How Long Can Employers Keep Employee Records? A Record Retention Guide for Frederick Small Business Owners

by | Blog

Key Takeaways

  • How long you keep a document depends on what it is, which law applies, and sometimes your state’s rules as well.
     
  • A practical baseline is to keep general personnel records for at least two years, payroll tax records at least four years, benefits records at least six years, and certain medical or exposure records much longer.
     
  • Keep your employees’ Form I-9s for three years after the hire date or one year after termination (whichever is later).
     
  • Good record retention keeps you compliant and gives you support in audits, wage disputes, unemployment claims, and discrimination claims.

 

I’ve talked to a lot of business owners who lean on the old “hold on to it for seven years” rule for employee records and assume they’re covered. And they are… sometimes.

But record retention isn’t one universal deadline. And getting the timing wrong can leave your Frederick business exposed in an IRS audit or an employment dispute. 

So, to make building a defensible recordkeeping system easier, I’ve broken the requirements into practical categories below.

 

Why do employers need to keep employee documents?

Maintaining meticulous employee records is a critical risk-management strategy. Your documentation is your primary line of defense in a few situations:

1. Tax audits

The IRS operates on a guilty-until-proven-documented basis. If you can’t produce W-4s, W-2s, and payroll registers, an auditor can disallow your labor deductions. 

2. Proof of Wage and Hour Compliance (FLSA)

Under the Fair Labor Standards Act (FLSA), the burden of proof regarding hours worked rests solely on YOU, the employer. You need timesheets and records to prove the exact hours your employees have worked, and pay stubs to show that the math behind gross and net pay is accurate.

3. Meeting Federal Retention Requirements

Different agencies have different clocks for how long you must store documents. Failing to meet these timelines can trigger massive fines during a surprise inspection.

 

Is seven years long enough to keep employee records?

The seven-year rule is a useful shorthand for some records, but it’s not a complete policy. It might cover many employment records conservatively, but it misses shorter deadlines for routine cleanup and longer deadlines for items like I-9s, benefits records, and certain medical or exposure files.

A better way to categorize employee documents is by tiers:

Record Type

Retention Time

General personnel records

2+ years

Hiring records

1+ year after hiring decision

I-9 forms

3 years from hire or 1 year after termination, whichever is later

FMLA records

3+ years

Employment tax records

4+ years

Benefit records

6+ years

Certain medical/exposure records

30+ years

 

How long should small business owners keep general personnel files for employees?

A good working rule is to keep general personnel file documents for at least two years. Or longer if they relate to hiring decisions, discipline, termination, or a live dispute. 

And by general personnel file documents, I mean:

  • Job applications, resumes, and interview notes
     
  • Offer letters and signed acknowledgments
     
  • Job descriptions and onboarding documents
     
  • Pay rate changes, promotions, and transfers
     
  • Performance evaluations and training completions
     
  • Disciplinary notices, complaints, and leave records
     
  • Layoff or termination documents

Documents tied to the hiring decision itself (resumes, interview notes, references, and test results) should be kept at least a year after you’ve made the final hiring decision. Because if someone later claims your hiring process was discriminatory or inconsistent, those records may be your best evidence that it wasn’t.

And for former employees, keep discipline and performance records for at least two years after termination. Because those are exactly the records that become relevant in unemployment claims or employment disputes.

I know this is a lot to keep on hand. But record retention is a relatively low-cost compared with the time and expense involved in defending a claim without documentation.

 

How long should employers keep Form I-9 and employment eligibility records?

You should keep Form I-9 for three years after your employee’s hire date, or one year after termination (whichever date is later). So you’ll want to track I-9s separately instead of lumping them in with your general personnel-file schedule.

A clean approach is to keep I-9s in a separate file system with limited access. That helps with two things:

  • Quicker response if immigration records are requested
     
  • Less risk that protected information is mixed into routine employment files

Even a simple spreadsheet tracking hire date, termination date, and I-9 destruction date can make this easy to manage.

 

How long should small business owners keep employee FMLA records?

FMLA (Family and Medical Leave Act) related records should be kept for at least three years. Even if your employee’s leave request doesn’t actually result in approved FMLA leave.

FMLA records include:

  • Employee identifying information
     
  • Payroll records
     
  • Dates and hours of FMLA leave
     
  • Employee notices and employer eligibility notices
     
  • Benefits premium payment records
     
  • Records of disputes involving leave requests
     
  • Documentation of leave policies

 

How long should employers keep payroll and tax records?

You’ll want to keep employment tax records for at least four years. Some payroll-related records under wage-and-hour rules must be kept for three years, and certain wage calculation support for two years. 

Payroll records include what you paid your employees, as well as how you calculated that pay, what was withheld, how benefits and reimbursements were handled, and what was reported to tax agencies.

For IRS purposes, keep tax records like:

  • Your EIN
     
  • Amounts and dates of wage and pension payments
     
  • Employee names, SSNs, dates of employment, and occupations
     
  • Forms W-4 and returned W-2s
     
  • Tax deposit records
     
  • Copies of filed tax returns
     
  • Documentation supporting claimed tax credits

Also, wage-and-hour rules under the FLSA require retention of payroll records and related agreements for at least three years, with supporting wage calculation records often kept at least two years. That includes:

  • Timecards
     
  • Wage rate tables
     
  • Work schedules
     
  • Piecework records
     
  • Additions to or deductions from wages

 

How long can employers keep employee records for benefit plans?

Benefit records need to be kept for at least six years, and sometimes for the full duration of the plan plus an additional retention period. Retirement plan records in particular follow longer retention rules because they support reporting, fiduciary oversight, and participant rights.

Retirement plan-related records may need to be maintained for as long as your employee participates and then for at least six years from the filing of the last relevant Form 5500. Those records include:

  • Plan documents
     
  • Contracts and agreements
     
  • Participant notices
     
  • Compliance records
     
  • Fiduciary materials

 

How long can employers keep employee records for medical information?

Under OSHA standards, employee medical records must be kept for the duration of employment plus 30 years.

Those records include:

  • Medical questionnaires/histories
     
  • Examination results
     
  • Medical diagnoses or recommendations from physicians
     
  • Documentation of treatments and prescriptions provided for workplace issues.
     
  • Employee medical complaints

First-aid logs for minor scratches or scrapes don’t have to be kept for 30 years. And general injury and illness logs (Form 300, 300A, and 301) usually only need to be kept for 5 years. 

Basically, if a record concerns an employee’s health status and was created or maintained by a physician, nurse, or other health care professional, apply the 30-year rule.

 

How should small businesses store employee records securely?

Your employee records should be stored in a way that protects confidential data, limits access, preserves backup copies, and allows timely destruction when the retention period ends. That means implementing secure digital storage and controlled permissions along with a written retention policy.

Your storage process should include:

  • Digitizing records where possible
     
  • Using encrypted cloud-based payroll or HR systems
     
  • Limiting access by role
     
  • Protecting paper files in locked storage
     
  • Securely shredding or deleting outdated records

HR platforms, payroll systems, cloud storage, and document management tools can help centralize files and support retention reminders, audit trails, and access controls. 

 

Digital vs paper files

Hesitant to digitize records because you’re concerned about legal validity during an audit of your Western Maryland business? The IRS and most federal agencies accept electronic records as a substitute for paper originals as long as they’re maintained with integrity.

To satisfy regulatory requirements, your digital copies have to be:

  • Legible: High-quality scans where all text, dates, and signatures are clearly visible.
     
  • Identifiable: Organized and labeled so a specific record can be located without searching through unrelated files.
     
  • Retrievable: You must be able to view, print, or provide a copy of the electronic record immediately upon request.

 

Do you need a written retention policy?

Having a written policy shows an outside reviewer or auditor that your record-keeping was a deliberate, compliant business process. It protects you against claims of selective destruction if a document is missing.

You need a formal document that outlines:

  1. What records you keep and for how long
     
  2. Where they are stored, identifying specific cloud folders or locked cabinets
     
  3. Who has access, listing specific roles or departments
     
  4. Disposal methods specifying how you ensure data is unrecoverable after deletion

 

Final thoughts 

This is an area where taking the time for a system cleanup can really pay off. Because when your employee files are organized and retained for the proper length of time, you’re in a much better position to handle payroll questions, leave issues, unemployment claims, and employment disputes without scrambling to reconstruct the facts… after the fact.

I can help you put retention rules around your employee documents and build a process that makes sense for the way your Frederick business actually operates.

calendly.com/jallencpa

 

FAQs

“What is the ‘7-year rule’ for employee record retention?”

While many business owners follow a “keep everything for seven years” rule, it is not a one-size-fits-all requirement. The IRS and FLSA generally require payroll records to be kept for at least 4 to 7 years to satisfy IRS and FLSA audits. But some documents, like I-9 forms, can be tossed sooner, while retirement plan records and OSHA medical files must be kept much longer (sometimes up to 30 years).

“How long does the IRS require employers to keep payroll records?”

The IRS generally requires employers to keep all records of employment taxes for at least 4 years after the date the tax becomes due or is paid, whichever is later. This includes amounts and dates of wage payments, tax deposits, and copies of filed tax returns.

“How far back can a payroll audit go?”

A standard federal payroll audit by the Department of Labor (DOL) typically looks back 2 years, or 3 years if they suspect a willful violation of the Fair Labor Standards Act. However, for tax purposes, the IRS can audit up to 6 years back if they find a substantial error on your returns.

“What are the penalties for not keeping proper payroll records?”

Failure to maintain accurate payroll records can lead to significant back-pay liability, liquidated damages, and civil money penalties from the Department of Labor (DOL). Without records like timecards and wage tables, a court may have to depend on an employee’s memory of hours worked.

How long can employers keep employee records for terminated employees?”

For terminated employees, you must keep Form I-9 for either 3 years after the date of hire or 1 year after the date employment ended, whichever is later. I recommend storing these in a separate folder from general personnel files to ensure they can be audited quickly without exposing other private data.

“What should not be kept in an employee’s personnel file?”

To protect privacy and limit legal liability, you should never keep the following in a general personnel file:

  • Medical records: Keep FMLA, doctors’ notes, and disability accommodations in a separate, confidential medical file.
     
  • I-9 Forms: These should be stored in a separate binder or digital folder for all employees.
     
  • Investigation notes: Sensitive notes regarding internal investigations or legal disputes should be kept in a separate “litigation” or “investigation” file.
     
  • Personal information: Avoid keeping social security card copies (unless required for I-9) or credit reports in the general file.

Related posts:

How Frederick business owners can beat occupational stress

Leadership and Empowerment for Business Owners: A Story

Succession Planning Strategy For Frederick Business Owners

Five Reasons to Take Scenario Planning Seriously in Your Frederick Small Business