What Employee Info Can You Collect in Personnel Files?

What is an employee personnel file?

An employee personnel file is a collection of critical documents that pertain to a specific worker. Employers are legally required to store some employee documents while others are simply nice to have. 

According to Damien Weinstein, partner at Weinstein & Klein PC, “You should be able to read a personnel file and have a pretty accurate view into who the employee is, what they do at the company and how they are performing.”

Storing and accessing personnel files

While you can store employee personnel files in a locked filing cabinet, you run the risk of the documents being damaged by potential disasters, such as floods, fires or tornadoes, or stolen and exposed. Instead, many businesses use highly rated human resources (HR) software to store and manage employee personnel files digitally.

How long you’re required to keep a particular document in the file depends on federal and state laws (see some examples below). Some states only require you to retain certain documents for two to three years after the employee’s last date of employment with your company, but you may want to retain them for six or seven years. 

Regardless, while an audit isn’t required legally, you should conduct one on your business’s personnel files once a year to ensure the information you have is accurate and up to date.

What should be included in a personnel file?

There is a copious amount of information that should be kept in a personnel file; however, some of it is confidential. For these reasons, Nicole Anderson, founder and CEO of the HR solutions firm MEND, recommends dividing the information in an employee’s personnel file into three distinct folders: an employee file, a confidential file and an I-9 file.

Employee file

This file should contain information regarding the employee’s job requirements, knowledge, performance and behavior. Anderson said this general file typically includes the following items:

• New-hire checklist
• Job application
• Resume
• Job description (and acceptance)
• Offer letter
• Employment contract
• Reference check forms
• Emergency contact form
• Receipt of company property
• Confidentiality agreement
• Signed acknowledgments, such as employee handbook, employee policies and procedures and health insurance options
• Training documents and acknowledgments
• Past employee performance evaluations
• Employee enhancement forms
• Any corrective or disciplinary actions taken

Confidential file

This file would contain highly sensitive information and should be kept in a secure file. Only the previously mentioned key personnel should have access to this file. Anderson said a confidential file typically includes the following:

• Self-identification form
• Any medical or disability-related documents (with return-to-work or doctor notes)
• Workers’ compensation documentation 
• Insurance enrollment forms
• 401(k) or retirement forms
• Beneficiary forms
• Release authorization
• Credit report disclosure and authorization
• Criminal background check
• Drug test consents and affidavit
• W-4 tax document
• State tax document, if applicable
• Direct deposit form/voided check
• Any document with personally identifiable information, such as date of birth, bank account numbers, Social Security number, sex and marital status

I-9 file

Form I-9 is used to verify an employee’s eligibility for legal employment in the United States. Employers must complete and retain an I-9 form for every employee. Immigration and Customs Enforcement (ICE) inspectors frequently perform I-9 audits on businesses and being prepared can spare you hours of tracking down the documentation and paying costly fines.

What should not be included in a personnel file?

Storing or sharing the wrong personnel information can land you in legal trouble. As outlined above, sensitive information that you should keep separate from the general employee file includes the employee’s W-4, equal employment opportunity information, their Social Security number and their medical file.

“Personal health information (exposures, test results, documentation of symptoms, etc.) should not be kept in the [general] personnel file since this may be accessed by too many people,” Weinstein told us.

Do not keep any information regarding an employee’s personal information, work product, emails or opinions about the employee. You should also discard copies of employee identification cards, such as Social Security cards, government identification cards, driver’s licenses and passports.

“Once the use of these items is done, they should be destroyed to prevent any unauthorized duplication or breach,” said Anderson.

Who should have access to employee personnel records?

Only key HR personnel and designated company officers like your chief operating officer (COO), should have access to employee personnel files. [Related article: C-Suite Job Titles: What Do They Really Mean?]

“Key personnel who are contractually and legally obligated to maintain confidentiality [should have access],” said Weinstein. “This could be a business owner and COO, head of HR, etc. The point is that this contains personal, private and sensitive information and isn’t to be readily available to anyone in the company.”

Best practices for managing employee personnel files

Managing employee personnel files may seem as simple as storing a few documents, but mismanagement can cause major problems for your company and its staff. Here are some best practices for effectively managing employee personnel files: 

1. Create and enforce an employee personnel file policy: Create a comprehensive HR policy that includes the type of documents you need to keep, where you will keep them and for how long. It’s also helpful to outline file permissions for employees to access specific documents. Train your HR staff on these policies. 
2. Be transparent with employees about document retention: Although the law varies on what type of personnel file information employees can readily access, it’s best practice to maintain transparency with workers about what type of information you will keep and the duration for which you will keep it. Having employees sign each document you intend to keep is a good way to ensure they are informed. 
3. Follow stringent security guidelines to protect employee data: Employee personnel files hold some sensitive information, which is why it’s important for you to take extra precautions to keep it secure — regardless of whether it is being stored digitally, in physical file cabinets or both. Make sure employees abide by the security policies you’ve created to keep confidential information secure as well.
4. Conduct an annual review of personnel files: An annual document review process is beneficial for auditing your current personnel files and ensuring they are accurate and secure. This is also a good time to delete any outdated documents or files that you no longer need to retain. 
5. Automate the file management process: HR software can help automate certain document management processes, increasing efficiency and eliminating the potential for human error. However, even those with automated processes will want to conduct annual reviews.

In addition to these best practices, it’s a good idea to back up your personnel files. This will help ensure retention in the event of a disaster.

What are the laws regarding personnel files?

Your employees may believe they can inspect their personnel file at any time, but this isn’t always the case. Many states have laws that require employees to obtain a court order before they can request access to their personnel files.  

Additionally, there are federal and state laws that determine how employers can store certain information and which employees have clearance to access it. Anderson said most states only require employers to keep state- or federal-specific documents in the HR department or a locked cabinet, whereas other documents require special storage and restriction.

“The Americans with Disabilities Act (ADA) and the Health Insurance Portability and Accountability Act (HIPAA) require that confidential medical information should be kept separate from the personnel file so that no one but the designated HR or company official has access to them,” said Anderson.

Laws also regulate how long you must retain certain documents. For example, the Equal Employment Opportunity Commission requires employers to retain all personnel records for at least one year after the last date of employment, while the Age Discrimination in Employment Act (ADEA) requires employers to retain any employee benefit plan and written merit or seniority system for at least one year after the plan or system is terminated.

Personnel records can also be invaluable in the event you are sued by a current or former employee.

“[A personnel file] is usually the first thing your lawyer will ask for if the employee is suing (or threatening to sue) you,” said Weinstein. “Having it in one place, ideally electronically, so that you can provide it to your attorney for their review is very good practice. Not only will that save you in legal fees but a well-maintained file could provide a nice legal defense to any claims.”

>> Read next: How to Handle a Business Lawsuit

Some source interviews were conducted for a previous version of this article.