Compliance Essentials: Navigating Legal Requirements for Background Screening

It’s simple: companies conduct pre-employment background screening to reduce risk. 

Background screening helps prospective employers spot poor culture fits, under-skilled candidates, dishonesty, and other threats during the hiring process—the traits that can cause a negative ripple effect (more like a tidal wave) throughout the business if hired. 

Making a bad hire can lead to lost productivity, clients, a damaged reputation, stolen company property (when 30% of business failures are directly related to employee theft), and sometimes even billion-dollar lawsuits. 

And, while background screening is the best way to reduce the financial, reputational, and operational risks associated with hiring, ironically, it also opens businesses up to a new kind of risk if mishandled: compliance risk.

Background Screening Compliance 101 

Employer-run background checks must comply with all federal, state, and local laws. Failure to observe these regulations can result in serious fines and expensive legal action. Key regulations govern when employers can conduct a background check, what level of detail they can pull, actions they can take based on results, and what to do with the information discovered. Most of these regulations are designed to prevent hiring discrimination and promote fairness, while others are simply to protect data privacy. 

If employers can manage background screening compliance risk efficiently and effectively, however, then they can unlock the complete power of a quality background screening program. It’s all about figuring out the maximum amount of screening data they can gather within the legal limits. Ultimately, it’s about hiring smarter. 

Read on to discover the laws and regulations that define those limits—and figure out how to navigate screening compliance to hire smarter. 

Key Compliance Considerations and Governing Bodies

From federal laws mandated at a national level to state and local laws, companies must consider all layers of compliance when setting up a comprehensive background screening program. Regulations from the Federal Trade Commission, individual U.S. states, and jurisdictions dictate when employers can access and act on a job applicant’s personal information. 

Here’s what you need to know about each governing body, the employment laws and guidelines they enforce, and how to stay compliant (plus some real-life examples of companies that failed to do so). 

Fair Credit Reporting Act (and Adverse Action)

Mandated by the Federal Trade Commission (FTC), the Federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. 

The FCRA governs how consumer reporting agencies—and the institutions that use their data—handle and protect consumer data. In the context of employment, the FCRA dictates how employers can use credit reports, criminal history reports, driving records, drug tests, and other relevant reports created by a professional background screening service, particularly when it comes to taking adverse action on a candidate based on the findings in those reports. 

High-Profile FCRA Violations

The following FCRA violation examples show just how costly this type of litigation can be and why it’s important to stay FCRA compliant: 

• 2019 – 7-Eleven paid $1.9 million to settle FCRA claims.
• 2019 – Delta Airlines paid $2.3 million to settle FCRA claims.
• 2018 – Frito Lay paid $2.4 million to settle FCRA claims.

Tips for Staying FCRA Compliant 

Based on the tenets of the Fair Credit Reporting Act, employers should take the following steps to mitigate compliance risks when conducting background checks: 

1. Disclose that a background check is required upfront. Employers must give applicants a heads-up—in the form of a written notice—of their intent to complete a background check. 
2. Obtain consent to perform a background check. Once an applicant has received and reviewed the written notice, employers must obtain the candidate’s written, signed consent to complete the background check. 
3. Inform the CRA of obtained consent. Employers must certify they’ve obtained written consent and that they will not misuse any information received in the report.
4. Provide applicants with pre-adverse action notice. If an employer decides to eliminate a candidate from the running based on information received in a CRA background check, they must provide the applicant with a pre-adverse action notice, a copy of the background check report, a notice of their rights under the FCRA, and “a reasonable amount of time” (five business days) to dispute any of the information in the check before the employer can make a final employment decision. 
5. Provide applicants with a final notice of adverse action. After the pre-adverse action process, the employer can make a final decision. This notice must include the name, phone number, and address of the CRA that completed the report, language around the fact that candidates have the opportunity to dispute the results, and confirmation that the CRA did not make the employment decision.
6. Partner with a professional. Look for a professional background screening service backed by experts proficient in FCRA compliance. 

Ban-the-Box Legislation 

Ban-the-Box is a national movement aimed at eliminating the checkbox on job applications that asks applicants if they have a criminal record. The purpose: to provide individuals with criminal histories a fair chance at obtaining employment by delaying inquiries into their criminal background until later stages of the hiring process.

Ban-the-box varies from state to state and from one jurisdiction to another, and it may apply differently to private employers, public employers, or both. 

High-Profile Ban-the-Box Violations

Below are some real-world examples of companies that got caught ignoring ban-the-box legislation (along with the associated price tag):

• 2022 – Instacart paid $87,500 to settle Ban-The-Box violations. 
• 2017 – Yelp paid $30,000 to settle Ban-The-Box violations. 
• 2016 – Marshall’s paid $95,000 to settle Ban-The-Box violations. 

Tips for Staying Compliant with Ban-the-Box Laws

Consider the following to stay compliant while conducting background checks and making hiring decisions: 

1. Find applicable laws. Ban-the-Box laws are not uniform across jurisdictions, and they may have different names or variations in their requirements. Some common features of Ban-the-Box legislation include the timing of criminal background inquiry, individualized assessment to go beyond a criminal background report, and exemptions. In most states, Ban-the-Box is specific to public employers, while fewer states require private employers to comply with Ban-the-Box. Employers can check with their state Department of Labor Office or Attorney General to be sure. 
2. Run an internal audit. Employers should evaluate all forms, interview questions, policies, and procedures to see if they’re compliant with the specific legislation in their area. 
3. Adjust internal policies and procedures. Ensure that all hiring processes are in line with local Ban-the-Box laws. This might look like delaying the inquiry into an applicant’s criminal history until later in the hiring process or eliminating the inquiry from the process altogether if legislation requires it. 
4. Conduct individualized assessments. In some states, when an employer discovers criminal history, they must go beyond the report to consider the nature of the offense, its relevance to the job, the time that has passed since the conviction, and evidence of rehabilitation before making any employment decisions.
5. Partner with a professional. Find a comprehensive background screening service that can provide guidance for navigating complex state and local legislation. 

Other Compliance Considerations: Social Media, Data Security, and Shifting Laws 

While legislation is the core governing body employers must worry about when navigating background checks and compliance, other factors must be considered. 

Social Media 

Today, upwards of 70% of employers are conducting social media checks to get a better look into a candidate’s true character. Social media searches help employers spot red flags (i.e. hate speech that might not come up during the interview process) and get insights into how an applicant could impact the company through what they say online. But, by looking at an applicant’s social media, employers expose themselves to potential FCRA violations, discrimination suits, and state legal action. Businesses must ensure that their social media screenings are in line with FCRA and other guidelines to lawfully and legally take advantage of social media screening services.

Data Security

Employers collect significant amounts of private, sensitive information when screening new candidates (social security numbers, addresses, driver’s license numbers, and more). Primarily stored digitally, protecting this data can be a challenge––but protecting it (the right way) is the key to staying compliant. For most companies, staying compliant will mean adhering to FCRA and state guidelines about how and when data should be collected, stored, and disposed of for maximum security. 

Shifting Laws and Regulations

Some states and jurisdictions are expanding existing laws designed to make hiring more fair, and some are moving in the opposite direction. Laws affecting background checks are always changing like this, resulting in major compliance risks for companies that conduct regular background screening on candidates. Some employers are hiring compliance specialists to keep up and protect the organization, but most are providing HR teams with continuous training and partnering up with reputable background screening services to help them manage the evolving compliance landscape.  

The Best Way to Mitigate Compliance Risk

There’s a lot to keep track of when it comes to employment screening compliance–from adhering to adverse action procedures to storing records appropriately to keeping up with changing laws around background checks. 

The most cost-effective way to manage those tasks is by switching to a reliable screening partner that focuses on compliance with the FCRA and other state and local laws, provides more accurate and current information, and offers faster turnaround times.