securing the safety of the information. This means controlling both storage and access. Epp suggests that the medical file be “sealed” and whenever the seal is broken that entry is documented with the name and date of who had access. Finally, she suggests returning the medical information to the employee once there is no longer a need.
However, Epp says any and all documents, be they paper-based and/or electronic including email, transcribed voice mail or Facebook/Twitter messages, are considered valid documents and can be entered as evidence should litigation take place sometime in the future.
Another area of confusion with respect to personnel files is how long to keep the documents. While legislation does outline specific retention dates of six to seven years, Epp goes further to suggest that personnel files be kept as long as is practical, even after a person departs from the organization. This retention practice serves as a protection for the organization should any litigation arise in the future where former project team members need to be contacted and/or if an individual applies for re-employment but is unknown to new HR staff.
Personnel files and documentation are only one common area of confusion for many HR and general managers. Another area of confusion and a growing concern, for that matter, is social media and how this may create liability for both employees and their organization. Whereas social media have moved from innovation to mainstream application, we are learning about a growing number of stories on how an organization’s reputation has been damaged by the social media antics of a disgruntled employee and/or an activist group that may oppose an organization’s products or services.
To overcome the potential risk of reputation damage and other litigation risks, all organizations, be they public or private sector, need to ensure that employees are well aware of the fact there is no such thing as privacy in social networking. Employees need to know their employer has the right to monitor staff Internet use while employees are at work and/or using employer-owned equipment or systems, but also that the employer expects that employees will be respectful in their use of social media. Finally, employees need to know that all HR policies and principles that guide employee behaviour including harassment, discrimination and ethical behavior also apply to social media communication. There are no exemptions.
At the same time, Epp suggests that organizations need to have clearly defined policies and practices for the use of all social media avenues. This would include defining who is authorized to speak on behalf of the organization as well as defining the type of material considered appropriate and/or inappropriate for broadcast.
In addition, Epp suggests that employees be given training on general communication principles to help make them aware of the risks they might create for themselves. They need to think about who their audience is, where the lines lie between personal and professional, how they can protect themselves and their own privacy, to focus on facts rather than opinion and to always use their best judgment.
Finally, employees need to be aware and accept that no matter whether they are at work or not, their behaviour can affect their career reputation as well as that of their employer.
While the issue of personnel documents and file policies and practices has been a mainstream issue for decades, policies are essentially “living” documents that must be changed and upgraded to confront the issues of the times. Thus, developing policies for the electronic storage and protection of today’s HR files as well as developing policies for employee communication through social media must be addressed. You cannot leave this issue to chance and the goodwill of employees; there is just too much risk.
Barbara J. Bowes, FCHRP, CMC is president of Legacy Bowes Group, a Manitoba-based talent management solutions firm. She is also host of the weekly Bowes Knows radio show and is the author of the newly released bestseller, Resume Rescue. She can be reached at [email protected]
This initially appeared in the August 28, 2010 edition of The Winnipeg Free Press