Between A Rock And A Hard Place: Avoiding Accidental Liability Under FCRA for Background Checks
Many employers use background checks to guarantee it hires the best candidates—and to minimize legal liability for claims like negligent hiring. Unfortunately, this attempt to prevent
one type of liability may actually create
another type liability under the Fair Credit Reporting Act ("FCRA"), which governs employment background checks. Thus, an employer may find itself in a tough position: it wants to protect itself with background checks of applicants, but is unsure how to comply with the FCRA’s hyper-technical notice and disclosure requirements.
Why Should Employers Pay Attention to the FCRA?
Though FCRA gets less spotlight than its federal employment statute cousins (the FMLA, FLSA or Title VII for instance), its steady increase in litigation is getting attention. The number of FCRA lawsuits has increased every year since 2011, with a 4.3 percent increase from 2017 to 2018 alone. This litigation growth is spurred, in part, by recent high-profile settlements in FCRA class action cases including Delta ($2.3 million), Uber ($7.5 million), Amazon ($1.5 million), Avis ($2.7 million), and FritoLay ($2.4 million). Add these popular settlements to the FCRA’s generous statutory damages ($100-$1,000 per violation without a need to prove harm) and partiality for class actions, and it's easy to see why FCRA lawsuits are on the rise.
What is the FCRA?
The FCRA governs all employment background checks, which constitute “consumer reports,” even if they do not include credit information. The FCRA requires an employer running a background report to provide that applicant with a “separate” document that contains, among other things, a “clear and conspicuous” disclosure and the applicant’s written authorization to run the report. The wording and formatting of this “separate” document are strictly described and enforced by the FCRA and its regulations. Even after the report is run, the FCRA has detailed notice requirements when the employer wants to take an “adverse action” against an applicant. For example, the FCRA requires the employer to (a) send a notice, copy of the report, and summary of rights to the applicant prior to making an adverse action; (b) wait five days to take an adverse action; and (c) send a post-adverse action notice to applicant with certain information. Taken together, the FCRA contains detailed procedural requirements before, during and after an employer runs a background report on an employee or applicant.
What are Common FCRA Violations?
Some of the most common violations of the FCRA occur when the employer:
How Can an Employer Protect Itself?
- combines the authorization and written disclaimers with other information, which violates the requirement that the disclaimer be a “separate” document;
- includes language in the disclaimer that releases the employer from liability for conducting, obtaining or using a background report;
- requires applicant to certify that all information in application is accurate;
- includes overly broad authorizations for information the FCRA does not allow;
- fails to provide either pre- or post-adverse action notices; and
- neglects to inform applicant of his/her FCRA rights.
First, employers must understand the FCRA holds them responsible for violations, even when a third party credit-reporting agency runs the report. Thus, liability cannot be handed off. To protect against inadvertent liability, employers that conduct background checks are strongly encouraged to partner with legal counsel to: (a) determine the exact wordings/procedures required by the FCRA, (b) review the employer’s written notices, policies, disclaimers and authorizations for said background checks to ensure FCRA compliance, (c) revisit the employer’s hiring procedures to confirm background checks are being used properly, and (d) train any and all administrative or hiring personnel on FCRA notice requirements.