As a by-product of running any business, employers receive a significant amount of information about their employees, some proprietary, some not. In any event, employers are tasked with maintaining this information, and making sure that it doesn't fall into the wrong hands.
Personnel records should be maintained in a secure location. Define what each personnel file will contain and provide that list in your policy. Employees should be able to determine what generally is in their file, even if they don't have the physical file.
Establish defined periods, after an employee's separation, for retention and ultimate destruction of personnel files. These periods should be scheduled to coincide with applicable laws, which will vary from industry to industry.
Be aware of where critical employee information and corporate data are located, whether electronically stored or in paper form and be able to identify who has access to them. Develop an acceptable use policy for all employees that outlines appropriate use of corporate assets and employee information. The policy should also outline the procedures the company will follow when a policy violation takes place.
Information security is a group effort. Require employees who become aware of security breaches, or who suspect the potential of information being lost or misused, to notify appropriate IT, HR, and/or other management contacts immediately.
Preservation is key. Be able to place a "litigation hold" to preserve relevant information when litigation may reasonably be anticipated. Create a team that includes legal counsel, IT, HR, and (as appropriate) operational division personnel that will convene and organize a hold when a need is perceived.
As with any workplace policy, consistently enforce your information policies and procedures.
To speak with one of our attorneys about managing employee information, call Kramer Rayson LLP at 865-525-5134 or contact us online. With offices in Knoxville and Oak Ridge, we regularly serve clients throughout the state and beyond.