Most human resources professionals would agree that compliance with the Fair Credit Reporting Act (FCRA) can be difficult. FCRA imposes a number of requirements on employers who choose to use an outside agency (or any third party) to carry out background checks on applicants or employees. The law also mandates very specific steps employers must take before carrying out an “adverse action” – like rejecting an application – based on “potentially disqualifying information” discovered through a third-party background check.
We find that a fair number of employers are covered by FCRA, and even some of the agencies that conduct background checks for employers, are not aware of the law’s requirements. That’s a problem, and it’s likely to be compounded by the fact that plaintiffs’ attorneys are increasing the number of FCRA-based legal actions filed against employers and agencies. Here are some recent, notable examples:
- Early last month, LinkedIn became one of the latest target of a FCRA compliance action. In a class action, the plaintiffs alleged that LinkedIn was operating like a credit reporting agency by publishing “references” on its website, and that it must implement safeguards to protect candidate information.
- This summer, Publix grocery stores paid $6.8 million to settle a class action brought by 90,633 plaintiffs, all job applicants. The plaintiffs alleged that Publix had not included proper disclosures about its background checks in its applications.
- Late last month, Dollar General agreed to pay $4 million to settle a class action that included allegations that the retailer did not properly notify 200,000 applications that a background check would be obtained.
Publix and Dollar General were sued for their alleged failure to comply with FCRA’s very technical requirements. Employers need to understand the technicalities of FCRA and insist that the agencies they use to perform background checks also fully understand, and will comply with, the law. Briefly stated, FCRA requires employers (and their agents) to do the following:
- Tell applicants or employees when background screening is required. FCRA specifies how and when notice must be given. (Quick reminder: Employers in many states and municipalities are prohibited from asking about convictions on applications, and these prohibitions apply to the employers’ agents, too.)
- Get authorization, using the appropriate form. In addition to FCRA, which requires that employers get authorization from an applicant or employee before conducting a background check, many states also have background check laws. Employers and agencies must make sure they obtain prior authorization in a manner that complies with all applicable laws.
- If a background check turns up negative information, give the applicant or employee notice before taking adverse action. FCRA requires this so that the applicant or employee has the opportunity to respond. Additional disclosures, including a copy of the report containing the negative information, are also required.
- If adverse action is taken because of negative information uncovered by a background check, even more disclosures are required, including copies of the report and the name of the agency that prepared the report, among other things.
Remember that the complexities of FCRA only apply to background checks performed for the employer by outside agencies or other third parties. If an employer elects to perform background checks in-house, FCRA is not a consideration – although other state laws may be.
Because of the added attention FCRA is getting, some commentators believe that FCRA is becoming the next FLSA. It’s worth noting that not only plaintiffs’ attorneys are bringing class actions, but the Federal Trade Commission and the Equal Employment Opportunity Commission are also paying attention.