fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How long do employers keep employee records after termination?

How long do employers keep employee records after termination
How long do employers keep employee records after termination? If you ask the Ministry of Manpower, it’s not as long as you think

How long do employers keep employee records after termination?

When an employment relationship ceases for whatever reason, employers still have a responsibility to keep employee personnel files in a secure location. Depending on the country where you are employed, the length of time employee records must be kept differs. For this article, we will focus on the Singaporean context and what it entails. Yes, even employee records still fall within an individual’s personal data. As such, these are duly protected under the PDPA Act 2012 of Singapore.

But before we get there, let’s have a quick definition of terms and understand what specific data is enclosed within “employment records”.

Employment Records

According to the Ministry of Manpower in Singapore, all employers must maintain a detailed employment records of employees covered by the Employment Act. This rule was enacted on 1 April 2016.

Personal data should not be kept for longer than is necessary, and should be removed as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data, and retention is no longer necessary for legal or business purposes.

Singapore data protection guidance and legislation

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?

Both employers and employees must seek to know the answer to this question: How long do employers keep employee records after termination?

Two Categories Under Employment Records

Before we even start asking, “how long do employers keep employee records after termination”, let’s look at what constitutes “employment records”. In Singapore, there are two categories included under employment records:

  • Employee records – must include the address, NRIC number (or work pass number and expiry date for non-citizens), date of birth, gender, date of starting employment, date of leaving employment, working hours (including duration of meals and tea breaks), and dates and other details of public holidays and leave taken.
  • Salary records – must include the full name of the employer, full name of the employee, date of payment (or dates, if the pay slips consolidate multiple payments), basic salary, start and end date of salary period, allowances paid for salary period, any other additional payment for each salary period (such as bonuses, rest day pay, and public holiday pay), deductions made for each salary period, overtime hours worked, overtime pay, start and end date of overtime payment period (if different from salary period), and net salary paid in total

Information related to employee health or medical benefits and related documents are not included in this context of employee records. The format of these records may include soft or hard copy, including handwritten records.

how long do employers keep employee records after termination
Both employers and employees must seek to know the answer to this question: How long do employers keep employee records after termination?

Why it’s important to ask the question: How long do employers keep employee records after termination?

For one, because employee records are considered personal data and are thus covered under the PDPA, terminated employees have the right to know the retention status of these records. Organizations that keep employee records far longer than what has been mandated by law may land in hot water.

For another, in the event of claims or issues to be raised, these records will serve to protect both the employer and the employee. Again, the crux of the conversation is: destroying the records too soon will be detrimental to the employer, but hanging on to the records longer than necessary may mean possible legal liability in the future.

How a DPO can help

Appointing a Data Protection Officer (DPO) is necessary for Organizations to have as it is the officer responsible for overseeing data protection responsibilities and ensuring that these are complied with based on the Personal Data Protection Act (PDPA). A DPO will ensure that no employee records will not be kept more than what is legally required.

For instance, at Privacy Ninja, we randomly conduct simulated email phishing to clients to see if there are any vulnerabilities present that a bad actor can exploit and patch them up to ensure that the client’s data will never leak. 

A DPO is also the person responsible for developing and enforcing the Organization’s data protection policy and may seek assistance or guidance from other DPOs through DPO networks or organizations. With this, the organization can rest assured that the employee records will be dealt with according to law to avoid financial penalty.

A DPO can also ensure that the storage of personal data of these employees are stored well and no instance of it getting used accidentally. This is because there are instances that the former employee’s data will be used as templates for the job applicants to use, and this could potentially lead to a data breach.

Also Read: The 12 Important Details For Employment Contract Template

Finally, let’s address the question

So, how long do employers keep employee records after termination? If you ask the Ministry of Manpower, the terminated employee’s records for the last two (2) years must only be kept for one (1) year after the employee leaves his or her employment.

Hence, if you are the terminated employee, you only have that much window to raise any possible issues or claims you have against your former employer. As for the employer, keeping employee records for a reasonable period of time post-termination can help them contradict any claims made by a former employee. It’s a win-win situation for both.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us