Personnel File Laws: State Requirements, Access Rights & Compliance (2026 Guide)
Personnel file laws govern what must be kept in employee records, who can access them, and employee rights to review their files. Learn state-by-state requirements, what to include and exclude, retention rules, inspection rights, and compliance best practices for 2026.
Employee requests her personnel file. You’re seven days late—violating Connecticut law. Worse, the file contains medical records that should’ve been separated, violating ADA privacy. Now you’re facing injunctive relief, attorney’s fees, and potential discrimination claims.
26+ states grant employees statutory rights to inspect files within 5-30 days. Federal law mandates separate files for I-9 forms (ICE audits) and medical records (ADA/FMLA). Mix them? You risk $281-$2,789 per I-9 violation (2024 rates), ADA penalties, and evidence problems in wrongful termination lawsuits.
Can You See Your Personnel File?
26+ states legally require access. California (30 days), Massachusetts (5 days), Michigan (reasonable time), Illinois (7 days).
In Texas, Florida, Georgia, and 20+ others? No legal right. Employer can refuse (though many allow as best practice).
💡 Quick Answer
Employees in access-right states: Request in writing. Employer must respond within 5-30 days. You can review during business hours, take notes, usually get copies.
Employers: Know your state’s deadline. Separate I-9s and medical records. Mixing = federal violations.
What Documents MUST Be Separated in All States?
I-9 Forms – Separate File Required
Law: Immigration Reform and Control Act
- Must be separate from personnel files
- All employees complete within 3 days of hire
- Retain 3 years after hire OR 1 year after termination (whichever later)
- Why: ICE audits require I-9s without accessing other employee info
- Penalties: $281-$2,789 per form for paperwork violations (2024 rates)
Medical Records – Confidential File Required
Laws: ADA, FMLA, HIPAA
- Must be separate, stored in locked, confidential files
- Access limited to need-to-know (HR, benefits, legal)
What belongs in medical files: ADA accommodations, FMLA certifications, workers’ comp, drug tests, health insurance with medical info, doctor’s notes, disability records.
Penalties: ADA violations, FMLA interference claims, HIPAA penalties
FLSA Records: Payroll (3 years), time cards (2 years). Can be in personnel or payroll file.
EEO Records: Employers with 100+ (50+ federal contractors) maintain EEO-1 reports. Hiring records (1 year), personnel records (1 year after termination).
OSHA Records: OSHA 300 logs (5 years), exposure/medical surveillance (30 years). Keep separate unless specific to individual work history.
What Are the State Personnel File Access Laws?
States Requiring Employee Access [🔒 Know Your State]
California: Labor Code §§ 1198.5, 432. Inspect and copy within 30 days. Former employees retain rights. Penalties: injunctive relief, attorney’s fees.
Connecticut: § 31-128b. Inspect within 7 business days. Can insert rebuttals.
Delaware: Title 19, § 730–735. Inspect within 30 days. Maintain 2 years after termination.
Illinois: 820 ILCS 40. Inspect twice per year within 7 working days.
Maine: Title 26, § 631. Review within 10 days.
Massachusetts: Chapter 149, § 52C. Inspect within 5 business days (7 remote).
Michigan: § 423.501–.505. Review within reasonable time, at least twice per year.
Minnesota: § 181.960–.966. Inspect within 7 working days (14 remote). Former employees retain rights for 1 year.
Nevada, New Hampshire, Oregon, Pennsylvania, Rhode Island, Washington, Wisconsin: Various access requirements. Check specific state statute.
Other states with access laws: Alaska, Arizona (public sector), Iowa (limited).
⚠️ Multi-State Compliance
If you operate in multiple states, create a personnel file access policy that meets the strictest state requirements (e.g., California’s 30-day timeframe, Massachusetts’ 5-day requirement). This ensures compliance everywhere and simplifies administration.
States Without Statutory Employee Access Rights
States with no specific personnel file access law include:
- Alabama, Arkansas, Florida, Georgia, Indiana, Kansas, Kentucky, Louisiana, Mississippi, Missouri, Montana, Nebraska, New Jersey, New Mexico, New York (private sector), North Carolina, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wyoming
Note: Even without statutory requirements, many employers grant access as a best practice, and employees may have access rights under collective bargaining agreements, company policy, or common law.
What Should Be Included in Personnel Files?
✅ Standard Personnel File Contents
Hiring and onboarding documents:
- Job application and resume
- Offer letter and employment contract
- Job description
- Background check authorization (results in separate file)
- Non-disclosure and non-compete agreements
- Employee handbook acknowledgment
- Emergency contact information
Compensation and benefits:
- Salary history and pay change documentation
- Promotion records
- Benefit enrollment forms (non-medical)
- Tax withholding forms (W-4, state equivalents)
Performance and development:
- Performance reviews and evaluations
- Training records and certifications
- Awards and recognition
- Goals and development plans
Attendance and leave:
- Attendance records (non-medical absences)
- Vacation and PTO accrual
- General leave requests (not FMLA or medical)
Disciplinary and corrective action:
- Written warnings
- Performance improvement plans
- Disciplinary notices
- Suspension or termination documentation
Employment changes:
- Transfers and reassignments
- Department or role changes
- Termination or resignation letter
- Exit interview notes
Miscellaneous:
- Timesheets (or payroll file)
- Signed policies and acknowledgments
- Professional licenses or certifications
❌ What NOT to Include in Personnel Files
Keep these in SEPARATE files:
Medical file (confidential, locked):
- I-9 forms
- ADA accommodation requests
- FMLA certifications
- Workers’ comp documentation
- Doctor’s notes and medical certifications
- Disability records
- Drug test results
- Health-related absence documentation
I-9 file (separate, accessible for ICE audits):
- All I-9 forms for current and former employees (per retention schedule)
Confidential investigation file:
- Sexual harassment investigations
- Discrimination complaints
- Whistleblower reports
- Internal investigation notes
- Witness statements
Payroll file (or secure HR file):
- Social Security numbers
- Bank account information
- Garnishment orders
- Detailed payroll records
Background check file (separate):
- Credit reports
- Criminal background checks
- Reference check notes
Why separate? Legal requirements (I-9, ADA, FMLA), privacy protections, limiting disclosure in litigation, and controlling access to sensitive information.
What Are the Personnel File Retention Requirements?
Retention periods vary by document type and applicable law. When in doubt, retain longer.
| Document Type | Minimum Retention Period | Reason |
|---|---|---|
| Job applications (hired) | 1 year after termination | EEOC |
| Job applications (not hired) | 1 year from rejection | EEOC |
| I-9 forms | 3 years from hire OR 1 year after termination (whichever is later) | IRCA |
| Payroll records | 3 years | FLSA |
| Time cards/timesheets | 2 years | FLSA |
| Performance reviews | Duration of employment + 1–3 years | Best practice, potential litigation |
| Disciplinary records | Duration of employment + 1–3 years | Litigation defense |
| Medical records (ADA, FMLA) | Duration of employment + 3 years | ADA, FMLA |
| Termination records | 1–7 years (state-dependent) | Litigation statute of limitations |
| OSHA injury logs | 5 years | OSHA |
| EEO-1 reports | 1 year | EEOC |
| Benefits enrollment | Duration of employment + 6 years | ERISA |
State-specific retention: Some states require longer retention (e.g., California wage statements for 3 years). Always comply with the longest applicable requirement.
💡 Pro Tip
Adopt a standard retention policy: Retain all personnel files for 7 years after termination to cover most statutes of limitations, federal requirements, and state variations. This simplifies compliance and protects you in litigation.
How Do You Handle Employee Requests to Inspect Files?
Step-by-Step Process
1. Receive written request (some states require written requests; best practice everywhere)
2. Verify identity and employment status
- Confirm current or former employee
- Check state law for former employee rights
3. Check your state’s deadline
- California: 30 days
- Illinois: 7 working days
- Massachusetts: 5 business days
- Etc.
4. Prepare the file
- Remove documents not subject to inspection (investigative materials, references, trade secrets)
- Ensure medical and I-9 records are not included
- Organize documents clearly
5. Schedule inspection
- During business hours
- At or near employee’s work location (or mutually agreed location)
- Supervise inspection to prevent removal or alteration
6. Provide copies if requested
- Check state law—some require free copies, others allow reasonable fees
- Redact Social Security numbers and other sensitive data not required to be disclosed
7. Document the inspection
- Log date, time, and documents reviewed or copied
- Have employee sign acknowledgment (optional but recommended)
8. Address disputes
- If employee disputes accuracy, allow insertion of rebuttal statement (required in some states)
- Investigate and correct genuine errors
What Employees Can and Cannot Do
Can:
- Review employment-related documents in the personnel file
- Take notes
- Request copies (in states requiring it)
- Insert rebuttals or explanations (in some states)
Cannot:
- Remove or alter documents
- Access confidential investigations or third-party references
- Review medical records mixed in personnel files (employer must separate these)
- Demand access outside reasonable times or procedures
What Are the Best Practices for Personnel File Management?
Maintain separate files: Personnel file (employment, performance, pay); Medical file (ADA, FMLA, workers’ comp); I-9 file (only I-9 forms); Confidential/investigation file (harassment complaints, investigations).
Implement consistent record-keeping: Standardize organization, naming, and storage. Use checklists for new hire documents.
Limit access: HR full access; managers need-to-know only; locked cabinets for paper; access logs for digital.
Digitize when possible: Better security, easier compliance, space savings, searchability, remote access.
Train HR and managers: What goes where, access requirements, handling requests, confidentiality.
Conduct regular audits: Check completeness, separation of medical/I-9, retention compliance, proper access restrictions.
Develop written policies: Cover file contents, access procedures, retention schedules, security measures.
What Are Common Personnel File Mistakes to Avoid?
Mixing medical records with personnel files: Violates ADA, FMLA. Solution: Separate, locked medical files.
Keeping I-9s in personnel files: ICE audits violate privacy. Solution: Separate I-9 file.
Denying or delaying employee access: Violates state law. Solution: Know requirements, respond promptly.
Destroying records too soon: Loses litigation evidence. Solution: Follow retention schedules, implement litigation holds.
Allowing unrestricted manager access: Exposes confidential information. Solution: Need-to-know access only.
Inconsistent documentation: Undermines performance/discipline defenses. Solution: Document consistently for all employees.
Not updating files: Outdated info, missing reviews. Solution: Regular audits and update reminders.
How Are Personnel Files Used in Litigation?
Personnel files document performance, discipline, pay, and decisions—critical evidence in wrongful termination, discrimination, and wage cases. Opposing counsel will request files; gaps or inconsistencies hurt your case. Well-maintained files demonstrate fairness; poor records suggest bias.
Best practices: Implement litigation holds immediately when litigation is anticipated; redact SSNs and privileged information before production; organize clearly; never alter files post-hoc.
What’s the Bottom Line?
Personnel file laws govern what must be kept in employee records, who can access them, employee inspection rights, and retention requirements. State laws vary significantly—26+ states grant employees statutory access rights, often within 5–30 days of request.
Key points:
- Federal law requires separation of I-9 forms and medical records from general personnel files
- Many states grant employees the right to inspect personnel files; timelines and procedures vary by state
- Personnel files should include hiring, performance, compensation, and disciplinary documents; medical records, I-9s, and confidential investigations must be kept separately
- Retention periods vary: I-9s for 3 years/1 year post-termination, payroll for 3 years, EEOC records for 1 year post-termination
- Best practices include maintaining separate files (personnel, medical, I-9, investigations), digitizing for efficiency, limiting access, training staff, and conducting regular audits
- Proper personnel file management protects against litigation, ensures compliance, and supports fair employment practices
Employers should know their state-specific requirements and implement consistent, compliant record-keeping practices.
Looking for tools to streamline employee record management? ShiftFlow’s digital timesheets maintain accurate work history, time tracking creates comprehensive employment records, and workforce insights help you track document retention and audit readiness.
Sources
- U.S. Equal Employment Opportunity Commission – Recordkeeping
- U.S. Department of Labor – FLSA Recordkeeping
- Society for Human Resource Management – Employment Law Compliance
- State Labor Agencies – Various state personnel file access statutes and requirements
Further Reading
- Compliance Management System – Building an HR compliance framework
- Compliance Training – Training on record-keeping requirements
- Independent Contractor Laws – Worker classification and documentation
Frequently Asked Questions
What is a personnel file?
A personnel file is an official record containing employment-related documents for an individual employee, including hiring paperwork, job descriptions, performance reviews, disciplinary records, wage and hour information, training records, and other work-related documentation. Personnel files help employers track employee history and ensure compliance with employment laws.
Do employees have the right to see their personnel file?
It depends on the state. Many states including California, Oregon, Pennsylvania, Michigan, and others grant employees the legal right to inspect and copy their personnel files. Some states require access within specific timeframes and at reasonable times. Other states have no statutory requirement but may allow access as a best practice. Employers should know their state-specific obligations.
What should not be kept in a personnel file?
Do not include: I-9 forms (separate file required), medical records and ADA accommodation requests (separate confidential medical file), background checks and investigative reports (separate file), FMLA documentation (medical file), workers’ compensation claims (separate file), union organizing materials, or sensitive notes unrelated to job performance. Keep separate files for medical, I-9, and confidential investigations to comply with legal requirements and protect privacy.
How long must personnel files be kept after termination?
Retention periods vary by record type. Federal requirements: I-9s for 1 year post-termination (or 3 years from hire, whichever later), payroll 3 years, EEO records 1 year post-termination. Many employers adopt a 7-year retention policy to cover most requirements and statutes of limitations.
Can managers access employee personnel files?
Manager access should be limited to a need-to-know basis. Managers may need to review performance documentation, disciplinary records, or job descriptions for employees they supervise, but they should not have unrestricted access to full personnel files. Medical files, I-9 forms, and confidential investigation files must be restricted to HR and compliance personnel. Implement role-based access controls and train managers on confidentiality.
What happens if an employer denies an employee access to their file in a state that requires it?
In theory, employers face injunctive relief, civil liability, and attorney’s fees. In practice, enforcement is weak: Most states lack specific monetary penalties, employees must hire private attorneys to compel access (often costing more than the benefit gained), and courts rarely award significant damages for file access denial alone unless tied to other claims like wrongful termination. Injunctive relief typically just forces the employer to provide access without additional compensation. Many violations go unenforced because pursuing legal action is economically impractical for employees. Denying access damages trust and may trigger retaliation claims if the employee later files other complaints.
Should personnel files be paper or electronic?
Both are acceptable. Electronic files offer easier compliance, better security, space savings, searchability, and backup. Regardless of format, files must be organized, secure, accessible to those with rights, and compliant with retention schedules.
What should I do if I find medical records in a personnel file?
Immediately remove and place in a separate, confidential medical file with restricted access. Audit all files to correct similar issues. Train HR staff on proper separation. If medical info was improperly accessed, consult legal counsel on potential liability.
