How Long To Keep Ex-Employee Records In New Zealand

When an employee leaves your business, it can feel like you’ve ticked the final box once their last pay is processed and their keys are handed back.

But there’s one “after they’ve left” job that often gets missed: working out what ex-employee records you still need to keep, how long you should keep them for, and how to store (and dispose of) them properly.

This matters for two big reasons. First, employment problems don’t always show up immediately (think: holiday pay queries, personal grievances, reference disputes, or wage claims). Second, keeping personal information longer than necessary (or storing it insecurely) can put you on the wrong side of the Privacy Act 2020.

In this guide, we’ll walk you through ex-employee records retention in a practical, small-business-friendly way, including what laws apply, recommended timeframes, and a simple retention plan you can actually implement.

What Laws Apply To Ex-Employee Records Retention In New Zealand?

In NZ, there isn’t one single “employee records law” that spells out exact retention periods for everything. Instead, your retention obligations come from a mix of:

• Privacy Act 2020 (how you collect, store, use, disclose, and delete personal information)
• Employment Relations Act 2000 (employment relationships, disputes, and record-keeping expectations)
• Holidays Act 2003 (leave and holiday pay obligations, which often lead to back-pay reviews)
• Wages Protection Act 1983 (lawful deductions and wage payments)
• Health and Safety at Work Act 2015 (incident/injury records and safety reporting)
• Tax Administration Act 1994 and IRD requirements (payroll and tax records, including PAYE)
• Human Rights Act 1993 (discrimination issues may influence what evidence is relevant in a dispute)

The key idea is that you should keep records for as long as you genuinely need them to:

• meet legal and tax obligations
• administer and defend employment decisions
• respond to legitimate requests (for example, a privacy access request)

At the same time, under the Privacy Act, you should not keep personal information for longer than required for a lawful purpose.

What Does The Privacy Act 2020 Say About Keeping Former Employee Records?

The Privacy Act 2020 doesn’t give a neat “keep records for X years” rule. Instead, it sets principles you need to apply when deciding how long to keep ex-employee information.

The “Don’t Keep It Forever” Rule (Storage Limitation)

One of the most practical privacy principles for ex-employee records retention is that you should not keep personal information for longer than is required for the purposes it may lawfully be used.

That means you should be able to answer:

• Why are we keeping this record?
• What could it reasonably be needed for in the future?
• When does it stop being necessary?

If you can’t identify a real ongoing purpose, it’s usually time to securely delete or destroy it.

Security Still Applies After They Leave

Former employees’ personal information is still personal information. You still need to take reasonable steps to protect it against:

• loss
• unauthorised access
• misuse
• disclosure

In practice, this means you should control access (only the people who genuinely need it), store it safely, and have a plan for dealing with privacy incidents. Many businesses formalise this through a Data Breach Response Plan so you’re not scrambling if something goes wrong.

Ex-Employees Can Still Request Access

Even after employment ends, an individual can still request access to personal information you hold about them (with some limited exceptions). So it’s helpful to keep records organised and searchable, rather than scattered across inboxes, filing cabinets, and payroll systems.

If you employ staff and handle personal info as part of your operations, it’s also worth having a clear Privacy Policy in place so your internal approach is consistent (and you’re not reinventing the wheel each time someone asks what you do with their information).

Which Ex-Employee Records Should You Keep (And Why)?

Before we talk about timeframes, it helps to break ex-employee records into categories. Different records exist for different purposes, and that affects how long you should keep them.

1) Payroll And Leave Records

These are usually the most important records to retain, because they’re commonly requested years later in relation to:

• holiday pay calculations and audits
• PAYE and tax queries
• KiwiSaver contributions
• final pay disputes

Typical documents include:

• pay slips, pay runs, and payroll reports
• timesheets and attendance records
• leave balances, leave approvals, and leave taken
• holiday pay calculations and rate calculations

2) Employment Agreements And Variations

Keeping a signed employment agreement (and any changes) is crucial for resolving disputes about entitlements and obligations after someone leaves. This includes:

• the signed agreement and any variations
• role descriptions
• commission/bonus plans (if relevant)
• policy acknowledgements (if they are contractual or relied on)

If your contracts aren’t clear, disputes can quickly become messy. Having a properly drafted Employment Contract (and keeping a clean copy on file) is one of the simplest ways to protect your business from day one.

3) Performance And Disciplinary Records

These records can become important if an ex-employee:

• raises a personal grievance
• disputes the reasons for termination
• complains about the content of a reference

Examples include:

• performance reviews
• warning letters
• investigation notes
• meeting notes and outcomes

These documents are sensitive and should be tightly access-controlled (you generally don’t want old disciplinary files floating around a shared drive “just because”).

4) Termination And Exit Records

This category includes:

• resignation letters
• termination letters
• redundancy consultation documents
• settlement agreements (if any)
• exit interview notes

If you’ve been through a redundancy process, it’s a good idea to keep clear evidence of consultation and decision-making, because those are common pressure points in disputes. This is also where tailored Redundancy Advice can make a big difference before you finalise decisions and paperwork.

5) Health, Medical, And Incident Records (Handle With Extra Care)

Health information (including medical certificates, return-to-work plans, and injury/incident details) is generally considered more sensitive.

As an employer, you should think carefully about:

• whether you truly need to keep it
• who has access
• how securely it’s stored
• whether you can retain “minimum necessary” information (for example, a record that leave was taken without retaining detailed diagnosis information)

Where a workplace injury occurred, you may also need records for health and safety and insurance purposes. Some health and safety records (including notifiable event records) can have specific minimum retention periods (for example, at least 5 years in some cases). If you’re unsure what can be kept, what should be separated, and how to manage privacy risks in staff files, an Employee Privacy Handbook can help set practical internal rules your managers can actually follow.

How Long Should You Keep Ex-Employee Records For? (Practical Retention Guidelines)

Because different laws and risks overlap, many NZ employers use a “long enough to cover disputes + tax requirements” approach.

Below is a practical guide (not a one-size-fits-all rulebook). Your best retention period depends on your business, your risk profile, and what records you hold.

A Practical Retention Schedule For NZ Small Businesses

• Payroll, wage and time records (including leave/holiday records and calculations): commonly at least 6 years to meet employment record-keeping expectations, and often 7 years as a practical buffer (particularly where records also support tax and payroll reporting).
• PAYE and other tax records: commonly 7 years (this is general guidance only - check IRD guidance or confirm with your accountant, as requirements can vary depending on the record type and your circumstances).
• Employment agreement, variations, and role documents: commonly 6 years (often aligned with general civil limitation periods), with some businesses choosing 7 years for consistency across core employment files.
• Termination records (resignation/termination/redundancy letters): commonly 6 years (or 7 years if you apply a consistent core-file rule).
• Performance and disciplinary records: commonly 6 years, but you should review whether you still need detailed content as time passes (and store with restricted access).
• Recruitment records for unsuccessful candidates: often 6–12 months (unless there’s a known dispute risk) because keeping them long-term can create privacy risk without much benefit.
• Health and safety incident/injury records: timeframes vary depending on the incident, insurance, and health and safety needs; some records may have minimum periods (for example, notifiable event records are often kept for at least 5 years), and many businesses keep serious incident records longer where there’s ongoing risk or exposure.

Why do “7 years” and “6 years” show up so often? Because some employment records are commonly expected to be kept for 6 years, while tax record-keeping commonly points to 7 years. A simple practical approach for many small businesses is to use one consistent retention rule (often 7 years) for core employment records, then use shorter retention for low-value/high-risk categories like recruitment notes.

One important caution: if there’s an active dispute, investigation, or reasonably anticipated claim, you should generally pause deletion until that matter is resolved (even if your normal retention period has expired). Deleting documents mid-dispute can seriously damage your position.

How Should You Store And Dispose Of Ex-Employee Records Safely?

Keeping records for the “right” amount of time is only half the story. The other half is making sure you’re storing and disposing of them in a way that protects privacy and reduces business risk.

Step 1: Decide Where The “Single Source Of Truth” Lives

Small businesses often end up with employment documents across:

• email threads
• paper files
• shared drives
• HR software
• payroll systems

This is where mistakes happen (like keeping a copy forever in someone’s inbox, or having outdated versions floating around).

A practical approach is to nominate one system/location as your official personnel file, then routinely clean up duplicates elsewhere.

Step 2: Restrict Access By Role (Not Convenience)

Not everyone needs access to ex-employee records. In most small businesses:

• owners/directors may need access for governance and disputes
• payroll staff may need access to payroll data
• line managers usually don’t need access once the person has left (unless there’s a live issue)

Access control is a simple but powerful privacy safeguard.

Step 3: Separate Highly Sensitive Information

Where possible, consider separating highly sensitive records (especially medical/health data) into a restricted folder or system.

This helps you follow the “need to know” principle and reduces the risk of accidental access or disclosure.

Step 4: Secure Disposal (Don’t Just Hit Delete)

When it’s time to dispose of records, make sure it’s done properly:

• Paper records: cross-cut shred or use a secure destruction service.
• Digital records: delete from the system and any backups where feasible (or apply your IT retention rules so backups aren’t kept indefinitely).
• Devices: if data is stored on laptops/phones, ensure accounts are removed and devices are wiped according to your IT process.

Also, document what you deleted and when (even a simple log is helpful). That way, if someone later asks why you no longer have a particular document, you can show it was deleted under a consistent retention policy.

Key Takeaways

• Ex-employee records retention in NZ is governed by a mix of the Privacy Act 2020, employment law, health and safety obligations, and tax record-keeping requirements.
• Under the Privacy Act 2020, you shouldn’t keep former employee personal information longer than you lawfully need it, and you must store it securely even after employment ends.
• As a practical rule, many NZ small businesses keep core employment records for at least 6 years, and often around 7 years where payroll and tax record-keeping overlap - but shorter retention is often appropriate for low-value records like unsuccessful recruitment applications.
• If there’s an active or anticipated dispute, you should generally pause deletion and keep relevant records until the matter is resolved.
• Good retention is more than timeframes: set a “single source of truth”, restrict access, separate sensitive health information, and use secure disposal methods when records reach the end of their lifecycle.
• Having the right foundations in place (like a clear Employment Contract and internal privacy processes) makes it much easier to handle requests, disputes, and audits later.

Note: This article is general information only and isn’t tax advice. If you’re unsure about your tax record-keeping obligations (including PAYE), check current IRD guidance or speak to your accountant.

If you’d like help setting up a practical retention policy, reviewing your HR documentation, or tightening how you store and manage employee information, reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.