Building Compliant Employee Files


Employee files can be a legal liability if they are not managed properly. The fact is companies can create risk to the business if they do not follow certain steps to protect employee information, manage access appropriately and comply with state and federal laws for record keeping, retention and destruction.

Common errors associated with employee file management and creation include:

    1. Lack of controlled access – who is allowed to see what, when, why and how
    2. Poor organization or no organization – whether information be easily found
    3. Inconsistency in employee file content – collecting the same information and documents from all employees
    4. Retention guidelines not followed or not known

Most employers have a basic idea of what should be contained in an employee file. However, many don’t understand that while “what” you keep is important, “how” you keep it is just as critical.

Employee Files

There are several items and categories that are necessary for compliant employee file recordkeeping such as:

Employee personal and demographic data:

Name, address, date of birth, work location, social security number, driver’s license number (when relevant to job responsibilities).

Basic Employee Data:

Resume, interview notes, employment application, date of hire, full or part-time status, exempt or non-exempt status, termination date, pay frequency (semi-monthly, monthly, bi-weekly), rate of pay or salary, bonus structure, commission or shift differential pay (if applicable), work schedule, all pay data during period of employment, exit interview form/notes, W-4, performance reviews and appraisals, disciplinary documents, awards and recognition documents, list of work-related training and certifications completed, handbook and policy acknowledgments, special licensing documentation, payroll authorization form, job description and other day-to-day employment documents.

Private Confidential Employee Data:

Benefits enrollment forms, PHI (including doctor’s notes), drug and background screen results, I-9 and employment verification request information, leave data, workers’ compensation or disability claim information, FMLA forms, ADA accommodation documents, EEO self-identification data, and wage assignments or garnishments.

File Design/Setup

In setting up an employee file, the company should consider a system that allows for easy access to data but also protects confidential information. Employers may choose to include a “confidential” section within the main file or they may choose to create a filing system that keeps the employee’s confidential information completely separate from the main employee file. If confidential information is kept within the main file, then the ideal file should be comprised of “viewable” information and “confidential” information. Then, within each of those categories, sub-categories like payroll, benefits, master employment documents, insurance, workers’ compensation, leaves of absence, etc. may be established.

What is Confidential?

Items that should be designated as confidential within an employee file or kept in a separate file and not shared outside of HR, payroll and benefits administration include benefits, PHI, drug, background and leave data as noted above.

Access to Employee files

Although employee files and their content are the property of the company, many states have laws requiring the employer to allow the employee a right to view certain basic employment and payroll documents contained in their employee file within a reasonable amount of time upon request. Such documents may include their application, payroll authorization and tax forms, benefit enrollment forms, discipline and performance reviews, attendance records, garnishment and leave documents. Employers should make sure they review state-specific employment record laws when setting up their employee file access policy.

Access by other employees should be limited to the information necessary and applicable to their position and function within the business and only when there is a legitimate business need to access. For example, payroll personnel should have access to payroll-specific items like deduction authorizations, garnishments, pay data and hours and days of work. Supervisors and managers should only have access to performance-related documents, and the benefits administrator should have access to items specific to benefits like enrollment or waiver forms and beneficiary forms.

Records Retention

Identify retention requirements for each employee document and record, and create a policy to ensure compliance. There are specific retention requirements for those items stored in an employee file. For example, upon termination of employment, I-9s are required to be kept for at least three years from date of hire or 1 year from date of termination, whichever is longer. Electronic documents should be retained as if they were paper documents. If an employee has sufficient reason to keep an email message, the message should either be printed in hard copy and kept in the appropriate file or moved to an “archive” computer file folder. Computer backup and recovery methods should be tested on a regular basis.

In addition, the company should designate an individual to be responsible for the ongoing process of identifying which records have met the required retention period and then overseeing their destruction.

Employee File System

Whichever employee file system employers choose to implement, they must make sure it is consistent, organized, and protects the documents that are confidential in nature.

By Deborah Siddoway, HR Business Partner, Director of HR Solutions, HR Service, Inc.


Skip to content