Sample personnel file access policy

Personnel files
Thinkstock

This policy clarifies the use and access of an employee personnel file at a large private university with approximately 10,000 students and 4,000 employees (a combination of faculty and staff).

You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).

Personnel Records

The Human Resources Department is responsible for maintaining records of each employee's work history at (company) and for maintaining some biographic information, including educational background, home and office address, and emergency notification information.

Updating Personnel Records

It is the responsibility of supervisors or administrators in departments to notify their Human Resources Officer of changes in job duties, work schedule, or other position-related information. Employees are responsible for notifying Human Resources Information Services of changes in name, social security number, local (home) adress, electronic address, and telephone number by completing a personal change notice form This information will be forwarded by Human Resources to the following offices, as appropriate: Payroll, Telecommunications, Network Services and the Medical Department.

Release of Information

Only the following information concerning active or terminated employees is released by the Human Resources department upon receipt of a telephone or written request:

  • dates of employment at (company)
  • job classification or title
  • department in which the individual is or was employed
  • (Company) telephone extension on active employees, if requested.
  • e-mail address

Written requests for additional information related to credit evaluation, employment references, mortgage applications, etc. will be provided only if a release form is signed and returned to the Human Resources Office by the employee.

Requests for employment information by the Department of Employment and Training in (state) and other states in connection with an unemployment compensation application will be provided, as required by law, without the use of a release form, since this inquiry is initiated by the terminated employee who has filed a claim.

Employees will be notified, whenever possible, when (company) is required to provide personnel information by a subpoena, warrant, or other court order.

Access to Personnel Files by Supervisors and Administrative Officers

Supervisors and Administrative Officers do not have access to personnel files maintained by Human Resources. However, information on work record or employment history will be provided to supervisors or administrative officers by the Human Resources Officer assisting the department on a need-to-know basis. Human Resources Officers may provide applications or material placed in the file by the supervisor.

Access to Personnel Files by Employees

Upon written request, an employee may make an appointment with the Human Resources Officer to view his or her personnel file. An employee may not request that material be removed from the personnel file unless mutually agreed to by the parties concerned. If the employee feels that a situation has been unfairly represented, he or she may submit a clarifying memorandum to the Human Resources Officer and request that it become a permanent part of the file.

A written request also is required from former employees when requesting access to their personnel files.

Get more sample security policies from CSO.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)