10.4 Security

If you retain Form I-9 electronically, you must implement an effective records security program that:

  • Ensures that only authorized personnel have access to electronic records;
  • Provides for backup and recovery of records to protect against information loss;
  • Ensures that employees are trained to minimize the risk of unauthorized or accidental alteration or erasure of electronic records; and
  • Ensures that whenever an individual creates, completes, updates, modifies, alters, or corrects an electronic record, the system creates a secure and permanent record that establishes the date of access, the identity of the individual who accessed the electronic record, and the particular action taken.

Note: If your action or inaction results in the alteration, loss or erasure of electronic records, and you knew, or reasonably should have known, that the action or inaction could have that effect, then you are in violation of section 274A(b)(3) of the INA (8 CFR Part 274a.2(g)(2)).


Last Reviewed/Updated