Beginning January 1, 2017, employees in Colorado will now have a right to inspect and copy their personnel files.  Prior to this law, Colorado had no law granting private-sector employees access to their personnel records.

Under the new law, upon a current employee’s request, an employer must allow that employee to inspect and obtain a copy of any part of the employee’s personnel file at least once annually. A former employee, however, may make only one inspection of his or her personnel file after termination of employment.  The new law also permits an employer to restrict an employee’s review of his or her personnel file to be only in the presence of an individual designated by the employer and the employer may require the employee or former employee to pay the reasonable cost of duplication of documents.

The new law does not require employers to create, maintain, or retain a personnel file on an employee or former employee nor does it require an employer to retain for a specific period of time documents that are or were contained in an employee’s personnel file.  Importantly, the law also does not create a private right of action for employees alleging violations of the law.

For additional details regarding this new law, please see the related article authored by our colleagues in Denver.

Tags: access, Colorado, copy, employer, Information Management, personnel file, privacy, Workplace Privacy
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI
August 24, 2022
Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law
February 15, 2022
The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
January 12, 2022