Who Should Have Access to Your Employee Files?

In an age where data security is paramount for businesses, that data includes the files containing your employees’ information. So, who at your organization should be allowed to access these files?

Whoever does HR in your organization will need access since they’re responsible for updating employee information and ensuring everything complies with employment laws. Many states also grant employees the right to view their personnel files. Other roles in your organization may need access from time to time, but that access should be limited to the following:

• Managers might need to look at performance reviews, disciplinary actions, or salary history.
• Payroll and benefits administrators will need access to pay and benefit information to handle pay, taxes, and benefits enrollment.
• Legal counsel may need access during legal disputes, compliance audits, or investigations.

No one else should have access or be able to look at employee files. Even those with access should only review the files or parts of the file they need to see. Having separate files for certain sensitive information (like medical documentation and I-9s) will help ensure that a manager reviewing a personnel file for performance review scores doesn’t stumble into information about an employee’s disability or other protected characteristics.

Make sure personnel files are stored securely — use locked cabinets for paper files and restrict access for electronic ones.

How to Organize Employee Files

We recommend having five separate files for each employee, as outlined below:

1. I-9 file

Keep all Form I-9s in a separate master file or three-ring binder.

2. Medical file

This file should contain everything related to an employee’s medical history, including health insurance enrollment forms. It’s essential to separate this file because you cannot legally base personnel decisions on an individual’s medical history, such as who gets promoted and who doesn’t. In addition, various privacy laws and the Americans with Disabilities Act (ADA) require that you keep confidential employee medical records separate from basic personnel files. The retention period will depend on the type of record.

3. Personnel file

This file should contain items that were a factor in the employee’s hiring and employment in addition to items that will have any impact on their employment in the future. This includes performance reviews and corrective action records.

4. Payroll records file

This file should contain the employee’s W-4 and any other payroll-related documents containing the employee’s SSN or other protected information, including garnishments.

5. Injury file

Keep a file for any employee who is injured while on the job. This file should contain workers’ compensation claim records, injury reports, and any additional medical records pertaining to the injury. It’s okay to start this file only if an employee suffers an injury on the job.

Where to Store Employee Files

These files should be kept in a secure location accessible only to those in the HR function or with a legitimate need to review the information — for instance, in locked cabinets inside a locked HR office. This information can be stored electronically if that makes more sense for your business. Ensure it’s well secured and backed up to prevent data loss.

There are specific requirements for storing I-9s electronically, which are probably good standards for any electronic data storage.

Concerned About Your Employee Files?

If you don’t have the HR staff and resources to ensure your employee files are organized correctly and that only the appropriate people have access, GTM can help. Our HR consultants can provide support on a regular basis or just as needed to help you fill in the gaps and ensure your employee files are stored properly and can only be accessed by the right staff members. Fill out the brief form below to learn more.