(Article originally authored by HR/Advantage Advisory, Powered by Clark Hill)

A regular review of your human resource operations is imperative in order to keep your company in compliance and reduce the possibility of penalties and liability. Specific areas to review may include I-9s, nondiscrimination policies and practices, medical record/information privacy, record retention, and destruction and privacy of personal information.

I-9 Assessment – Noncompliance in this area can result in significant penalties for an employer. It’s in the employer’s best interest to take proactive steps to review, document and correct I-9 form mistakes so files are in order ahead of any possible I-9 audit. I-9 forms, and supporting documentation, should be kept separately from employee personnel files.

Medical privacy – Under the Americans with Disabilities Act (“ADA”), employers have a legal obligation to protect their employees’ medical information. To this end, employee medical information should be maintained separately from employees’ personnel files. This includes information related to medical exams, FMLA, disability claims and ADA requests for accommodation or related information.

Nondiscrimination – Remember that supervisors may have access to employee personnel files in order to make employment decisions. Therefore, only information relevant to employment decisions should be kept in the personnel file. This includes pre-employment documents like a job description, resume, employment application, offer letter, and employment documents such as performance appraisals, records of attendance, awards or citations of performance and training records. Anything not relevant to the job should be kept separately from the personnel file, including EEO records.

Record retention – Employers must follow state and federal laws governing retention of human resource records. With electronic records becoming more of the norm, it is important for employers to ensure that access to electronic files is limited and has effective security controls. It is a very good idea to have a written policy in place outlining your company’s retention policy, process and schedule.

Record destruction – In addition to a records retention policy, employers should also have a policy related to the destruction of employment records. In some instances, federal regulations require specific methods of destruction for certain records.

All employee files, whether they are stored in a physical or electronic format, should be kept in a secure location with limited access. The following documents should be kept separately from the employee personnel file:

  • I-9 forms and copies of identification
  • Investigation notes and reports
  • Drug/alcohol tests and back ground checks
  • Payroll records containing protected information like social security number or garnishment orders
  • Medical records including, but not limited to, FMLA documents, request for ADA accommodations, medical exams, disability benefit records/claims, worker’s compensation, health information related to the employee’s family member(s).
  • Confidential records containing protected information like date of birth, marital status or religious beliefs
  • Consumer related credit information and reports and financial data.

If you would like assistance to conduct an HR Assessment for your organization, please reach out Alliance Benefit Solutions at (732) 908-7500


  • Dresser & Associates, “Personnel Records: Audit: Why audit personnel files and records maintenance procedures”
  • SHRM, “Complying with Employment Record Requirements”

The views and opinions expressed in the article represent the view of the author and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is intended to be a substitute for professional legal advice.