receives compensation from some of the companies listed on this page. Advertising Disclosure

What Employee Info Can You Collect? Keep?

Skye Schooley
Skye Schooley
Staff writer Staff
Updated Jan 23, 2023

Learn which documents you should include (and not include) in your employee personnel files.

As an employer, you are bound by laws and regulations that specify what employee information you can (and should) collect and who can access that information. Administrative functions like gathering and storing employee documents – and how you do this – may seem tedious, but it can have a major impact on your business. H&M, the major Swedish retailer, was fined more than $41 million for allegedly tracking employees’ personal lives (vacations, illnesses, religious beliefs and family problems) on a company database.

To avoid any legal issues (and penalties) and the ire of your employees, it is important to understand what a personnel file is and what it should (and should not) include.

What is an employee personnel file?

An employee personnel file is a collection of key documents pertaining to a worker. Some employee documents are legally required, whereas others are simply nice to have. According to Damien Weinstein, partner at Weinstein & Klein PC, “you should be able to read a personnel file and have a pretty accurate view into who the employee is, what they do at the company and how they are performing.”

Storing and accessing personnel files

You can store employee personnel files in a locked filing cabinet, but you run the risk of that information being damaged by potential disasters (e.g., floods, fires, tornadoes) or stolen and then having it exposed. Many businesses use human resources software to digitally store and manage employee personnel files.

Who should have access to employee personnel records?

Only key human resources (HR) personnel and designated company officers, like a chief operating officer (COO), should have access to employee personnel files.

“Key personnel who are contractually and legally obligated to maintain confidentiality [should have access],” Weinstein told “This could be a business owner and COO, head of HR, etc. The point is that this contains personal, private, and sensitive information and isn’t to be readily available to anyone in the company.”

If needed, these designated professionals can grant managers or supervisors access to some of the information in the standard employee file that doesn’t contain sensitive documentation.

Editor’s note: Looking for the right HR software for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.

What to include in a personnel file

There is a copious amount of information that should be kept in a personnel file; however, some of it is highly confidential. Nicole Anderson, owner and CEO of the HR solutions firm MEND, recommends dividing the information in an employee’s personnel file into three distinct folders: an employee file, a confidential file and an I-9 file.

How long you’re required to keep each document varies depending on federal and state laws. Some states only require you to retain certain documents for two to three years after the employee’s last date of employment, but you may want to retain these documents for six or seven years. And while it isn’t legally required, you should conduct an audit on personnel files once a year to ensure the information you have is accurate and up to date.

Employee file

This file contains information regarding the employee’s job requirements, knowledge, performance and behavior. Anderson said this general file typically includes the following:

  • New hire checklist
  • Job application
  • Resume
  • Job description (and acceptance)
  • Offer letter
  • Employment contract
  • Reference check forms
  • Emergency contact form
  • Receipt of company property
  • Confidentiality agreement
  • Signed acknowledgments (employee handbook, employee policies and procedures, health insurance options, etc.)
  • Training documents and acknowledgments
  • Past performance evaluations
  • Employee enhancement forms
  • Any corrective or disciplinary actions taken

Confidential file

This file contains highly sensitive information and should be kept in a secure file. Only the previously mentioned key personnel should have access to this file. Anderson said this confidential file typically includes:

  • Self-identification form
  • Any medical or disability-related documents (with return-to-work or doctor notes)
  • Worker’s compensation documentation 
  • Insurance enrollment forms
  • 401(k) or retirement forms
  • Beneficiary forms
  • Release authorization
  • Credit report disclosure and authorization
  • Criminal background check
  • Drug test consents and affidavit
  • W-4 tax document
  • State tax document, if applicable
  • Direct deposit form/voided check
  • Any document that has personally identifiable information such as date of birth, bank account numbers, Social Security number, sex, marital status, etc.

I-9 file

Form I-9 is used to verify an employee’s eligibility for legal employment in the United States. Employers must complete and retain an I-9 form for every employee. Immigration and Customs Enforcement (ICE) inspectors frequently perform I-9 audits, and being prepared can spare you from hours tracking down the documentation and paying costly fines.

What not to include in a personnel file

Storing or sharing the wrong personnel information can land you in legal trouble. Sensitive information that you should keep separate from the general personnel file includes the employee’s W-4, equal employment opportunity information, their Social Security number and their medical file.

“More recently with COVID, guidance suggests that personal health information (exposures, test results, documentation of symptoms, etc.) should not be kept in the personnel file since this may be accessed by too many people,” said Weinstein.

Do not keep any information regarding an employee’s personal information, work product, emails or opinions about the employee. You should also discard copies of employee identification cards, such as Social Security cards, government identification cards, driver’s licenses and passports.

“Once the use of these items is done, they should be destroyed to prevent any unauthorized duplication or breach,” said Anderson.

Laws regarding personnel files

Your employees may believe they can inspect their personnel file, but this isn’t always the case. Many states have laws that require employees to obtain a court order before they can request access to their personnel files.   

Additionally, there are federal and state laws that determine how employers can store certain information and which employees have clearance to access it. Anderson said most states only require employers to keep state or federal specific documents in the HR department or locked cabinet, whereas other documents require special storage and restriction.

“The American with Disabilities Act (ADA) and the Health Insurance Portability and Accountability Act (HIPAA) require that confidential medical information should be kept separate from the personnel file so that no one but the designated HR or company official has access to them,” said Anderson.

Laws also regulate how long you must retain certain documents. For example, the equal employment opportunity commission requires employers to retain all personnel records for at least one year after the last date of employment, and the Age Discrimination in Employment Act of 1967 requires employers to retain any employee benefit plan and written merit or seniority system for at least one year after the plan or system is terminated.

Personnel records can also be invaluable in the event you are sued by a current or former employee.

“[A personnel file] is usually the first thing your lawyer will ask for if the employee is suing (or threatening to sue) you,” said Weinstein. “Having it in one place, ideally electronically, so that you can provide it to your attorney for their review, is very good practice. Not only will that save you in legal fees, but a well-maintained file could provide a nice legal defense to any claims.”

Image Credit: sinseeho / Getty Images
Skye Schooley
Skye Schooley Staff
Skye Schooley is a human resources writer at and Business News Daily, where she has researched and written more than 300 articles on HR-focused topics including human resources operations, management leadership, and HR technology. In addition to researching and analyzing products and services that help business owners run a smoother human resources department, such as HR software, PEOs, HROs, employee monitoring software and time and attendance systems, Skye investigates and writes on topics aimed at building better professional culture, like protecting employee privacy, managing human capital, improving communication, and fostering workplace diversity and culture.