Introduction
Scaling from “founder + friends” to a real payroll is exciting—until California’s compliance clock starts ticking. Once you approach five employees, new statutes snap into place: mandatory sexual-harassment training (SB 1343), expanded leave rights, and record-keeping rules that can trigger five-figure penalties if you overlook them.
If you’re within striking distance of hire #5, lock down these seven foundational policies now. They’ll form the backbone of your first employee handbook—and save you tens of thousands in fines or lawsuit costs later. Need a turnkey draft? Our 🔗 HR policy development services can deliver a compliant handbook in ten business days.
1 Equal Employment Opportunity & Anti-Harassment Policy (SB 1343)
Why you need it As soon as you hit five workers—even temps—California requires one hour of harassment-prevention training for all staff and two hours for supervisors every 24 months. California Required Training Solutions A written, distributed policy is step one; training records are step two.
What to include
- Statement of zero tolerance for discrimination or harassment on any protected basis.
- Complaint channels that bypass the direct supervisor.
- SB 1343 training cadence and record-keeping.
- Anti-retaliation commitments.
Risk if ignored Civil penalties of $100 per employee, plus PAGA claims that stack by pay period.
2 Workplace-Violence Prevention Plan (SB 553)
Why you need it Effective July 1 2024, virtually every California employer must maintain a written Workplace Violence Prevention Plan, conduct annual reviews, and train workers. OgletreeLoeb & Loeb
What to include
- Incident-reporting procedures and response team roles.
- Environmental risk assessment (office layout, visitor access).
- Training curriculum and roster log.
- Plan-review date and responsible owner.
Risk if ignored Cal/OSHA citations up to $18,000 per location—before civil suits.
3 Wage-and-Hour Policy: Timekeeping, Meal & Rest Breaks
Why you need it Meal- or rest-break lapses are still the #1 driver of class and PAGA suits. Each missed break costs one extra hour of pay. Welter Law
What to include
- Exact time-clock rules (no rounding; real-time punches).
- Meal break at or before 5th hour; two breaks on 10-hour shifts.
- Auto-pay language for missed-break premiums.
- Overtime and alternative workweek clauses.
Risk if ignored Penalties of $50–$100 per employee, per pay period—plus expensive class action defence.
4 Paid Sick Leave & CFRA / PFL Coordination Policy
Why you need it California’s Paid Sick Leave (PSL) law applies from day one of employment. When you reach five employees, the California Family Rights Act (CFRA) and the 2025 90 % Paid-Family-Leave wage replacement come into play. GustoSixFifty
What to include
- Accrual method (1 hour per 30 worked) or front-load option.
- Usage increments (two-hour minimum is most permissive).
- How PSL runs concurrently—or doesn’t—with CFRA and Paid Family Leave.
- Non-retaliation clause for lawful leave use.
Risk if ignored Back-pay, interest, and a DLSE citation of up to $4,000 per aggrieved worker.
5 Hiring & Onboarding Compliance Policy (Form I-9 + New-Hire Packet)
Why you need it Every employee, even #1, requires a fully executed Form I-9 within three business days of hire. USCIS A written policy—paired with a checklist—avoids costly verification mistakes.
What to include
- Step-by-step I-9 completion workflow (Section 1 on day 1, Section 2 by day 3).
- Acceptable document list reference and storage retention (three years or one year after termination, whichever later).
- Wage-theft notice, Workers’ Comp pamphlet, and DLSE record-keeping flyer distribution log. CalDIR
Risk if ignored Federal fines of $272–$2,701 per form error—and potential ICE inspection headaches.
6 Expense-Reimbursement & Remote-Work Policy (§ 2802)
Why you need it California Labor Code § 2802 demands you reimburse employees for all necessary business expenses—mileage, cell data, home-office internet—even if they work remotely by choice.
What to include
- Standard reimbursement matrix (IRS mileage rate, flat $40/mo for cell/data).
- Submission deadlines and app link (e.g., through payroll portal).
- Manager approval workflow with default acceptance after 7 days (prevents bottlenecks).
Risk if ignored Liability for expenses plus 10 % interest, attorney fees, and PAGA penalties.
7 Confidentiality, IP & Data-Security Policy
Why you need it Before seed-round investors sign, they’ll ask how you protect code, customer lists, and trade secrets. A clear confidentiality and IP-assignment policy fortifies NDAs and distinguishes employee IP from personal projects.
What to include
- Assignment of inventions made on company time or using company resources.
- Bring-your-own-device data-security rules and monitoring consent.
- Exit checklist (return of code repos, hardware, credentials).
- Reference to California Labor Code § 2870 carve-out (employee inventions on their own time).
Risk if ignored IP leakage, source-code disputes, and investor due-diligence red flags.
Quick-Start Compliance Timeline (30 Days)
| Day | Milestone | Owner |
|---|---|---|
| 1–3 | Engage counsel/consultant; outline seven policies | Founder / HR Lead |
| 4–10 | Draft Anti-Harassment & Workplace-Violence policies | Policy Team |
| 11–15 | Build wage-hour & sick-leave policy; integrate time-clock tech | Ops |
| 16–20 | Draft onboarding/I-9 and expense-reimbursement policies | HR |
| 21–24 | Finalise confidentiality/IP policy with counsel | Legal |
| 25–28 | Publish handbook; collect e-sign acknowledgements | HR |
| 29–30 | Schedule SB 1343 training; upload policies to intranet | L&D |
Record-Keeping Cheat Sheet
| Document | Minimum Retention | Citations |
|---|---|---|
| Form I-9 | 3 yrs after hire / 1 yr after term | USCIS guide USCIS |
| Harassment-training roster | 2 yrs | SB 1343 FAQ California Required Training Solutions |
| Violence-prevention plan reviews | 5 yrs | SB 553 rules Ogletree |
| Wage-records & break logs | 4 yrs | DLSE retention guidance CalDIR |
Common Drafting Mistakes to Avoid
- Copy-pasting generic templates—California’s rules outstrip federal minimums.
- Burying complaint channels—EEOC views hidden processes as chilling.
- Omitting remote-work expense language—big PAGA exposure as remote remains common.
- Leaving Spanish versions blank—policies must match workforce language (>10 %).
- Failing to date-stamp policies—courts treat undated docs as non-existent.
Conclusion
Crossing the five-employee mark is a milestone—and a legal tripwire. Drafting these seven policies now turns a potential compliance scramble into a competitive edge: employees understand expectations, investors see maturity, and regulators stay off your radar.
Pressed for time? Our experts handle everything from legal vetting to digital distribution. Explore our end-to-end 🔗 HR policy development services and lock down compliance before employee #5 even walks through the door.
Stay proactive. Stay compliant. Stay ahead.
