Establishing Clear Guidelines for Keeping Up With Background Check Compliance and Legislation Changes

By Michael Klazema | 06/12/2023

Employers of all kinds face several challenges in the human resources department. Managing active employees and directing their work effectively is just one of those. More fundamentally, hiring individuals who are the right fit for the company is an ongoing issue that requires consistent investments. Adding to the complexity is the need to carefully observe background check compliance—and legislation on the subject that often changes the rules.

Understanding background check regulation is only one part of the picture. Knowing how to use these important tools in a fair manner is essential for protecting your business, both in reputation and against litigation. Violating the rules or acting unfairly could cause real harm to a business. How can you be assured that your processes are lawful? Let's explore.

The Federal and State Laws You Need to Know

Crafting a lawful policy begins with understanding the laws you'll need to obey along the way. This includes both broad federal regulation and more localized background check legislation. We have in-depth Learning Center articles on each of these topics you can use to deepen your understanding as you build your policy. In short, you should be aware of the following types of obligations:

  • The Fair Credit Reporting Act, regulates background checks as a form of consumer reporting. This act requires gathering consent, providing standalone disclosures and following an adverse action process.
  • Title VII of the Civil Rights Act, which prohibits discrimination based on a range of protected classes.
  • Equal Employment Opportunity Commission (EEOC) guidelines for using background checks fairly. The EEOC also published rules, clarifications and recommendations on all hiring-related legislation.
  • "Ban the box," "second chance," or "Fair Chance" background check legislation at the state, local and federal levels. Depending on the situation, you may need to delay background checks until later in the hiring workflow. You may also face a range of restrictions on how and what you may consider. These rules can vary significantly from state to state and even city to city—so research your local area.
  • Drug testing restrictions, as some areas have begun to make it illegal to test for or consider marijuana use during hiring.

Each of these elements requires careful research to develop an understanding you can use to craft a fully lawful policy.

Building a Written Policy for Background Check Compliance

With many stages to the process, it is all too easy to deviate from best practices and enter legally perilous ground. It is best to create a written policy that fully defines all aspects of your process to keep your hiring managers on the right track. Explore this quick overview of what such a background check policy should include.

Purpose and Scope

Explain the purpose of using background checks in your business by answering questions such as "what is our goal?" and "why do we need to maintain a safe environment?" Define who is subject to your policy; for example, you may not always screen only new applicants. Establish when current employees may need to undergo screening and decide whether you will use ongoing monitoring services. Think of this like you would your brand's "mission statement."

The Types of Checks You'll Use

Next, specify the types of background checks you will use. You should include all the different types of vetting and verification you may use—not just background checks. Each approach has its merits and can reveal important information about applicants. Most often, you'll list checks such as:

Keep this section up to date. For example, if you choose to begin screening social media or credit reports for certain positions where legally allowed, you should list them here.

What Information You'll Collect

Explain what you must collect from applicants, including their signed consent forms. Personal information, including full name, date of birth, address, driver's license information and other data is important for completing these checks. However, you usually do not need to collect Social Security numbers. These are not associated with criminal records.

Your Procedure for Collecting That Information

Define how you will request information from an applicant, such as through an electronic system or in writing. Establish procedures for digitally securing that information from prying eyes. Set time limits on how long you'll keep that information.

How You'll Achieve Compliance and Communicate With Applicants

Establish guidelines for ensuring your policies comply with local, state and federal law, including a periodic review to ensure you remain in compliance. Set boundaries for applicant communication. Explain how you will inform applicants about the process.

How You'll Adjudicate Information

What is disqualifying for one business may not be for another. You cannot create a policy that issues blanket denials to all individuals with a criminal record. However, you can choose to create a "decision matrix" to use in conjunction with an individual assessment. Deciding what level of crime is disqualifying for what type of position is something only you can choose. Create a guide for making consistent adjudications across the board.

Your Adverse Action Plan

Explain how you will communicate with applicants if they fail their background check. See more on taking adverse action below.

Use Your Policy Consistently and Fairly

No one should be exempt from your background check policy. Likewise, you should not single out individuals for vetting when you do not apply the same rules to others. However, you may choose to use more stringent background checks for higher-level and more sensitive positions. In general, your goal should be to be consistent. If one high-level associate must go through a rigorous background check, so too must anyone else seeking that position—now or in the future.

To do otherwise is to create a potential appearance of impropriety or favoritism. It could even lead to accusations of discrimination—even if you're following the letter of the law for background check compliance otherwise. To be as fair as possible is to be as consistent as possible; you can't cut corners or favor one applicant over another in the way that you vet candidates.

Protecting Your Applicant's Data During Vetting and Hiring

Running a background check requires gathering a range of personal information from an individual. This could include their home address, past places of residence, driver's license number, date of birth and more. All this personally identifiable information, or PII, could be used to cause harm if it falls into the wrong hands. Protecting your applicants and preventing identity theft should be an important part of your considerations, even if they don't have anything strictly to do with FCRA or EEOC compliance.

Define how long you will hold on to applicant records and create a procedure for destroying the information after a period of time, especially if you take adverse action. Use secure computer systems protected by strong passwords and, when possible, use encryption to protect applicant and employee records.

What to Do if You Plan to Take Adverse Action

In order to maintain FCRA compliance with your background check, you must follow a specific procedure if you want to deny a job based on the results of your vetting. Skipping the following procedure can open the door to lawsuits and other enforcement action—so take care to understand this process thoroughly. In brief, here is what the FCRA says you must do:

  • Upon deciding to take adverse action, you must issue a written pre-adverse action notice to the individual. In doing so, you must also transmit a copy of the background report you used and a boilerplate statement of the individual's rights under the FCRA.
  • You should wait for the applicant to respond with any clarifying information or corrections to the report you used. Generally, five business days is the choice made by the average business. Moving too quickly could put you at risk of violating the law.
  • If any additional information changes your mind, proceed with the hiring process as planned.
  • If the applicant does not provide sufficient reason to change your mind or does not respond in the waiting period, you must issue a final adverse action letter. You must clarify that this was your decision, not the reporting agency's and provide the agency's contact information. Let denied applicants know they may request a new copy of their report within two months (60 days). 

You may then move on to other applicants.

Building Better Policies Means Safer Hiring and Fewer Problems

You equip your business with a potent tool by following the steps outlined above to create a thoroughly compliant background check policy. Not only can you be sure to stay up to date on shifting background check compliance and legislation, but you can avoid legal pitfalls while still leveraging the power of thorough vetting. Placing emphasis on acting lawfully while exercising your hiring prerogative can lead to building a higher-quality workforce with lower risk.

Get monthly updates on Compliance and Legislation

Michael Klazema

About Michael Klazema The author

Michael Klazema is the lead author and editor for Dallas-based backgroundchecks.com with a focus on human resource and employment screening developments

Michael's recent publications

Background Checks Help me choose bot avatar

Need help choosing the right checks?

Use a self-service guide to see which checks are right for your organization.

Help Me Choose

Ready to run your first check?

Choose from our 3 instant packages

See Pricing
Get your report instantly

Related Articles about Compliance and Legislation

More Like This Post

Texas Moves to Create New Background Check Compliance Requirements in Childcare

How Can You Ensure Your Background Checks are Compliant with FCRA and EEOC Regulations?
State Criminal Search

Virginia Criminal Search

Order a criminal record search for Virginia and get your report in 1-3 days for 10$.

Order a Search for Virginia