PIPA

Questions & Answers

Does PIPA make it mandatory that employee personnel files be locked up?

Section 34 of the Act states "an organization must protect information that is in its custody or under its control by making reasonable security arrangements such as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction."

One of the key words in the above is "reasonable"; if that entails your employee files be "locked up", then that should probably be the practice. Whether or not this Act came into force, it is good practice for businesses to keep employee files "secure"; this type of information is usually in a locked file cabinet or room, and accessible only by individuals who have a need for the information (for example, access is only available to certain HR personnel, not available to all employees for any purpose).