Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise Services

Screening Employees in the Information Age

By Sue Stott, Jonathan Longino
Screening Employees in the Information Age
March 1, 2016

Many employees look good on paper and interview well, but employers understandably want access to a universe of public and not-so-public background information before making hiring, retention and promotion decisions. There is an impediment to obtaining the information in the form of a network of continually evolving laws, starting with the Fair Credit Reporting Act (“FCRA”) and its state-specific analogues. These laws impose very specific disclosure, authorization, and use requirements for the very information employers need to evaluate talent.

Recent case law and administrative decisions only complicate matters. What used to be standard and common inquiries about job candidates often trigger litigation in today’s world, including onerous class action litigation. Simple due diligence tasks like reviewing a candidate’s public social media postings or contacting job or “character” references can lead to a regulatory/legal headache.

This overview is intended help employers carefully ask the right questions when attempting to obtain the information needed to make a smart decision on hiring, retention and promotion. The initial question is whether the information the company seeks in the context of a pre-hire employment screen is covered by the FCRA and related laws. A basic roadmap follows.

 

Does the inquiry constitute a “consumer report” and trigger legal obligations?

Employers must tread carefully when obtaining employment-related reports that the FCRA labels as “consumer reports.” Consumer reports are often more than mere criminal history checks or credit reports. A consumer report is any report by a third-party agency “bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.”  15 U.S.C. § 1681a(d) (emphasis added)

This broad list covers nearly the entire universe of potential areas of interest to employers. It includes public records searches such as driving records, court and other criminal records, and professional licensing records. It also includes records that may require a special authorization for disclosure, such as educational records, medical records, military service records and credit reports. A consumer report also includes any sort of reference check, whether that means phoning or otherwise contacting the references provided by a candidate or conducting interviews of others who may know the candidate. It can also include accessing and reviewing social media postings.

In short, if you are asking a third party to gather information about a candidate – whether oral, written or electronic – then it is likely a “consumer report” governed by the FCRA.

 

What should a company do before conducting a background check?

Get it in writing, i.e. secure the candidate’s consent. Before obtaining a consumer report, an employer must: (1) clearly and conspicuously disclose its intent, and (2) obtain the individual’s authorization. This disclosure and authorization must be in a standalone document – it should not be part of an application, offer letter, or other document.  Note, employers can give additional disclosures, such as highlighting that an offer is contingent on a successful employment screen. However, elective enhanced notice does not replace the separate notice required by the FCRA.

If a candidate refuses to authorize the background check, then the employer cannot obtain or receive the consumer report. This does not mean, however, that employers must employ an individual who refuses to authorize a consumer report.

Employers should also make sure that the specific consumer report sought is appropriate for the position in light of state law. A number of states, including California, Illinois, Washington and others, only permit employers to obtain a credit report under very specific circumstances. Similarly, drug testing can constitute a consumer report, and different states have different requirements of permissible use.

 

What exactly needs to be disclosed?

A FCRA disclosure must state that a consumer report will be obtained, and indicate the right to request additional information regarding the consumer report and, in certain circumstances, a Summary of Rights.

Many consumer reporting agencies provide disclosure and authorization forms to employers. A catch-all disclosure is not however necessarily appropriate for every situation and many states have specific requirements that go beyond the FCRA. In some states including California, Minnesota and Oklahoma, the authorization form for a consumer report must have a specific box for the individual to request a copy of the report. Before using a prefabricated disclosure form, companies should have its counsel confirm that it complies with that state’s requirements.

 

What if the report turns up something negative?

So an employer goes through all the necessary steps, obtaining a consumer report for a proper purpose and which is pursuant to the proper disclosures and authorizations. Further caution is still required. Before any adverse employment action occurs based on the report, the individual is entitled to: (1) a pre-adverse action notice; (2) a copy of the report; and (3) a copy of the individual’s “Summary of Rights.” The individual must have a meaningful and timely opportunity to correct any inaccuracies in the report.

If adverse action is taken, such as termination or revocation of an offer, the employer must give an adverse action notice. This notice must include contact information for the consumer reporting agency that provided the information, a statement that the consumer reporting agency did not make the adverse employment decision, and a notice of the right to dispute the decision.

 

What not to do:

In addition to the FCRA and state analogues, there is a patchwork of other laws that should inform an employer’s use of background checks. If following best practices, employers generally should not:

  • Obtain reports from untrusted sources. Even if the organization does not identify itself as a consumer reporting agency, it might be doing the work of consumer reporting, namely, gathering or evaluating information about individuals. Extra care should be exercised when gathering information from unknown or unverifiable online repositories.
  • Ask employees to self-identify criminal history. More and more jurisdictions are banning early requests for criminal background. In some jurisdictions, including a number of larger cities, employers cannot even ask about arrest history except in limited circumstances. The requirements also vary by type of employer.
  • Seek protected data, such as medical data, genetic information or family status. If it is impermissible to ask for such information in an interview, it is likely impermissible to obtain it through a consumer report.
  • Penalize individuals for legal non-work activity, like using legal protections such as workers’ compensation, unemployment insurance or bankruptcy. Some states go further, prohibiting taking any action against an individual’s legal non-work activity – even if the employer finds that off-duty behavior distasteful.
  • Seek data that is too old. Consumer reports should not extend past the last 10 years.  Any other negative information more than seven years old (except criminal convictions) is also off limits. There are some exceptions to these limitations.
  • Maintain an automatic ban on employment for anyone with a criminal history. In light of noted demographic disparities in arrests and criminal convictions, automatic bans can be construed as having a discriminatory impact. For the same reason, varying requirements by geographic location (other than differing jurisdictional requirements) can lead to potential liability.
  • Rely on expunged convictions.
  • Randomly require background checks.  Inconsistency in the use of background checks invites claims of discrimination.
  • Simply toss old consumer reports that are no longer needed. There are special rules for disposing of a consumer report.

Background checks are heavily regulated and even unintentional mistakes can lead to liability exposure. Care must be taken to achieve compliance with all relevant laws any time an employer starts to investigate the background of a job candidate.

About the Authors: ·Sue Stott, a partner at Perkins Coie, counsels employers on litigation avoidance and legal compliance. In practice for more than 33 years, she is an experienced litigator representing employers and service recipients in employment, independent contractor, and general business disputes. Jonathan Longino, an associate at Perkins Coie, represents companies in all aspects of labor and employment law, focusing on defending companies in litigation, defusing high-risk situations before litigation begins and guiding companies in employee and contractor relations.

KEYWORDS: background check employee screening pre-employment screening

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sue stott

Sue Stott, a partner at Perkins Coie, counsels employers on litigation avoidance and legal compliance. In practice for more than 33 years, she is an experienced litigator representing employers and service recipients in employment, independent contractor, and general business disputes. 

Jonathan longino

Jonathan Longino, an associate at Perkins Coie, represents companies in all aspects of labor and employment law, focusing on defending companies in litigation, defusing high-risk situations before litigation begins and guiding companies in employee and contractor relations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • The University of Texas at Austin; social media monitoring, UT security, emergency communications, incident management, crisis communications

    The Evolution of Crisis Communications in the Social Media Age

    See More
  • cybersecurity-blog

    Protecting endpoints in the age of hybrid work environments

    See More
  • Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine

    Protecting VPNs from DDoS Attacks in the Age of Remote Work

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing