Many employers grapple with their obligation to maintain employment files for each employee. What goes in the file? How long do we have to keep it? This article is intended to provide you with a guide to setting up and maintaining personnel files.


  1. DEVELOP POLICIES ABOUT EMPLOYMENT RECORDS - Policies should be developed regarding the gathering, use, disclosure, and retention of records covering employment and payroll, security, medical, and insurance matters. The policies should:
    1. Limit the collection, use, and retention of such records.
    2. Set up procedures to ensure the accuracy, timeliness, and completeness of information collected, maintained, and disclosed.
    3. Designate which records of employees, former employees, and applicants the employer will or will not allow to be reviewed.
    4. Limit internal use or access to records.
    5. Limit external disclosure of information in records.
    6. Notify applicants and employees about sources used for information and record-gathering purposes.
    7. Explain to employees, former employees, and applicants about any records kept separately from employee files, such as medical and benefits information.


  1. DISCLOSURE STATEMENT - A disclosure statement should be developed for distribution to employees, former employees, and job applicants that includes the following:
  1. Type and number of records maintained on all workers -- past, present, and prospective.
  2. Usage, disclosure and retention period for each record.


  1. REVIEW FILES REGULARLY - An employer should review all current employment records individually to ensure that outdated, unnecessary, and potentially damaging documentation is removed and destroyed.


  1. DESIGNATE FILE CUSTODIAN - An employer should designate a file custodian either within its human resources department or some other officer of the organization.


  1. RESTRICT SEPARATE FILES - As much as possible, an employer should restrict, if not eliminate, the maintenance of any separate employee files by site managers.


  1. BASE DECISIONS ON FILE INFORMATION - All decisions to transfer, promote, or discipline employees should be based solely on the information maintained in the Human Resources department's master employee file.


  1. TRAIN MANAGERS - All managers should be trained on how to structure and draft effective, liability-free documentation for employee files.



  2. Eliminate duplication
  3. Keep and maintain files where used
  4. Use multi-part files
  5. Use history log of status
  6. Reorganize in small bites
  7. Use checklist
  8. When old records found, re-file in proper place
  9. File daily
  10. Store old files off-site
  11. Batch like records
  12. Use all database features




There should be a minimum of four separate files:

  • Primary employee file
  • Medical records (all documents pertaining to this area)
  • I-9 forms
  • Confidential file


Primary Employee File


The five-part primary employee file should include:

  • Basic employee data
  • Employee status changes
  • Employee development/training
  • Performance documentation
  • Miscellaneous data


I-9 Forms


  • Batch together alphabetically for current employees
  • Batch together in chronological order for separated employees
  • Records for separated employees must be kept for:
    • 3 years after hire, or
    • 1 year after separation, whichever is longer period


Confidential File - (Keep all confidential information in separate confidential files.)


  • Interview evaluation forms
  • Background check (including employment, education, criminal, credit, etc.)
  • EEO data
  • Information regarding legal actions
  • Investigatory file (harassment, ethics, EEO, etc.)


RETENTION OF THE GENERAL PERSONNEL FILE: It is recommended that employment records be kept for a minimum of 4 years after termination unless there is a pending claim. However, the Lilly Ledbetter Fair Pay Act of 2009 amended Title VII, the ADEA, the ADA and the Rehabilitation Act to extend the time that individuals may file charges for discriminatory decisions or practices affecting compensation. Under the Lilly Ledbetter Fair Pay Act, and employee may file a charge at any time for alleged pay discrimination that occurred any time during employment; and each time compensation is paid starts a new filing period. The Lilly Ledbetter Fair Pay Act did not include a safe harbor retention period. this places the burden on employers to determine how long to keep records as a charge under the Lilly Ledbetter Fair Pay Act may require producing performance evaluations and other records to show the reasons for pay decisions. The decision on retention of employment records then becomes a company decision based on risk and cost analysis. Storage and retention of records indefinitely may not be practical, and you may decide that the pre-Ledbetter retention periods are sufficient for your company. However, that is a decision that is company specific based on the information presented here.




All information obtained from post-offer medical examinations and inquiries must be collected and maintained on separate forms, in separate medical files and must be treated as a confidential medical record. Therefore, an employer should take steps to guarantee the security of the employee's medical information, including:

  • Keeping the information in a medical file in a separate, locked cabinet, apart from the location of employee files; and
  • Designating a specific person or persons to have access to the medical file.


Medical Records May Include:


  • Benefits claims forms
  • Reimbursement requests for medical expenses
  • Forms relating to workers’ compensation claims
  • Drug testing results
  • Post-offer physical examinations
  • Voluntary disclosure information from the applicant or employee regarding a “disability” as defined by Section 503 of the Rehabilitation Act of 1973
  • Any record of voluntary medical history obtained from an employee health program, such as cholesterol, high blood pressure, weight control, counseling or cancer detection programs
  • Any other documents relating to an employee’s medical condition
  • FMLA certification forms



EEOC Note: Maintaining personal and occupational health information in one place, including an electronic medical record, may violate the federal Americans with Disabilities Act (ADA) or the federal Genetic Information Nondiscrimination Act (GINA) according to a letter issued in May 2011 from the U.S. Equal Employment Opportunity Commission (EEOC). The question posed to the EEOC was whether maintaining information related to an employee’s personal health information (e.g. information related to the diagnosis or treatment of a condition, such as may be found with medical certifications for a leave of absence) in the same location as occupational health information (e.g. medical information concerning an employee’s ability to work or a reasonable accommodation request) would violate the ADA and/or GINA. Both the ADA and GINA require confidential health information to be kept separate from other employee records, so that only individuals who have a business-related reason for knowing the information have access to it. Keeping all medical records in one location could cause a problem if someone has access to the medical file who doesn’t have a business-related reason for accessing other information contained in that file.


For example, your risk management officer may need to see workers’ compensation information for purposes of creating a light duty position for an employee, but has no reason to see Family and Medical Leave Act (FMLA) medical certifications unrelated to the workers’ comp claim. By keeping all medical records in one location, including an electronic file, and then granting unfettered access to someone who is only authorized to see some of the information, you may be violating ADA or GINA. Similarly, you shouldn’t be sharing information with anyone unless the employee has specifically consented to that disclosure or the disclosure is permitted by law.


Tips: One option may be to keep separate files for different medical information. For instance, your ADA reasonable accommodation file could be separate from your FMLA medical certification file. However, this could mean an explosion in the number of files to retain. Another option may be to establish a password protocol where certain types of files are given different passwords. Or, if you have someone on staff who already has access to the files for job-related reasons (e.g., an HR person who is processing FMLA leave requests, coordinating ADA reasonable accommodation discussions, and handling workers’ comp claims), that person could act as a gatekeeper. The more you can screen unnecessary people from viewing confidential health information, the less likely that you’ll violate applicable confidentiality rules.


All Medical-Related Information Must Be Kept Confidential, with the Following Exceptions:


  • Supervisors and managers may be informed about necessary restrictions on the work or duties of an employee and necessary accommodations.
  • First aid and safety team members may be informed, when appropriate, if the disability might require emergency treatment or if any specific procedures are needed in the case of fire or other evacuations.
  • Government officials investigating compliance with the ADA and other Federal and state laws prohibiting discrimination on the basis of disability or handicap should be provided relevant information on request. (Other Federal laws and regulations also may require disclosure of relevant medical information.)
  • Relevant information may be provided to state workers' compensation offices or "second injury" funds, in accordance with state workers' compensation laws.
  • Relevant information may be provided to insurance companies where the company requires a medical examination to provide health or life insurance for employees.




  • Solicited résumés (if hire occasionally from unsolicited résumés, retain) by job classification or group
  • Job applications
  • Pre-employment test results, reference checks, credit reports & background checks (must keep any background check conducted under the FCRA for at least 5 years – 6 years is recommended)
  • Employee requisition for position
  • Prepared job description for position
  • Questions asked of applicants
  • Interview notes
  • Newspaper ads or job posting
  • Other evaluating documents
  • Keep all for one year minimum period; keep two years if federal contractor with 150 employees and $150,000 in contracts
  • Job applications – keep updated according to laws
  • Résumés:
    • Not required to accept
    • If accept, may need to retain
    • Solicited résumés must be kept for at least one year




  • Employee references and interview notes:
    • No employee access needed
    • Need later to justify hiring or not hiring
    • Can keep in one main recruitment file with application or résumé
  • Recruitment file:
    • For each vacant position
    • Tracks recruitment activity
    • Records needed to respond and defend EEOC complaints and inquiries
    • Résumés – by job classification or group
    • Employment agencies – information in connection with each agency
    • Newspaper/publication information where ads are placed
  • Payroll file:
  • Garnishments/levies/child support withholding
  • Withholding forms, alpha
  • W-2s, by year
  • Benefit file:
  • Benefit enrollment and beneficiary declarations
  • Benefit claims/explanation of benefits forms, by year for each plan year
  • Monthly insurance billings (each policy)
  • Benefits claims forms (for self-insured employer; fully insured plans should not provide this information), by employee (*Note:       These should be maintained as per HIPAA and ADA regulations)
  • Workers’ Compensation file:
    • By claim or
    • Calendar year, alpha by employee
    • Include on OSHA 300 log
    • Retain OSHA 300 log for five years
    • Closed files go to employees’ medical files
  • Job descriptions for every position
  • COBRA:
    • Initial notices
    • Election forms
  • Supervisor’s working file
    • Kept confidential
    • Guidelines on what to keep and not keep
    • Stress discoverability of this file as part of employee file
  • Employee assistance program
  • Union contract
  • HR professional association
  • Labor law firm
  • Legal complaints/claims
  • Training vendors/brochures
  • Investigations file:
    • Discussion/interview notes
    • Dates and times
    • General observations and conclusions (“inappropriate workplace behavior”)
    • Corrective action taken




  • Collect all files
  • Eliminate duplicate information
  • Retain legally important information
  • Keep confidential
  • Keep separate if required
  • Store properly (either paper/hard copy, or scanned and retained electronically)
  • Arrange easy retrieval


Contributed by Christine Crews, SPHR, SHRM-SCP is Vice President of Human Resource Services for the Employers Association Forum, Inc. (EAF). EAF is a non-profit corporate membership-based association dedicated to serving the business and HR communities with world-class HR tools, hotlines & legal compliance, news & trends, surveys & economic data, benefits & insurance, risk management, training & consulting, and leadership & organizational development. HCCMO members receive discounted rates on all EAF classroom training at EAF’s training center in Longwood. Click here for currently scheduled programs:

Click here to learn more about EAF membership benefits