If your company gets background information on prospective employees, it’s likely you’re covered by the Fair Credit Reporting Act. Before you get a background screening report, the law requires that you make certain disclosures and get a prospective employee’s authorization. Is it time for a FCRA compliance check?
Background screening reports are “consumer reports” under the FCRA when they serve as a factor in determining a person’s eligibility for employment, housing, credit, insurance, or other purposes and they include information “bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.”
If your company uses background screening reports to make hiring decisions, here are some steps the FCRA requires you to take:
- Before you get a background screening report about a prospective employee, disclose to the person that you intend to get the report and then get their written authorization allowing you to do that.
- If the background screening report reveals something that may cause you to decide not to hire the person, you must notify them of the results of the report and provide them with a copy. Next, you have to give them sufficient time to review the report so they can challenge any elements that might be incorrect.
- If you ultimately decide not to hire someone based in whole or in part on the contents of a background screening report, you must provide a notice to that person that states they weren’t hired due at least in part to the result of the background screening report.
Companies often ask how to make the required initial disclosure before they obtain the background screening report and get the prospective employee’s authorization. It’s easier than you might imagine. Under the FCRA, you must provide the prospective employee with a clear and conspicuous written disclosure that you plan to get a background screening report about them and you must get the person’s written authorization that gives you their permission to compile the report. It’s OK to put the required disclosure and your request for their authorization in one document. Just be sure to use clear wording that the prospective employee will understand.
Some companies trip themselves up by using complicated legal jargon or adding extra acknowledgements or waivers. Here are some examples of the kind of things that shouldn’t be in this simple document:
- Don’t include language that claims to release you from liability for conducting, obtaining, or using the background screening report.
- Don’t include a certification by the prospective employee that all information in his or her job application is accurate.
- Delete any wording that purports to require the prospective employee to acknowledge that your hiring decisions are based on legitimate non-discriminatory reasons.
- Get rid of overly broad authorizations that permit the release of information that the FCRA doesn’t allow to be included in a background screening report – for example, bankruptcies that are more than 10 years old.
That extra stuff not only makes it harder for the prospective employee to understand the main purpose of the document, but it also may violate the FCRA. Adding other acknowledgements or releases of liability is beyond the scope of what the FCRA permits in this document. If you have additional waivers, authorizations, or disclosures you want to give to prospective employees, do it in a separate document. Don’t include them in the FCRA disclosure and authorization document.
It boils down to this: Complying with the FCRA’s disclosure requirement for the use of background screening reports is easy. You can do it in a few sentences. Just include a simple, easy-to-understand notification that you will obtain a background screening report, perhaps with a simple explanation of what information will be included in the report. The request for the prospective employee’s authorization should be in plain language, too.
That’s it. Nothing else is required – and nothing else is permitted by the FCRA.
Keep it simple. It’s not just a good idea. It’s the law.
(This post was updated on May 3, 2017, to clarify that it concerns required initial disclosures before companies obtain background screening reports.)
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
In reply to The article states, "It’s OK by Dave Klotz
Here is a response from the author David Lincicum: “Although Section 604(b)(2)(a)(1) does state that the initial disclosure must consist solely of the initial disclosure, Section 604(b)(2)(a)(ii) goes on to allow the authorization to be included in the same document as the disclosure.”