That doctor's note sitting on your desk? It's a lawsuit waiting to happen.
The I-9 form filed with John's performance reviews? An audit nightmare.
The investigation report tucked in Sarah's personnel file? Retaliation evidence.
Every form you collect, every warning you issue, every signature you gather ends up somewhere: the personnel file. But not all documents belong in the same folder—and not every manager should have access to all employee records.
Handled correctly, personnel files help you stay compliant, defend your decisions, and ensure a smooth paper trail. Handled sloppily, they create privacy risks, sabotage terminations, or open the door to discrimination claims.
This article breaks down what goes in (and stays out), how long to keep it, how to store it securely, and what to do to make sure you stay audit-ready.
What Belongs in the Personnel File
A basic personnel file should include:
✅ Job application and resume
✅ Offer letter and signed acknowledgment
✅ Job description
✅ Signed handbook acknowledgment
✅ W-4 and state tax forms
✅ Performance reviews and disciplinary records
✅ Promotions, transfers, or compensation changes
✅ Attendance or PTO records
✅ Signed training acknowledgments
✅ Separation/termination letters and exit interview notes
Each document should be dated, signed where applicable, and consistently formatted.
You may also want to include:
Non-compete or confidentiality agreements
Rehire eligibility status
Recognition or commendation letters
Emergency contact information
Direct deposit authorization
What About Payroll and Financial Records?
Consider a Fourth File: Many employers maintain a separate payroll/financial file containing:
Wage and hour records (timecards, pay stubs)
Garnishment orders
Employee loans or advances
401(k) enrollments and changes
Commission agreements
Expense reimbursements
Why separate? These contain sensitive financial data and may need different retention periods. Plus, your payroll team needs access to these but not to performance reviews or discipline.
📝 Pro Tip 📝
Never rely on your memory during an audit—if it's not in the file, it didn't happen. Even informal changes should be reflected in writing.
What Must Stay Separate (The Compliance Bombs)
Your record-keeping should follow a three-tier structure: the general personnel file, separate medical/confidential records, and stand-alone compliance folders.
Doctor's notes
FMLA certifications
Accommodation requests
Return-to-work releases
Workers' comp claims
Access: Limited strictly to those who coordinate leave or accommodations.
📋 I-9 Forms (Separate I-9 Binder)
Stored separately from ALL other employee files
Group all I-9s together (active and former employees)
Never mixed with personnel or medical records
Access: Only for audits and immigration verification.
🔍 Investigation Records (Confidential Drawer)
Harassment or discrimination complaints
Whistleblower reports
Witness statements and outcomes
Remedial action documentation
Access: Head of HR, general counsel, or designated investigator only.
🚩 Common Pitfall 🚩
If you store everything in one folder—even digitally—you're creating risk. Separation isn't just physical; it's legal. It preserves confidentiality and demonstrates you understand your obligations.
Getting It Wrong: The Medical File Disaster
The Company: 40-employee dental practice group
The Problem: Medical notes filed with performance reviews
The Discovery: Routine unemployment claim revealed the filing disaster
When a terminated hygienist filed for unemployment, she claimed she was fired for taking medical leave. The practice responded with her personnel file to show performance issues. But their own evidence backfired.
Right there, between two write-ups for tardiness, sat her FMLA certification for chemotherapy treatments. The dates lined up perfectly—every "attendance issue" occurred during her treatment schedule.
The unemployment judge's decision was swift: "Employer's own documentation shows they tracked medical leave as attendance violations."
What Should Have Been Separate:
FMLA certification (medical file only)
Doctor's treatment schedule (medical file only)
Attendance write-ups (personnel file)
The Cascading Damage:
Unemployment claim: Approved immediately
Credibility: Destroyed—looked like retaliation
Legal position: Undermined by their own filing
Employee morale: Shattered when word spread
🔎 Audit Red Flag 🔎
When medical documents are mixed with discipline, judges assume the medical condition influenced the discipline. Your filing system just proved discrimination for the other side.
Getting It Right: The Three-Drawer Defense
The Company: 75-employee manufacturing facility
The Challenge: OSHA inspection triggered broader review
The Solution: Properly segregated filing system
When OSHA arrived for a safety inspection, they also requested employee records. The HR manager calmly directed them to three separate, locked locations:
Drawer 1 - Personnel Files: Performance reviews, discipline, attendance
Drawer 2 - Medical Files: All FMLA, ADA, and injury records
Drawer 3 - Compliance Binder: All I-9s, properly organized
Each drawer had its own access log. Each file type had designated handlers. The separation was clear, consistent, and defensible.
The Result:
OSHA inspection: Completed without expansion
Records review: No violations found
Time spent: 2 hours vs. potential weeks
Message sent: "We know what we're doing"
Retention Rules: How Long Is Long Enough?
New York Requirements:
📁 Personnel records: 6 years after termination
📁 Wage records: 6 years (NY Wage Theft Prevention Act)
📁 I-9s: 3 years after hire OR 1 year after termination (whichever is later)
📁 Injury reports: 5 years under OSHA
📁 Investigation files: 6-7 years minimum
The Override Rule:
If litigation is pending or threatened, preserve EVERYTHING related until the matter is completely resolved—even if it exceeds normal retention.
Your records are YOUR responsibility—even when someone else holds them.
Too many employers learn this the hard way: You switch payroll providers. Change time clock systems. Move to a new benefits administrator. But you don't download or backup the historical data first.
Two years later, a wage claim hits. You call your old payroll company. "Sorry, we only keep former client data for 90 days."
The brutal truth: The DOL doesn't care that your vendor deleted the records. They're YOUR records. YOUR responsibility. YOUR liability.
Before switching any vendor:
📥 Download all historical data
📥 Export reports in multiple formats (PDF and Excel)
📥 Save time and attendance records
📥 Backup benefits enrollment documentation
📥 Archive all wage statements and tax forms
📥 Verify the backup is complete and accessible
🚩 Common Pitfall 🚩
"But my payroll company has everything" isn't a defense. If you can't produce the records, you don't have them. Destroying documents too early looks like you're hiding something. Keeping them too long creates privacy risks. Not saving them from vendors? That's just careless and an avoidable mistake.
Digital vs. Physical: Same Security, Different Locks
The medium doesn't matter—paper or pixels, the security principles are identical: Multiple layers, limited access, and fewer people at each level.
The Two-Lock Minimum Rule
Physical Files:
🔒 Layer 1: Locked room (only HR and executives have keys)
🔒 Layer 2: Locked filing cabinet inside that room (only HR director and designated backup)
🔒 Layer 3: Separate locked drawer for medical/I-9s (only compliance officer)
Digital Files:
🔒 Layer 1: Password-protected system (all authorized users)
🔒 Layer 2: Folder-level permissions (HR team only)
🔒 Layer 3: File-level restrictions for sensitive documents (designated personnel only)
The Shrinking Circle: As sensitivity increases, access decreases. Your receptionist shouldn't have the same access as your HR director.
Who Gets Access to What:
Personnel Files:
Full access: HR Director, HR Manager
Read-only: Department managers (for their direct reports only)
No access: General employees, administrative staff
Medical Files:
Full access: Benefits administrator, ADA coordinator
Case-by-case: HR Director (only when needed)
No access: All managers, supervisors, other employees
I-9 Files:
Full access: I-9 designated administrator
Audit access: HR Director (during government audits only)
No access: Everyone else—no exceptions
📝 Pro Tip 📝
Whether digital or physical, if more than 3 people have unrestricted access to sensitive files, you have too many. Audit access monthly and revoke immediately when roles change.
Common File Management Disasters
Watch for these filing killers:
❌ Medical mixed with personnel: ADA and privacy violations
✅ Better: Completely separate medical file with restricted access
❌ I-9s in personnel files: Audit expansion risk
✅ Better: Standalone I-9 binder for all employees
❌ Everyone has access: Confidentiality breaches
✅ Better: Role-based permissions with audit trails
❌ No retention schedule: Keeping files forever or destroying too soon
✅ Better: Written schedule with calendar reminders
❌ Inconsistent filing: Some employees have complete files, others don't
✅ Better: Same system for everyone, audited regularly
Final Thoughts: Your Files Are Your Defense
Every document you file—or misfile—becomes evidence. Evidence of your compliance. Evidence of your competence. Evidence of your commitment to doing things right.
The medical note that should be separated. The I-9 that should be isolated. The investigation that should be secured. Each filing decision either protects you or exposes you.
Here's what smart employers know: Proper filing isn't about being paranoid. It's about being prepared. When the DOL knocks, when the EEOC calls, when the lawsuit lands—your files tell your story.
Make sure they tell the right one. Separate your files. Secure your access. Schedule your retention. And audit regularly.
Because in employment law, organization isn't just good practice—it's good defense.
Keep fighting the good fight.
