We've heard of good HR documentation being referred to as 'the first line of defence' for an employer and would agree wholeheartedly! Whilst we're all for reducing the amount of paperwork, it makes life much simpler (and more cost effective, usually) if personnel files and key HR documents are kept up to date, relevant and accessible.

The provision of good documentation to new employees not only gives them a professional impression of your business} but also enables them to understand what the terms of their employment are, what to expect from you and what you expect of them, and what rules and processes they need to follow.

Moving on, there are several situations when you might be asked to present documents from your personnel files:

• in an employment tribunal as part of your defence
• when you receive a data access request
• if an employee/ex-employee is claiming personal injury for an accident or illness caused at work.

The legislative framework for keeping records mainly falls under the Data Protection Act but a number of other statutory requirements do apply, for example:

• all employers are required to check that new recruits are eligible to work in the UK and to keep a copy of the appropriate document. Failing to check and copy the appropriate papers carry significant penalties that can include imprisonment for up to two years and/or an unlimited fine.
• the Working Time Regulations require you to keep records which are adequate to show that the limits on weekly maximum working time, night work, hazardous night work and the requirements for workers to have health and safety assessments are complied with
• the Road Transport (Working Time) Regulations also require such records to be kept for at least two years
• the National Minimum Wage Regulations require you to be able to demonstrate that you have paid at least the appropriate minimum rates
• SSP records should be kept for three years after the end of the tax year to which they relate
• your accident book should be kept for at least three years from the date of the last entry for claims under RIDDOR

Ensure that all files are kept in a lockable drawer or cabinet and that this is securely locked when you are absent from the office.

Decide which managers are authorised to have access to which files and ensure that confidentiality is maintained.

The retention of personal data is mainly governed by the requirements of the Data Protection Act (DPA) and the four associated Codes of Practice, and applies to both manual and computerised files. Data must be processed in a fair way and comply with the eight data protection principles.

Set up a personal file for each of your employees. Use the personnel file checklist to order the file and ensure that its contents are in line with the principles laid out in the Data Protection Act .

Using dividers in personnel files can make it easier to access information. You may wish to divide the file into sections, for example (starting at the back and working forwards):

• pre-recruitment information (application form; cv; offer letter and acceptance; references; proof of right to work in the UK; CRB checks, if necessary; copy of evidence of qualifications; copy of driving licence if relevant; etc)
• signed statement/contract of employment; details of any benefits; letters changing any contractual terms etc; repayment agreements (training, relocation etc); receipts of documents - drivers' handbook, employee handbook - if you require this; receipt of equipment and/or protective clothing, uniform etc; confidential disclosure agreement (if appropriate); any sales and commission schemes that apply to the individual
• attendance/absence records and any medical certificates; records relating to medical or disability issues; documents relating to any accidents
• general (eg mortgage application references)
• career/training history (including induction plan and checklist; induction reviews; probationary period - extension of (if necessary) and then confirmation in post; performance reviews; training records; pay increases, promotions, disciplinary records).

A summary sheet at the front of the file, listing job titles with dates and pay summary and also a summary training record can be very useful. You may also wish to attach the next-of-kin and emergency details either to the inside front or back cover of the file so that you can always access these very quickly in the event of an emergency.

Finally, note that health and medical records are classed as 'sensitive personal data' and should be kept in line with the DPA. Accident records should be kept for at least three years from the date an entry was made in the accident book - and note that accident books were changed a few years ago so that the personal details are not available for all to see.

Decide how you are going to keep your personnel records, eg:

• paper/hard copy files only
• employee details held on a database
• a computerised HR/personnel administration system.

Note that computerised systems do not get rid of the need for your hard copy files altogether! You will still need to keep hard copies of original information such as application forms, references, documents requiring a signature such as contracts of employment, correspondence received about the employee etc.

One consideration, particularly if you are multi-site, is where to keep your personnel files. If they are kept at head office or some other central location, then managers are often tempted to retain their 'own' versions - this is not only a potential breach of the DPA but it does carry the risk that you will have duplicate copies of some documents with the up to date one in one place and an outdated one in another, and also that managers will omit to send some of the information through. So whatever you choose to do in terms of the location of files, establish some clear rules so that everyone is working to accurate and comprehensive information.

An individual is entitled, on request:

• to be informed by any data controller whether personal data which is being processed includes personal data on him/her
• If so, to be given a description of:
  • the personal data of which the individual is the data subject
  • the purposes for which it is being or is to be processed
  • the recipient or classes of recipients to whom it is or may be disclosed.
• to have communicated to him/her in an intelligible form (which will normally involve supplying a paper copy):
  • the information constituting any personal data relating to the individual
  • any information available to the data controller as to the source of the data.
• where the processing of personal data is by automatic means and has constituted or is likely to constitute the sole basis for any decision significantly affecting the data subject (such as his/her performance at work), to be informed by the data controller of the logic involved in that decision making.

Follow the guidance on the Data Protection Act if an employee requests access to his/her file. Decide which managers are authorised to have access to which files and ensure that confidentiality is maintained.

Rules are obviously important, but can only help you if everyone knows about them - so these want to be filed in places where they are easily accessible to all!

Ensure that your main rules are written down and are well-communicated - primarily to ensure that they are followed, but also so that if they're broken, you have something to refer to. Keep your policies and procedures up to date and in line with current legislation - which changes regularly! An annual review is a good idea to ensure that they're kept up to date - not only with legislative changes, but also changes in your structure (job titles etc) and methods of working. Ensure that policies and procedures are dated so that everyone can check that they are referring to the current version.

Remember to notify your employees when something has been updated and what the particular change is - an emailed summary, or a notice which points out the changes and advises them of the reasons for these, not only helps to ensure that they observe any changes in requirements but also will help to remind them of what policies exist and already apply to them!

If you can involve them in the updating of the procedures so much the better - your time spent consulting will pay off in terms of interest, accuracy (they know what goes on in reality), acceptance and compliance.

Timely reminders of some of the policies are also a good idea - eg a reminder of your gifts and hospitality policy just before Christmas, of your holiday booking procedures at the beginning of the holiday year and before any peak periods.

If you keep your policies and procedure on your intranet (increasingly common these days), a shared drive or some other electronic version, do check that all of your employees have access and know HOW to access them.

Handwritten notes - taken during recruitment interviews, informal meetings with employees, during telephone calls etc - are still important and should be kept on file in case you need to refer to them later, unless they're typed up, in which case the handwritten notes can be disposed of.

Informal meeting notes can be used as part of an investigation if, for example, a disciplinary hearing is necessary later on. Notes made during the recruitment process, which normally help to form part of the decision-making process should be kept for a period of six to twelve months after the selected candidate has been appointed. Your records may be called upon as evidence that your process was fair and non-discriminatory so be careful about what you write down! Note that your appointed candidate may well ask to see his/her personnel file at any stage, and an unsuccessful candidate may challenge your decision not to appoint him/her and ask to see his/her notes, so keep any notes factual, objective and evidence-based.

Application forms, CVs and any other documentation relating to unsuccessful candidates should also be retained for at least six to twelve months in case you need to refer to them.

Notes made during grievance or disciplinary hearings should be legible and, if necessary, typed up. These also should be kept on file, with any evidence, and any letters confirming the outcome of the process. Make sure that your notes are detailed and are a good reflection of what was said. If your minutes are clear and thorough, they are less likely to be questioned by an external party than if something appears to be missing. Give employees a copy of minutes taken at disciplinary or grievance hearings for their own records - employees only take in about 20% of what was actually said in difficult circumstances.

Update the file as required - when a piece of correspondence is sent or received, when the rate of pay changes, when an appraisal has been completed etc.

Ensure that your managers don't start to keep their own files in addition to your personal files! These would be in breach of the DPA and could lead to problems of security and lack of confidentiality.

Ensure that all employees who work with personnel files are aware of your policy on confidential information:

• that they know what should be retained
• are aware of their obligations under the Data Protection Act , ie retaining only information that is necessary for the purpose and keeping it up to date
• that they dispose of unwanted data properly and securely.

See our guide to document retention and draw up guidelines for your employees so that they and you know how long you will keep each type of document. Set up a system for regular review and pruning of the files. Invest in a robust shredder if you don't already have one!

Once you have your files up to date, it's important to keep them that way! Staff move house, change telephone numbers and marital status etc. We've plenty of anecdotes about delivering sick members of staff to an ex-spouse or partner, and there are numerous examples in case law of employers sending letters to a previous home address. So it's a good idea to have an annual update and clear out during one of your quieter periods, and to ask your employees to check and, if necessary update, any contact details, emergency or next of kin details you have on file at the same time as these are the sorts of details that may change without your knowing.

Also do look at your contracts from time to time and reissue new copies if necessary - note that failure to have an up to date statement of terms and conditions may result in an additional claim to an employment tribunal and a further award of up to 4 weeks' pay from an aggrieved employee who is bringing another claim.

Whilst it seems time consuming to keep all of these records, and keep them up to date, it really is essential to do so, not only to provide a defence in the event of a claim against you, or an investigation into a potential claim, but also to avoid additional risk.

When an employee leaves, archive the file and retain it for seven years as claims may be brought against you until this period has expired. You may wish to "prune" the file by removing inessential documents such as holiday request forms etc, but we recommend you keep, as a minimum:

• copies of the statement or contract
• any letters confirming changes to the terms and conditions
• any disciplinary records or appraisal documents for the last two years
• any accident records or correspondence
• sickness records and checks, including medical assessments
• records of parental leave taken
• employment references given
.

Good documentation is vitally important in terms of avoiding confusion, misinterpretation, misunderstanding and a whole range of employee grievances. NMW or HMRC investigations and employment tribunal processes can be complex, lengthy and above all, costly! What's more, by the time you get to the tribunal (which can easily be as much as a year after the event in question), memories have faded. Ensure that your records are thorough, up to date and accurate to save management time and ensure consistency throughout the process. You also help yourself and the credibility of your case by demonstrating a professional approach to HR issues.