Many employees look good on paper and interview well, but employers understandably want access to a universe of public and not-so-public background information before making hiring, retention and promotion decisions. There is an impediment to obtaining the information in the form of a network of continually evolving laws, starting with the Fair Credit Reporting Act (“FCRA”) and its state-specific analogues. These laws impose very specific disclosure, authorization, and use requirements for the very information employers need to evaluate talent.

Recent case law and administrative decisions only complicate matters. What used to be standard and common inquiries about job candidates often trigger litigation in today’s world, including onerous class action litigation. Simple due diligence tasks like reviewing a candidate’s public social media postings or contacting job or “character” references can lead to a regulatory/legal headache.

This overview is intended help employers carefully ask the right questions when attempting to obtain the information needed to make a smart decision on hiring, retention and promotion. The initial question is whether the information the company seeks in the context of a pre-hire employment screen is covered by the FCRA and related laws. A basic roadmap follows.

Does the inquiry constitute a “consumer report” and trigger legal obligations?

Employers must tread carefully when obtaining employment-related reports that the FCRA labels as “consumer reports.” Consumer reports are often more than mere criminal history checks or credit reports. A consumer report is any report by a third-party agency “bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.”  15 U.S.C. § 1681a(d) (emphasis added)

This broad list covers nearly the entire universe of potential areas of interest to employers. It includes public records searches such as driving records, court and other criminal records, and professional licensing records. It also includes records that may require a special authorization for disclosure, such as educational records, medical records, military service records and credit reports. A consumer report also includes any sort of reference check, whether that means phoning or otherwise contacting the references provided by a candidate or conducting interviews of others who may know the candidate. It can also include accessing and reviewing social media postings.

In short, if you are asking a third party to gather information about a candidate – whether oral, written or electronic – then it is likely a “consumer report” governed by the FCRA.

What should a company do before conducting a background check?

Get it in writing, i.e. secure the candidate’s consent. Before obtaining a consumer report, an employer must: (1) clearly and conspicuously disclose its intent, and (2) obtain the individual’s authorization. This disclosure and authorization must be in a standalone document – it should not be part of an application, offer letter, or other document.  Note, employers can give additional disclosures, such as highlighting that an offer is contingent on a successful employment screen. However, elective enhanced notice does not replace the separate notice required by the FCRA.

If a candidate refuses to authorize the background check, then the employer cannot obtain or receive the consumer report. This does not mean, however, that employers must employ an individual who refuses to authorize a consumer report.

Employers should also make sure that the specific consumer report sought is appropriate for the position in light of state law. A number of states, including California, Illinois, Washington and others, only permit employers to obtain a credit report under very specific circumstances. Similarly, drug testing can constitute a consumer report, and different states have different requirements of permissible use.

What exactly needs to be disclosed?

A FCRA disclosure must state that a consumer report will be obtained, and indicate the right to request additional information regarding the consumer report and, in certain circumstances, a Summary of Rights.

Many consumer reporting agencies provide disclosure and authorization forms to employers. A catch-all disclosure is not however necessarily appropriate for every situation and many states have specific requirements that go beyond the FCRA. In some states including California, Minnesota and Oklahoma, the authorization form for a consumer report must have a specific box for the individual to request a copy of the report. Before using a prefabricated disclosure form, companies should have its counsel confirm that it complies with that state’s requirements.

What if the report turns up something negative?

So an employer goes through all the necessary steps, obtaining a consumer report for a proper purpose and which is pursuant to the proper disclosures and authorizations. Further caution is still required. Before any adverse employment action occurs based on the report, the individual is entitled to: (1) a pre-adverse action notice; (2) a copy of the report; and (3) a copy of the individual’s “Summary of Rights.” The individual must have a meaningful and timely opportunity to correct any inaccuracies in the report.

If adverse action is taken, such as termination or revocation of an offer, the employer must give an adverse action notice. This notice must include contact information for the consumer reporting agency that provided the information, a statement that the consumer reporting agency did not make the adverse employment decision, and a notice of the right to dispute the decision.

What not to do:

In addition to the FCRA and state analogues, there is a patchwork of other laws that should inform an employer’s use of background checks. If following best practices, employers generally should not:

• Obtain reports from untrusted sources. Even if the organization does not identify itself as a consumer reporting agency, it might be doing the work of consumer reporting, namely, gathering or evaluating information about individuals. Extra care should be exercised when gathering information from unknown or unverifiable online repositories.
• Ask employees to self-identify criminal history. More and more jurisdictions are banning early requests for criminal background. In some jurisdictions, including a number of larger cities, employers cannot even ask about arrest history except in limited circumstances. The requirements also vary by type of employer.
• Seek protected data, such as medical data, genetic information or family status. If it is impermissible to ask for such information in an interview, it is likely impermissible to obtain it through a consumer report.
• Penalize individuals for legal non-work activity, like using legal protections such as workers’ compensation, unemployment insurance or bankruptcy. Some states go further, prohibiting taking any action against an individual’s legal non-work activity – even if the employer finds that off-duty behavior distasteful.
• Seek data that is too old. Consumer reports should not extend past the last 10 years.  Any other negative information more than seven years old (except criminal convictions) is also off limits. There are some exceptions to these limitations.
• Maintain an automatic ban on employment for anyone with a criminal history. In light of noted demographic disparities in arrests and criminal convictions, automatic bans can be construed as having a discriminatory impact. For the same reason, varying requirements by geographic location (other than differing jurisdictional requirements) can lead to potential liability.
• Rely on expunged convictions.
• Randomly require background checks.  Inconsistency in the use of background checks invites claims of discrimination.
• Simply toss old consumer reports that are no longer needed. There are special rules for disposing of a consumer report.

Background checks are heavily regulated and even unintentional mistakes can lead to liability exposure. Care must be taken to achieve compliance with all relevant laws any time an employer starts to investigate the background of a job candidate.

About the Authors: ·Sue Stott, a partner at Perkins Coie, counsels employers on litigation avoidance and legal compliance. In practice for more than 33 years, she is an experienced litigator representing employers and service recipients in employment, independent contractor, and general business disputes. Jonathan Longino, an associate at Perkins Coie, represents companies in all aspects of labor and employment law, focusing on defending companies in litigation, defusing high-risk situations before litigation begins and guiding companies in employee and contractor relations.