HR and Payroll Data Retention & Archiving Compliance

Switching HR or Payroll vendors requires you to have a data retention strategy for the data left in your legacy system. Federal regulations require you to retain this legacy data, but there are many regulations that cover this data. It is common practice to leave old payroll runs, pay stubs, employees from previous years in the old system, but this left behind data is covered by Federal regulations. With the rise of cloud vendors your data will be lost after you terminate the contract. Companies must define a data retention strategy to maintain this data outside of the cloud vendors system to remain compliant.

Retention Periods

The table below outlines the regulations, the data sets those regulations apply to, and the retention periods of each data set. You will want to use the maximum retention period when planning for your data retention strategy. For example, if you have to comply with Workers Comp and ACA. the retention period for those regulations for payroll is 10 years and 6 years. That means you must keep payroll for 10 years in order to be compliant with both regulations.

Data Management

Data management is increasingly a more important topic because of new privacy and security regulation. Compliance with existing regulations is a complicated job, but as governments create more regulations to protect their citizens’ data. HR practitioners find themselves caught in the cross hairs because of the sensitive nature of HR data. Having a strategy to retire older systems not only can help save you $100,000 – $500,000 / year for larger organizations, but it helps you adapt to new regulations. Transitioning from on premise systems also alleviates security risks and maintenance for your IT staff.


The table below covers US Federal regulations, and a few industry specific regulations. For example included are regulations for Financial Services (i.e. BSA regulation) and the Chemical/Pharmaceutical (i.e. FDA regulations). It is not an exhaustive list of all compliance regulations. Your industry may be subject to additional regulations. It is a good idea to research the compliance regulation that apply to your industry.

Regulations by data sets and the defined retention periods

Federal Regulation Definitions

Employment

FLSA
Fair Labor Standards Act covers minimum wage and overtime pay record keeping.
EEOC
Equal Employment Opportunity Commission requires employment data to be categorized by race/ethnicity, gender, and job categories. This includes reporting of headcount, locations by these categories, and performance. Pay and time data may be required if a complaint is filed against the company.
ADA
American Disabilities Act prevents discrimination against individuals with disabilities.
PDA
Pregnancy Discrimination Act protects pregnant women from discrimination who are planning to take or have taken pregnancy leave (also covered under FMLA).
OSHA
Occupational Safety and Health Administration ensures employers and employees maintain safe working conditions and practices. The regulations demand record keeping for medical leave / illness, time worked, handling of hazardous materials, among many other areas.
USERRA
Uniformed Services Employment and Reemployment Rights Act protects civilian job rights and benefits for veterans and members of the Reserve components.
H-1/H-2
The Immigration and Nationality Act allows non-US citizens to be employed in the U.S. via the H1-B and H-2 visa process. Companies must sponsor and track employee information related to this process.

Benefits

FMLA
Family Medical Leave Act covers unpaid, job-protected leave per year. It also requires that their group health benefits be maintained during the leave
ACA
Affordable Care Act ensures employers are offering affordable plans, coverage and maintaining appropriate participation policies. It also details employee headcount minimums, working time, and pay thresholds related to enforcement.
COBRA
Consolidated Omnibus Budget Reconciliation Act allows employees, their spouses and dependents to retain benefits coverage after employment is terminated or working time is reduced below employer’s minimum benefit threshold.
HIPPA
Health Insurance Portability and Accountability Act protects the confidentiality and security of healthcare related information. Employers hold employee benefits information and medical leave information which leaves them subject to record keeping and security requirements.

Taxes

IRS
The Internal Revenue Service requires employers to keep payroll and supporting tax filing data for a minimum of 3 years and a maximum of 7 years from the filing date.

State Regulations

Workers Comp
Workers Compensation is a legal requirement that employers carry insurance providing wage and medical benefits to employees injured on the job. This is a state law required by most state work locations which means retention periods can vary by state.

Industry Specific

BSA
Bank Secrecy Act or Currency and Foreign Transactions Reporting Act is mostly limited to financial service firms and demands record keeping related to money laundering and anti-corruption practices.
FDA
Federal Code of Regulation requires FDA regulated companies to keep extensive records on training and expertise of employees down to the granular level of specific skills, performance, reporting structures, and approvals.

Solution

Fuse Analytics solution provides employers a place to consolidate legacy HR and Payroll systems globally along with documents tied to employee. By centralizing data you can enforce and define retention periods for this data more effectively. This makes audit reports much easier to implement across all of your data, documents and country policies. That gives employers control over the data retention strategy.

Fuse Analytics has extensive experience archiving the full scope of data compliantly from all types of HR and Payroll systems. We can help you skip all of the pitfalls and lessons learned by sharing with you the best practices.