When it comes to keeping your employees and clients safe, it can be tempting to immediately jump to the option involving the least amount of risk. Rather than hire someone with a blip in their record, isn’t it always better to staff up with employees who are vetted and completely clean?
While the answer may still be yes, it’s critical that you take care not to overstep any legal guidelines when doing so. Here are a few things you should keep in mind.
- The Fair Credit Reporting Act
The FCRA, or Fair Credit Reporting Act, is a United States federal law promoting the accuracy, fairness, and privacy of consumer information in credit reporting. In essence, consumers have the right to know what information is in their file, whether information in their credit report has been used against them, and to dispute anything contained within the report that they know to be false. A reasonable expectation of privacy is also promised to consumers under the FCRA.
When you conduct a background investigation, it’s critical that you or your background check provider follow the FCRA regulations. Penalties for companies that do not can be severe. For instance, a recent lawsuit involving information giant TransUnion yielded a $60M jury verdict. TransUnion was accused and convicted of willfully violating the FCRA by providing name-only matches and failing to verify individuals were in fact on terrorist watch lists such as the OFAC list. Scenarios like this underscore the importance of cross-checking all information. A name-only match is not enough to confirm that person A is the same as an individual on a terrorist watch list.
- The 7-Year Rule
Though the 7-year rule is part of the FCRA, it deserves a separate mention. Essentially, the 7-year rule states that all civil suits, civil judgments, arrest records, and paid tax liens can’t be reported in a background investigation (or other consumer report) after 7 years. This applies to every state in the U.S. In some instances, states go even further with their regulations, such as in California, New York, and Kentucky, where non-convictions can’t be reported at all, except for pending charges.
When it comes to criminal information, reporting rules differ by state. (See this chart for exceptions, which include both timeframe restrictions and salary caps.)
- GDPR Compliance
The European Union’s General Data Protection Regulation took effect on May 25, 2018.
Under GDPR, the way you must document consent in background checks is slightly different than in the past. Employers who wish to conduct or order a background check will be considered “data processors” under the EU’s new regulations. In order to demonstrate consent, they will need to prove that it is unambiguous. Going forward, consent must be provided by a statement or a clear affirmative action indicating that the subject agrees to the processing of their personal data.
When conducting background investigations, you want the best outcome for your company. However, you also need to ensure legal protection for any hiring decisions you choose to make. Alliance Risk Group. is a full-service investigative firm that conducts best practice background checks in a variety of industries, regardless of your company’s size or geographic location. Are you interested in learning more about background investigations? Schedule a no-cost webinar to see if our services might be right for you!
We invite you to browse our library of blog posts and whitepapers to gain a better understanding of the value background investigations could have for your organization.