If you are a general counsel, the topic of background checks may cross your desk. This can occur when an employer contracts with a background screening provider, also called a Consumer Reporting Agency (CRA). You may be asked to review the agreement and forms. You may also be asked to audit a screening and hiring program for legal compliance, as well as whether it affords sufficient due diligence. You may need to deal with an issue immediately, such as a candidate with a criminal record, an act of dishonesty or violence, or even a threatened lawsuit for negligent hiring.
Background screening is subject to legislation, litigation and regulation. Here are 15 things general counsel need to know about background checks:
- • When counsel reviews an agreement between an employer and a CRA, there will typically be boilerplate about background checks and the responsibilities of the parties under the Fair Credit Reporting Act (FCRA). Counsel should communicate with the CRA to review which language is considered mandatory under the FCRA before suggesting changes.
- • Class action lawsuits against employers for alleged violations of the FCRA have skyrocketed, many based upon allegations of technical violations of the forms used to initiate a background report. For example, the FCRA requires that an applicant receive a “standalone” disclosure form that a background check will be run. You should make sure the forms are “standalone.”
- • Although background checks have a high rate of accuracy, the process can never be perfect. Information obtained by a CRA comes from third parties, and a CRA cannot agree to terms making them responsible for the accuracy of data. The FCRA requires a CRA to use “reasonable procedures for maximum possible accuracy.”
- • You may be tempted to broaden the liability language in the event a new hire turns out to be a bad decision. However, a CRA does not make hiring decisions, and a background check occurs after the employer has made the decision to hire. Any attempt to impose strict liability, consequential damage or punitive damages is not likely to be accepted by a bona fide screening firm.
- • Most employers want the hiring process to proceed swiftly. You may request a Service Level Agreement requiring a specific turnaround time for a service. The problem is that turnaround times can depend on third parties. The only realistic agreement a CRA can provide is that its own internal processes will not delay a result.
- • You should require a CRA to be accredited by the Professional Background Screening Association to demonstrate that it adheres to best practices and undergoes a rigorous onsite audit. There are also advantages to CRAs having a nationally accepted data privacy certification.
- • There are federal, state and local rules regulating legal and non-discriminatory use of criminal records, and “Ban the Box” (or Fair Chance) laws prohibiting premature queries about criminal history. Fair Chance hiring laws and the 2012 EEOC Guidance affirm that the automatic use of criminal records without further inquiry can create a disparate discriminatory impact.
- • You should consider whether a CRA understands legal regulations associated with various searches. For example, several states have enacted laws on the use of employment credit reports or social media. A CRA cannot give legal advice but should understand generally accepted industry practices.
- • Certain aspects of screening client agreements are required by third parties. For example, credit bureaus will not provide employment credit reports without an onsite inspection for the business.
- • You should ensure that the hiring process is legally compliant and promotes due diligence. By using best practices before the background check, employers can minimize the risk of hiring an applicant who is unqualified, dishonest or dangerous. In the event an employer is sued for negligent hiring, a plaintiff’s attorney will examine the employer’s entire hiring practices.
- • One of the most critical areas for a general counsel to review is data and privacy protection. Well-publicized data breaches and new privacy legislation make it imperative that an employer be protected when it comes to using a CRA that has access to the personally identifiable information of subjects. A CRA must comply with strict data and privacy protection standards.
- • General counsel should review international background checks if that is an issue. In 2018, the General Data Protection Regulation (GDPR) took effect in the EU, and domestic CRAs must therefore incorporate fully compliant GDPR policies, procedures and technologies to help U.S. employers screen EU residents. A great deal of expertise is needed since the rest of the world is different than the U.S.
- • Although “continuous screening” or periodic re-screening sounds good in theory, you should ask questions to ensure the program is effective, fair and legal. This tool may contribute to due diligence, but make sure the program does not create more problems than it solves.
- • Another issue is how to treat workers who are on-premises or being supervised but are paid by a third party, such as a staffing firm. Many companies require third-party workers to be screened the same as full-time employees. It is also important to ensure FCRA and EEOC obligations are fulfilled.
Background screening rules, laws and regulations are always changing. Many CRAs will need to make changes in real time. General counsel should be prepared to agree that a CRA can rapidly adopt those changes without formal notice under any agreement, since these changes do not impact business terms and conditions.
Lester S. Rosen is founder and CEO of Employment Screening Resources®, a global background screening company. He is the author of The Safe Hiring Manual (3rd ed., 2017), served as the chairperson of the steering committee that founded the Professional Background Screening Association and was its first co-chair.