An effective HR data retention schedule maps every record type to a jurisdiction-specific retention period, a designated archive location, and a documented disposal method. A regional healthcare team built this framework in seven structured steps, closed a pending federal audit gap, and eliminated six hours of weekly manual archive work.

Sarah’s team had what most HR departments have: records everywhere, no clear rules about when to delete anything, and a general assumption that keeping everything was safer than deleting anything. That assumption is wrong — and a pending federal wage-and-hour review made the cost of being wrong very concrete, very fast.

This case study documents how the team rebuilt their HR data retention and archiving framework across seven steps, what they found along the way, and what the outcomes looked like twelve months later. It connects to a broader broken HR operations framework that treats retention as one operational layer in a larger compliance architecture.

Context: What “No Schedule” Actually Looks Like

Sarah’s team was not negligent. They were typical. When we mapped their records environment at the start of the engagement, here is what we found:

• Employee files going back to 2011 stored in a shared drive with no folder-level access controls
• Application materials — including pre-employment screening results — for filled positions dating back four years, with no legal basis for retention beyond twelve months in their primary state
• Payroll records and W-2 documentation kept in three separate systems with inconsistent file naming, making audit retrieval a multi-hour manual exercise
• Physical I-9 forms stored in an unlocked filing cabinet in an HR office accessible to non-HR staff
• No documented disposal procedure for any record type

The pending federal audit focused on wage-and-hour records under FLSA — a three-year retention requirement for payroll records and a two-year requirement for time-and-pay records. The team had the records. They could not produce them efficiently, and they could not demonstrate that nothing had been improperly altered or deleted. That combination — records present but governance absent — is exactly the kind of gap that turns a routine audit into a prolonged investigation.

SHRM guidance is explicit: retention schedules must specify both the retention period and the disposal method for each record category. Sarah’s team had neither for most of their data types. For the I-9 piece specifically, see how to audit inherited I-9 records without creating new violations.

Step 1: Run the Legal and Regulatory Audit

Before touching a single file, the team needed to know what the law actually required. This step is not optional and not something HR should tackle alone.

Sarah engaged outside employment counsel to produce a jurisdiction-specific retention matrix covering all three states where the organization employed people. The matrix documented:

• Federal baseline requirements (FLSA, ADEA, HIPAA, ERISA, Title VII, ADA) with specific retention periods per record type
• State-specific overlays where state law exceeded federal minimums
• HIPAA-specific requirements for protected health information contained in HR files — separation physicals, FMLA medical certifications, workers’ compensation records
• Statute of limitations exposures that extend retention obligations beyond the regulatory minimums

The output was a 47-row matrix: record type, governing authority, minimum retention period, state overlay, and a recommended retention period that added a 12-month buffer above the longest applicable minimum.

Step 2: Build the Record Inventory

The legal matrix told the team what they needed to keep. The record inventory told them what they actually had — and where it was.

This step required a cross-functional effort. HR, IT, and Payroll each mapped their record holdings across three categories: digital files by system, shared drives and local folders, and physical records. The inventory captured:

• Record type and format (digital vs. physical)
• Current storage location and who has access
• Oldest record present and estimated total volume
• Whether disposal had ever occurred and, if so, how

What the inventory revealed: the organization held an estimated 3.2 years of records beyond their longest applicable retention obligation for most non-payroll categories. Excess records are not just unnecessary storage — they are expanded breach surface area and expanded litigation discovery exposure.

Step 3: Assign Retention Periods and Build the Schedule

With the legal matrix and the record inventory complete, the team had the inputs to build the actual retention schedule. The schedule is a single governing document — not a spreadsheet buried in a shared folder, but a policy-level document with named owners and a defined review cycle.

The schedule structure for each record type:

• Record category — specific enough to be actionable (not “HR files” but “pre-employment background check results, hired candidates” vs. “pre-employment background check results, rejected candidates”)
• Retention period — from what trigger date (hire date, termination date, document creation date)
• Governing authority — the specific regulation or statute driving the period
• Archive location — exactly where the record lives during the retention period
• Disposal method — secure shred for physical, certified deletion for digital
• Responsible owner — who executes the disposal and confirms it

The final schedule covered 43 record categories. The most contentious item was pre-employment screening data for rejected candidates: state law in two of the three states required disposal within 12 months of the hiring decision, and the team had four-year-old files they had no legal basis to keep.

Step 4: Lock Down Archive Locations and Access Controls

A retention schedule without access controls is incomplete. Records kept too long are a risk. Records accessible to the wrong people during their legitimate retention period are a separate and equal risk.

The team restructured their digital archive into a tiered folder system with role-based access enforced at the group level:

• Active employee files — HR staff only; manager access limited to performance documentation
• Terminated employee files — HR Director and designated HR Coordinator only
• Benefits and FMLA records — separated from general personnel files per ADA requirements; HR Director access only
• Payroll records — consolidated into a single system; Payroll and HR Director access
• I-9 records — physically relocated to a locked, HR-only filing room; digital copies in a restricted folder

Physical records received the same attention. The unlocked filing cabinet was resolved with a dedicated, keyed HR records room accessible only to HR leadership.

Step 5: Document the Disposal Procedure

Most organizations that have retention schedules still lack documented disposal procedures. The schedule tells you when to dispose — the procedure tells you how, and creates the audit trail that proves you did it correctly.

Sarah’s team built a disposal procedure with four components:

1. Disposal trigger notification — a calendar-based alert or automated trigger flags records approaching their disposition date 90 days in advance
2. Pre-disposal review — the responsible owner confirms no litigation hold applies, no active investigation is open, and no regulatory inquiry is pending before disposal proceeds
3. Disposal execution — physical records go to a certified shredding vendor with a certificate of destruction; digital records undergo certified deletion with a deletion log entry
4. Disposal confirmation record — a log entry capturing record type, date range disposed, volume, disposal method, executing employee, and confirming manager

The confirmation record is the piece most organizations skip. In a federal audit, the question is not just “did you follow your retention schedule?” but “can you prove you followed it?” The disposal log is the proof.

Step 6: Automate Archive and Disposal Triggers

Manual calendar reminders for 43 record categories across a multi-state organization fail. The team’s HRIS did not support native retention automation, so they used Make.com to build trigger-based workflows connected to their HRIS data. For context on what Make.com enables for HR operations, see 6 ways the Make MCP changes automation for HR teams.

The automation layer handled three functions:

• Retention clock initialization — when a termination record is created in the HRIS, Make.com triggers a workflow that calculates the disposition date for each applicable record category and creates calendar entries and task assignments for the responsible owners
• 90-day advance notice — automated Slack and email notifications to record owners 90 days before each disposition date, with a checklist confirming the pre-disposal review requirements
• Disposal log entries — upon disposal confirmation by the record owner, a Make.com workflow writes the disposal record to the master log automatically, capturing all required fields without manual data entry

The result: 6 hours per week of manual archive tracking eliminated. The team’s non-technical HR staff built and now maintains these workflows without developer involvement.

Step 7: Test Against an Audit Scenario

The final step before declaring the framework complete was a tabletop audit simulation. The team simulated the exact request they were facing from the federal agency: produce all payroll and time-and-pay records for the prior three years for a specific employee cohort, with a 72-hour response window.

The pre-framework baseline: retrieval required pulling from three systems, reconciling inconsistent file names, and roughly four hours of manual work per cohort of 20 employees. The post-framework result: consolidated records in a single system with standardized naming, retrievable in under 30 minutes for the same cohort.

The team also tested the disposal log for a sample of record types, confirming that every disposal action from the prior 90 days had a corresponding log entry with all required fields completed. Both tests passed. The actual federal audit, conducted six weeks later, found no material deficiencies in records management.

Outcomes: Twelve Months Later

Twelve months after the framework was completed:

• Federal wage-and-hour audit closed with no material findings
• Six hours per week of manual archive tracking eliminated
• Three-plus years of non-obligatory records purged, materially reducing breach surface area
• 43 record categories fully documented with retention periods, archive locations, disposal methods, and responsible owners
• Zero disposal procedure violations in the first twelve months of operation

The framework did not require new software. It required structured thinking, outside legal input, cross-functional coordination, and automation of the triggers that humans reliably forget. If your team carries records you have no legal basis to keep, the exposure cost exceeds the cost of building this framework. See 11 warning signs your inherited HR operation is bleeding money for adjacent risk indicators to assess alongside retention.

Frequently Asked Questions

How long do employers have to keep payroll records?

FLSA requires payroll records to be kept for at least three years and time-and-pay records for at least two years. State laws in some jurisdictions extend these minimums. Organizations with multi-state employees need a jurisdiction-specific matrix rather than a single federal baseline.

What is an HR data retention schedule?

An HR data retention schedule is a policy document that specifies the retention period, archive location, and disposal method for every record type the HR function manages. It covers personnel files, payroll records, benefits documentation, I-9 forms, and any other records with a regulatory obligation.

What happens if HR records are not disposed of properly?

Holding records beyond their required retention period expands litigation discovery exposure, increases breach surface area, and creates compliance risk when disposal occurs without documentation. Improper disposal — particularly of records subject to HIPAA or state privacy laws — carries its own set of penalties.

How do you automate HR record disposal triggers?

Make.com connects to HRIS data to calculate disposition dates automatically when employee status changes, sends advance notifications to record owners, and logs confirmed disposals to a master audit trail. This removes the dependency on manual calendar tracking and creates the documentation an auditor requires.