Nonprofit Personnel Files — A Guide from Ask Rita

An overview of how to manage your organization’s personnel files and a checklist of documents to include in a personnel file.

Nonprofit Personnel Files — A Guide from Ask Rita
9 mins read

Records of many employment matters are required by many state and federal laws.

Dear Rita:

We’ve never paid too much attention to our personnel files, but we’ve just entered a contract with the county and we think it’s time for us to get our act together on this. I know we need a personnel file for each employee — but what should be in it?

An Accidental HR Manager

Dear Accidental:

It’s great that you are asking this question now! Good personnel files are important not just for your county contract but because documentation of various employment matters is required by many state and federal employment laws and most employee-specific documentation is best retained in a personnel file.

  • For example, to comply with the Fair Credit Report Act (FCRA) when doing a background check, you’ve got to give specific written notices and get a written authorization if a third party conducts the records check. The proof that you’ve complied with FCRA should be kept in each individual’s personnel file.
  • The file should also contain performance evaluations and any documentation that evidences the employee’s employment status (a signed offer letter, an Employee Change Form reflecting things such as job title, wage rate, promotions, benefit coverage, and leaves of absence). The personnel file should read like the rings of a tree, giving evidence of an employee’s history with your agency.

The rest of this article provides an overview of how to manage your organization’s personnel files and a checklist of documents to include in a personnel file. First, let’s talk about what should not be in a personnel file, which is just as important from a legal perspective.

What NOT to put in the personnel file

Following are the most important items to exclude:

  • Any writing regarding the employee’s performance that the employee has not seen should not be in the file. For example, while the performance evaluation that was presented to the employee should be in there, a complaint memo from a department manager about an error the employee made that was never shown to the employee should not.
  • Working notes or logs that a supervisor has kept for her own benefit, usually to assist in the drafting of a performance evaluation. The notes should be destroyed after documenting anything of importance in the annual performance evaluation.
  • Any medical information (including drug testing information) about the employee from any source should never be in the employee’s personnel file, but rather in a separate, more restricted confidential medical file. This separate medical file could also include any medical-related information such as documents related to Workers’ Compensation, FMLA and ADA.
  • Complaints or investigation reports (harassment, discrimination, ethics, licensing etc.). Any complaint about an employee that is subject to an investigation should not be in the employee’s personnel file, but in a separate complaint file. For example, if an employee is accused of sexual harassment, the only thing that should be lodged in the personnel file is any disciplinary action taken against the employee or a substantiated report of wrongdoing — but not the original complaint or investigation notes.

These items also should not be kept in a personnel file, but in separate, confidential files:

  • Hiring Documents, such as letters of reference, background investigation reports, or I-9s
  • EEO Statistical Information for the EEO-1 Report
  • Payroll records

In short, to manage all of this personnel information we suggest four sets of files:

  1. A personnel file for each employee
  2. A separate medical file for each employee
  3. One folder that has Forms I-9 for all employees
  4. A file (or set of files) for all employee payroll records

What can the employee put into his or her own file?

Most employers’ policies allow an employee a limited period of time to submit a written response to any negative information in the file regarding performance. While responses and rebuttals are not required by law, this practice allows the employee to have her concerns documented, typically making it easier for everyone to move beyond any dispute and focus on performance.

Where should we keep personnel files?

Since personnel files contain confidential personal information, you will also need to establish a policy about access and security of these files. We recommend these practices:

  • Keep files in a locked cabinet and identify two staff (such as the HR manager and the executive director in a small organization) who will hold the keys.
  • Maintain a written log that shows when a personnel file has been reviewed and by who. You can, for instance, staple such a form to the inside front cover of the file.
  • Include a policy in your employee handbook that personnel files can only be accessed by the employee, his or her supervisor/manager, and others only if they have a need to know. (Note that many states have laws that grant employees the right to review their own personnel file or to keep a copy of certain documents.
    • In a separate locked drawer:
    • Keep one file that has Forms I-9 (Immigration) for all employees. Again, do NOT put an employee’s I-9 in his or her personnel file, athough you might want to have a checklist in the file that indicates that this information has been collected. Form I-9 is the “Employment Eligibility Verification” form from the U.S. Citizenship & Immigration Services (USCIS, formerly called the INS). The government is entitled to inspect these forms, and if it does, you don’t want the agents viewing the rest of the employee’s personnel–and personal — information at the same time.
    • Keep a medical file for each employee.

How long should we keep a personnel file?

As a general rule, keep files for four years after an employee separates from your organization, with the exception of the following documents, which must be retained for a longer period of time:

  • Employee Benefit Plan documents and enrollment forms (medical, retirement, etc.) (must be retained for 6 years under ERISA)
  • OSHA Toxic Chemical Exposure records and Material Safety Data Sheets (30 years) and
  • Workers’ compensation lost time injury reports (example: in California, 5 years)

Remember also that since personnel files contain confidential information, proper destruction of records is critical. The Fair and Accurate Credit Transactions (FACT) Act, effective in 2005, requires all employers to burn or shred all applicant or employees’ personal information such as Social Security numbers, addresses, telephone numbers and any other information reported to an employer by a consumer reporting agency. Medical information should be handled similarly. Employers that use an outside party to dispose of records are expected to conduct due diligence in hiring a document destruction contractor.

Checklist for documents to keep in a personnel file:

  • Job description(s)
  • Resume and/or employment application
  • Offer letter
  • Authorizations for background checks
  • Certifications, licenses or proof of educational degrees or training
  • Drivers’ license and proof of auto insurance (if employee drives as part of the job)
  • Personal and emergency contact information
  • W-4 tax exemption form
  • Benefits enrollment forms
  • Beneficiary and dependent benefit forms
  • Employee acknowledgment of receipt of Employee Handbook or any additional Employer Policies
  • Performance evaluations
  • Letters of commendation
  • Attendance records (but not payroll records)
  • Disciplinary memos
  • Personnel action form (also called employee change forms): Changes in salary, job title, etc.
  • Payroll information including direct deposit authorization, memos related to wages attachments or garnishments, request/authorization forms for leaves of absence (excluding medical certification)
  • Letters of resignation or termination

Dear Accidental: This may be more information than you expected, but it isn’t as complicated as it might seem. Sincerely, Rita in HR

See also:

About the Author

More Posts

Ellen Aldridge, J.D. is an Employment Risk Manager for Nonprofits Insurance Alliance (NIA). Ellen has practiced labor and employment law for over 30 years as a litigator, negotiator, and adviser. Now in her 12th year with NIA, Ellen brings her experience to assist nonprofits in managing employment law risks and implementing best practices to motivate and support employees. Ellen received her B.A. in Government from University of San Francisco and her J.D. from Santa Clara University. On the weekends, you can find her in her garden.

Articles on Blue Avocado do not provide legal representation or legal advice and should not be used as a substitute for advice or legal counsel. Blue Avocado provides space for the nonprofit sector to express new ideas. Views represented in Blue Avocado do not necessarily express the opinion of the publication or its publisher.

22 thoughts on “Nonprofit Personnel Files — A Guide from Ask Rita

  1. Great overview. I have intended to review all of these files. The checklist will be a big help. On a related matter, what responsibilities does an employer have re HIPAA?

  2. So why shouldn’t notes and logs for a performance evaluation be kept? I can see the logic of keeping a separate complaint or investigation file, but you encourage the destruction of notes. If you have documented when an employee is excessively late or times you have had to discuss times you witnessed negative interactions with customers, poor money handling practices, etc., shouldn’t you have a log of the incidents to back up your evaluation in case the employee disputes your claims?

  3. Great article! I have one question … the article states that FACT “requires all employers to burn or shred all applicant or employees’ personal information.” When does that occur?

  4. Great questions deserve an answer, so I'll try and respond to the comments above: 1. Employers are not "medical providers" under HIPPA vis-a-vis their employees. (They may be a medical provider towards their clients and the medical records of their clients.) That said – all employee medical records in an employers' possession should be treated confidentially. 2. I recommend that supervisor notes should be used to create the annual evaluation, and if its important it should go in the evaluation – if its on ongoing issue that is not get "ripe" yet – then sure, keep the notes until you want to report the issue in an evaluation. However, if it is not important enough to go in an evaluation why should it be kept? 3. The Fair and Accurate Credit Transactions Act (FACT) does not require destruction at any particular time – it just requires that personal information covered by the law be maintained confidentiality, and that when a business decides to destroy it, it be shredded or burned. Regards, Rita

    1. HIPAA (not HIPPA) is a little more narrow, and actually only covers instances where health information is communicated electronically. Other statutes cover privacy in general. Thus, when there are electronic communications between employer and employee health benefit managers , then HIPAA is triggered (e.g., email or a web protal but interestingly, not fax!). As complicated as it sounds, all you need is a “Business Associate Agreement” between your organization and the benefits group (which is the Business Associate). This agreement essentially stipulates that the benefit group will ensure the tranmission is confidential, usually through encryption of some sort. Julie

  5. Under what NOT to keep, things the employee has never seen: is this a legal requirement that could expose a company to liability? Or is this just a good practice?

  6. This is very helpful — our personnel files are pretty complete, but I didn't know about separate files for I-9s, etc. or the required retention times. Leslie, Rainbow Community Center

  7. As a co-op employee does the chairman of the board have a right to take my personal file home without asking in the state of NV ?

    1. That depends on the rules of the co-op. This sort of thing is not typically addressed by the law, other than for the law to say that co-ops must follow their own charters.


  8. Is an employee legally allowed to request his/her personnel file after they have been terminated by an organization?

    1. The author of the article aslo suggests to check the website of Department of Labor or Labor Commissioner in the state th e question writer is located; they typically have resources that will answer this question for them.


  9. I didn’t see a response to the excellent question above…where would the ED’s evaluations typically be retained? If an HR assistant has access to the personnel files, it may not make sense for that to be retained with other personnel files.


      It would typically be in the personnel file.  The HR assistant has access to her own boss' evaluation, so the ED isn't really different. Alternatively, senior staff personnel files may be in a separate locked cabinet where the COO and the ED have access.


  10. In a non-profit organization does the chairman of the board have a right to take personnel files home for permanent storage?

    1. No one member of the Board has any right to control where the files of a nonprofit are stored. Personnel files obviously have confidential information and the full Board should establish the recordkeeping policies of the nonprofit.

Leave a Reply

Your email address will not be published. Required fields are marked *