What HR Needs to Keep Confidential

What HR Needs to Keep Confidential

What HR Needs to Keep Confidential

HR is not only entrusted with maintaining sensitive information about employee and management issues, but also must protect this information under laws governing confidentiality.

To protect employees’ privacy and avoid unnecessary litigation or fines, it is critical for HR to identify which processes or documents are supposed to be kept confidential, safeguard this information, keep it in secure locations, and discard it in proper ways. This also includes restricting access to sensitive data online and in various applications, databases, and servers; and creating privacy policies in collaboration with their IT department.

Not keeping certain information confidential can result in lawsuits, identify theft, data breach, or defamation lawsuits. It can also undermine an HR department’s credibility and integrity. Here are four (4) types of information that HR needs to keep confidential.

1. Employee Information

Employee files, which include sensitive employee information, must be kept confidential by HR. This information is typically related to…

  • Personal (social security number, address, date of birth, marital status)
  • Hiring (job application, resume, interview notes, employment history, employment assessments, background checks, reference checks, I-9 forms)
  • New-hire paperwork (offer letters, employment contracts, handbook and policy acknowledgements)
  • Performance (performance reviews, performance documentation, documented recognition, warnings and disciplinary notices, job descriptions, documented job changes/promotions)
  • Compensation and benefits (salary or hourly pay rates, merit increases and bonuses, other forms of pay, pay changes, benefits information)
  • Payroll (time cards/sheets, work schedules, pay stubs, direct deposit forms, authorization for deducting or withholding pay, tax forms, status change forms)
  • Termination (termination or layoff records, resignation letter, unemployment insurance claims)
  • Attendance (dates and reasons for absence, time off, and leaves)

Also, employers need to keep separate files for personnel information, payroll records, I-9 forms, and EEO identification documentation.

2. Health & Medical Information

Any health and medical information about employees must also be kept confidential under the following laws (in addition to any applicable state laws):

These laws all impose very strict rules for handling health-related information obtained through medical examinations and inquiries. Medical and benefit records should be kept separate from personnel files and may be revealed with employees’ written permission only to certain individuals on a legitimate “need-to-know” basis as defined by specific statutes. 

For example, the following information should be kept confidential:

  • Insurance and benefit enrollment forms and claims information
  • Medical exam information
  • Workers’ compensation records
  • FMLA leave certifications and medical documentation; leave information (e.g. dates)
  • Records regarding reasonable accommodations under ADA
  • Doctor’s notes
  • Drug test results/physical results

3. Investigation Records

HR departments are often tasked with investigations of certain workplace issues and needs to maintain confidentiality of records pertaining to workplace investigations.

Investigations may apply to the following:

  • Complaints of harassment, discrimination, retaliation, and threats
  • Violations of rules or policies; conduct or disciplinary problems
  • Performance issues
  • Workplace injuries and illnesses
  • Safety and security issues

Witness statements and testimonies; records of interviews; meeting notes, written summaries of incidents with date, time, location, and individuals involved; written statements of complaints, and relevant letters, memos, and paperwork are all information related to investigations that should be kept confidential.

When conducting investigations, HR should balance preserving confidentiality and conducting a fair and complete investigation. In these situations, employees may request confidentiality, but HR should not necessarily promise or guarantee complete confidentiality because they may need to involve other individuals. Rather, they should reassure the employee that their issue will be taken seriously and dealt with in a fair and appropriate manner.

4. Management Strategy Information

Finally, HR is sometimes actively involved in the management process and has access to discussions with senior management and information about business strategies and processes, layoffs or plant closings, proprietary workforce data, and major expansions or restructuring that affect the workforce. All of this information is typically considered confidential.

HR professionals should understand the importance of maintaining the confidentiality of the information mentioned above. To reinforce confidentiality at workplace, periodic confidentiality training and solid information management systems will help to ensure a human resource department’s credibility and operational integrity.

Get more articles like this one delivered to your inbox.

Join the thousands who receive ERC’s weekly newsletter to stay current on topics including HR news, training your employees, building a great workplace, and more.

Subscribe Now


  • Allison Kenney

    Allison is ERC’s Manager, HR Advisory Services. In her role, she oversees the HR Consultant team that provides services to ERC’s HR Help Desk. She ensures members are provided with the most current information and professional guidance on a variety of HR and general business-related topics. Allison also delivers consultation on HR projects to ERC members and clients.