HR Toolkit

HR Policies & Employment Legislation

Sample Policies on Common HR Topics

Employee records

Organizations create and retain documentation on employees in order to effectively manage their workforce. Employee records provide employers with a consolidated place to store employee information, and provide documentation to substantiate decisions on hiring, promotion, compensation, disciplinary action and termination. An employee records policy should identify the information that is collected and retained in employee files, why the information is collected, who has access to that information, how it is used and how long employee records are retained.

Legal requirements

There are a number of legal requirements that organizations need to consider when establishing their employee records policy and procedures:


Required information

Provincial employment standards mandate the collection and retention of some specific employee information, particularly with respect to payroll (refer to Compensation), so it is important to review employment standards requirements for your province when determining what information your organization will keep in employee records.


Privacy legislation and privacy requirements for employee records

Some provinces have privacy legislation to address privacy of personal information collected by organizations. Organizations in all other provinces and territories must comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). All privacy acts address the issues of what and when employee information is considered to be personal information that is subject to the provisions of the privacy legislation.

For organizations in the Yukon, Nunavut and the Northwest Territories the collection of employee information is subject to PIPEDA because all private sector activity is under federal jurisdiction in the territories. PIPEDA applies to personal information that is collected, used or disclosed in the course of commercial activity. PIPEDA also states "personal information does not include the name, title, or business address or telephone number of an employee of an organization."

For organizations in all provinces except Alberta, British Columbia, and Quebec, an employee's personal information that is collected to support the employer/employee relationship is not subject to the privacy legislation when the information is held by the organization within the organization's offices. However, once an organization enters into a commercial relationship such as hiring an agency to recruit for a position or sending employee information to any outside payroll service or benefits provider, the privacy legislation will apply.

Even if the information you collect about your employees is not subject to privacy law, employees have come to expect that their personal information will be kept private. Therefore, the best approach to an employee's personal information is to treat it as though it is subject to privacy legislation.

PIPEDA sets out 10 privacy principles for the collection, use, disclosure and retention of personal information. The provinces with privacy legislation have similar privacy principles. Your organization can ensure good practice in maintaining employee records by applying these privacy principles:

  1. Accountability
  2. Identifying purpose
  3. Consent
  4. Limiting collection
  5. Limiting use, disclosure, and retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual access
  10. Challenging compliance


Links and Resources

Links to Provincial Privacy Acts

Application of the Personal Information Protection and Electronic Documents Act to employee records

The Privacy Commissioner's website also contains information about PIPEDA including fact sheets, information for individuals and businesses, a privacy quiz and a blog.


Information in employee records

There are a number of items, in addition to information that is legally required, that organizations usually keep in employee records:

  • Employee's resume
  • Letter of employment/employment contract
  • Salary or wage history
  • Performance related documentation including information such as appraisals, commendations, and disciplinary action
  • Tax forms

Organizations should be intentional regarding the information they keep in employee records to ensure privacy, and to manage administration and storage costs.


Security of personnel files

Organizations should establish a secure location for storing employee records - most often this location is a locked filing cabinet in a locked office, usually belonging to the executive director or the HR professional on staff.

Employee access

An employee has the right to review his or her own employee records. Organizations should specify how employees get access to their employee records. Typically organizations do not allow employees to remove the file from the area in which files are kept. Furthermore, in order to maintain the integrity of the employee records, employees are not usually permitted to remove or add anything to the content of the file. However, organizations should establish a process for ensuring the accuracy of employee information. This process should include an option whereby employees can formally request an update to information contained in their personnel file.


Sample policies

Staff Files - Community Foundation of Ottawa (PDF - 39KB)

  • Lists the contents of employee files
  • Provides clear instruction on access to the files

Employee Records - A National Organization (PDF - 12KB)

  • States the organization's commitment to protecting personal information
  • Gives a detailed list of procedures to follow