SB 553 employee record requests: what must be produced in 15 calendar days

What the 15-calendar-day rule covers

An SB 553 records request is not the moment to go hunting through inboxes, old sign-in sheets, and a half-finished spreadsheet named "WVPP final final." California's workplace violence prevention law gives employees and their representatives a clear access right: certain records must be available for examination and copying within 15 calendar days of a request, at no cost.

Labor Code Section 6401.9(f)(6) says employees and their representatives must be able to examine and copy the records required by paragraphs (1) through (3) of the recordkeeping section. In plain English, that means three buckets:

1. Records of workplace violence hazard identification, evaluation, and correction.
2. Training records.
3. Violent incident logs.

Cal/OSHA's general industry guidance says the same thing: hazard records, training records, and violent incident logs must be made available to employees and authorized representatives, on request and without cost, within 15 calendar days.

The safe operating move is simple: date-stamp the request, set the legal due date, and set an internal target several days earlier so HR, safety, and legal have time to review the packet before it goes out.

The written plan is different: it should already be accessible

The written Workplace Violence Prevention Plan is not something to hide until someone files a formal records request. Section 6401.9(c) requires the plan to be written, in effect at all times, and available and easily accessible to employees, authorized employee representatives, and Cal/OSHA representatives.

Training also has to explain how employees can obtain a copy of the plan at no cost. If an employee asks for the WVPP, the practical answer should be simple: point them to where it lives, provide the copy, and log that you did it. Do not make the plan harder to get than the statute expects.

For a multi-location employer, that also means the plan has to make sense for the worksite. A generic corporate PDF may be easy to share, but it will not carry much weight if it does not address the hazards, emergency response, reporting process, and responsible people for the location where the employee actually works.

What to produce

Use this as the desk check before responding to a request.

That distinction matters. Employee access is real, but it is not unlimited access to every HR, legal, medical, security, or witness file connected to a workplace violence incident.

Hazard records: not just the inspection form

"Hazard records" sounds bland until an employee asks for them and you realize they are scattered across a manager's notebook, a maintenance ticket, a safety meeting agenda, and one photo thread.

For SB 553, the relevant records are the ones showing workplace violence hazards were identified, evaluated, and corrected. That can include:

• A scheduled workplace violence hazard inspection.
• Notes from a post-incident hazard review.
• Employee reports or concerns about a workplace violence hazard.
• A parking lot lighting assessment.
• A lone-worker or closing-shift review.
• Records showing a fix was made, such as lighting repair, staffing change, access-control update, panic-button test, revised closing procedure, or training follow-up.

The cleanest packet tells the story in order: here is what we looked at, here is what we found, here is what we changed, and here is the date we closed it. Inspectors like that sequence too, because it shows the program is alive rather than decorative.

Training records: more than "everyone watched the video"

Training records are a 15-day employee-access item, and Section 6401.9 is specific about what they should contain. Keep:

• Training dates.
• The contents or a summary of the training sessions.
• Names and qualifications of the people conducting the training.
• Names and job titles of everyone who attended.

That means a bare sign-in sheet is usually too thin. It may prove bodies were in the room, but it does not show what was covered, whether the person leading the training was qualified, whether supervisors were included, or whether the training matched the current workplace violence prevention plan.

If you use SB553Ready or another system, make sure the export can answer the human question behind the request: "Was this employee trained on the actual plan for this site, and when?"

Violent incident log access: shareable, but not sloppy

The violent incident log is the record most likely to make employers nervous, and for good reason. It is both a required safety record and a sensitive incident record. The law solves part of that tension by requiring the log to omit personal identifying information.

The log should include the required incident details: date, time, location, workplace violence type, description, classification of who committed the violence, circumstances, where it occurred, type of incident, consequences, and information about the person completing the log.

But it should not identify the people involved in the incident. Do not put the employee's name, home address, personal email, phone number, Social Security number, or other identifying detail into the log entry. Do not include a combination of details that makes the person obvious from context when it is not necessary for prevention.

The person completing the log is different. Section 6401.9 requires the log to include information about the person completing the entry, including their name, job title, and completion date. The no-identifying-information rule is aimed at people involved in the violent incident.

Think of the log as the pattern-and-prevention record. It should help a reader understand what happened, where the risk is showing up, and what the employer did next. The confidential "who said what" material belongs in the separate investigation record.

What not to disclose in the employee packet

This is where a little discipline saves a lot of trouble. Do not use an employee record request as a reason to dump every related file into a ZIP folder.

Keep these out of the employee-access packet unless counsel or another legal process says otherwise:

• Personal identifying information about anyone involved in a violent incident.
• Names, home addresses, personal emails, phone numbers, Social Security numbers, and similar identifiers.
• Details that identify someone when combined with public information.
• Employee medical information.
• The separate incident investigation file, including witness statements and HR/legal analysis.
• Discipline records, personnel records, security files, or law-enforcement correspondence that are not part of the required SB 553 employee-access records.

For incident investigations, the statute is especially clear on medical information: investigation records must not contain "medical information" as defined by California Civil Code Section 56.05. That is a recordkeeping rule, not just a disclosure preference.

How to handle a representative request

SB 553 gives access rights to employees and their representatives. The plan itself must be available to "authorized employee representatives," and Cal/OSHA guidance uses the same phrasing for record access.

A practical intake process should capture:

• Who made the request.
• Whether the request is from the employee or a representative.
• If a representative made it, the basis for authorization.
• Which records are requested.
• The date received.
• The 15-calendar-day due date.
• Who reviewed the production packet.
• When and how the records were provided.

The point is not to create a maze. It is to make sure the right person gets the right records, free of charge, on time, with sensitive material kept where it belongs.

A simple response workflow

When a request comes in, use a same-day routine.

1. Date-stamp the request and calculate the 15-calendar-day deadline.
2. Confirm whether the requester is the employee or an authorized representative.
3. Identify the scope: plan, hazard records, training records, violent incident log, or all SB 553 employee-access records.
4. Pull the required records from the system of record.
5. Review the violent incident log for prohibited personal identifying information before production.
6. Keep investigation files separate unless counsel says to include something.
7. Provide the records at no cost.
8. Save a copy of what was produced and the date it was provided.

If that sounds like a lot for a small employer, it is mostly a sign that the records should have been organized before the request arrived. A 15-day window is generous only when the plan, training records, log, and hazard fixes already live in one place.

Common mistakes

Mistake 1: Treating 15 calendar days like 15 business days

The statute says calendar days. Build your response process around that. Waiting two weeks and then realizing a holiday weekend was inside the window is exactly how a simple request becomes an avoidable compliance problem.

Mistake 2: Producing the investigation file with the log

The log is an employee-access record. The investigation record is a separate five-year record available to Cal/OSHA. Keep them separate. If a request, subpoena, grievance, lawsuit, or agency demand asks for more, route it through the right legal process.

Mistake 3: Redacting the log only at request time

The violent incident log should be built without personal identifying information from the beginning. If every employee request requires emergency redaction, the log design is wrong.

Mistake 4: Forgetting hazard correction

Employees can request records of hazard identification, evaluation, and correction. The correction record is the satisfying part of the story. It shows the employer did not just notice a risk; it acted on it.

Mistake 5: Charging for copies

The records must be made available upon request and without cost. Do not turn a safety-access right into an invoice.

Sources

Frequently asked questions