Keeping and protecting employee records: The Ontario Employment Standards Act

This article is designed to assist employers in understanding some of their obligations and rights under the Ontario Employment Standards Act (ESA) and its regulations. It does not take the place of the ESA and its regulations and it should not be considered as legal advice on a particular situation.


The Ontario Employment Standards Act (ESA) outlines the employee information that organizations, including startups, must securely store as part of their employee record keeping. This information includes:

  • Employee’s name and address
  • Employee’s date of birth if the employee is a student and under 18 years of age
  • Date of hire
  • Hours worked—if the employee is salaried, then the company is only required to keep records of the hours worked in excess of the regular work week (or not at all if overtime provisions do not apply)
  • Pay periods
  • Gross and net salary or wages paid, including the manner in which they were calculated
  • Deductions (amount and purpose)
  • Vacation pay or paid vacation taken
  • Leaves of absence (all documentation and certificates)
  • Termination date
  • Termination or severance pay

At some point, it may be necessary to justify an employment-related decision (e.g., an involuntary termination). A well-documented employee record may help to support that decision.

An organization can choose to either store these employee records in a secure facility or have another organization keep them on their behalf (e.g., an accountant or payroll company). Regardless, these records must always be readily available.

The Ontario Employment Standards Act (ESA) provides the following employee record-keeping rules:

  • Records of each employee’s name, address and employment start date must be kept for three years after the employee ceases to be employed by the organization
  • The date of birth of any students under 18 must be recorded and kept until they turn 21 or for three years after he/she ceases to be employed by the organization, whichever happens first
  • All documents relating to an employee’s leave (including pregnancy, family medical, personal emergency, declared emergency, reservist or organ donor leave) must be kept for three years after the day the leave expired
  • If you employ homeworkers, you must keep a register showing each homeworker’s name, address and wage rate. This information can be deleted from the register three years after the homeworker ceases to be employed by you

Privacy and employee record keeping

Ontario does not yet have private-sector privacy legislation. However, it is likely that the province will come to do so. In the meantime, organizations from Ontario are guided by the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA requires individuals’ knowledge and consent in respect of every collection, use and disclosure of personal information covered by PIPEDA, unless an exception applies. An organization must identify and document the purposes for which it seeks to collect personal information at or before the time of collection.

Company access to personnel files should be limited to authorized staff who require it to carry out their duties. In addition, because personnel files may include a variety of personal information, authorized staff should have access only to specific categories of personal information contained in the employee file. Inexpensive human resources information systems are available that can ensure this level of security.

Guidelines to protect employee privacy while meeting ESA requirements

  • Take precautions in storing employee information
  • Only allow access to employee records to those who require the information to carry out their job
  • Do not disclose an employee’s information to anyone (other than government agencies and benefits providers) without first securing the employee’s permission

To ensure that access is only given to authorized staff, a filing system can be created that distinguishes categories that are stored in the employee record. These categories may include:

  • Corporate information (e.g., resume, offer of employment, salary information, emergency contact person)
  • Group benefits information (if not stored with the service provider)
  • Health information—personal information required only by in-house health and medical staff
  • Labour relations and performance improvement information
  • Reference checks

Know the law: Ontario Employment Standards Act (ESA)

See the Ontario Employment Standards Act (ESA) for more details on the above, and for all the rights and responsibilities of employers and employees in Ontario workplaces. Information there is frequently updated.

For other provinces and territories- https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/provincial-and-territorial-privacy-laws-and-oversight/#009