If Not, Read This Carefully Before You Conduct Your Next Background Check, Else You Could Set Yourself Up For A Lawsuit
Pre-employment background checks are now a standard part of the hiring process. Almost every organization carries them out. Unfortunately, not all organizations have a specific background check process in place.
Most organizations simply conduct background checks whenever they need them. They trust that their recruitment staff will follow the necessary laws and regulations. After all, the recruiters are supposed to be professionals who understand their craft. As such, they feel no need to have a formal process in place.
This is actually a dangerous approach. Leaving processes to the discretion of employees can easily backfire. One simple misstep can lead to a legal violation. Because there is no formal process, identifying any missteps can be almost impossible. This is how organizations end up committing violations which get them sued, and cost them millions of dollars in settlements.
To minimize the likelihoods of making mistakes when conducting background checks, organizations need a process in place. We shall outline a basic template which any organization can use to create such a process shortly. However, before attempting to create a process, there are some basics which need to be in place.
The most important requirement to successfully conducting background checks is to understand the pertinent laws which govern them. Understanding the laws is essential to creating a background check process which is legally sound. In fact, a process which doesn’t have a solid legal basis is actually worse than no process at all.
There is one law which every background checking process is should be based on. This is the Fair Credit Reporting Act (FCRA). This is the law which spells out how a background check should be carried out to the last detail.
The provisions of this law can provide the perfect guideposts for deciding the steps to include in the process. The simple template we provide below will be based on FCRA provisions. Even then, whoever is designing the process needs to study and understand this law.
Another law which may be essential is the “ban-the-box” law. The keyword here is “may” because not all jurisdictions have them. Currently, around 100 jurisdictions within the US have ban-the-box laws. If the organization is based in a jurisdiction which has a ban-the-box law, then those designing the process need to study it as well.
The good news is that a background check process which is fully compliant with the FCRA is almost certainly complaint with any ban-the-box law. This is because the steps which the FCRA outlines is mirrored in most ban-the-box laws. However, this doesn’t mean that employers don’t need to understand the ban-the-box laws. It is just to assure HRs that it won’t be at all difficult to integrate the different laws into the background check process.
A Background Check Policy
A background check process needs to be based on a solid policy. Such a policy is what will give legitimacy to the process within the organization. As such, before creating a process, an organization first needs to have a background check policy.
Now, the word “policy” sounds a little grandiose. It makes the whole thing seem complicated. However, a background check policy can actually be less than 1000 words in total. Yes, “one thousand” words.
A basic policy simply needs to outline the following:
At what point during the interview process will background checks be carried out?
- Types of Checks
What types of background checks will the organization use? For what positions will particular types of checks be used?
- Internal vs External
Will the background checks be carried out internally, or will an external vendor be hired to carry out the checks? It is generally safer to use an external background checking company. Even then, the selection process for the company needs to be done carefully.
- Responsible Personnel
Who will be responsible for conducting the background check? This is important even when the background check will be carried out by an external vendor. The whole process requires a lot of back and forth exchanges between the organization and an applicant. Someone needs to be assigned the role of coordinating with both applicants and the background checking company.
- Privileged Access
Who will be granted access to the background check reports? The information contained in the reports is confidential. As such, only individual under strict orders to maintain such confidentiality should be granted access to such information.
- Storage and Destruction
How will the background checking information be stored? In most cases, organizations are required to store the information for up to two years. An organization needs a mechanism for secure storage for this length of time.
After the storage period has expired, the information is supposed to be safely destroyed. What protocols will be put in place to ensure the safe destruction of background checks data?
To start safely conducting background checks, an organization only needs the first four items on the above list. The last two (i.e. access to info, storage and destruction) can be added later. Once an organization has a clear idea of the timing, types of checks, how to conduct the checks and the responsible personnel, it is in position to create a background check process.
A Simple Template For A Background Check Process
A background check process needs to be simple, precise and straightforward. It needs clear distinct steps which can be easily followed. Basing on the guidelines contained in the FCRA, a simple background checking process should have the following steps.
- Disclosure and Authorization
Every background check has to be preceded by a disclosure. This is basically informing an applicant of the intention to conduct a background check on them. The FCRA has strict guidelines on how a disclosure should be issued for it to be legally compliant. Failing to follow these guidelines to the letter is asking for trouble.
After disclosure, an organization needs to get a written authorization from the applicant. This is basically a consent form where an applicant signs to indicate that they have authorized the organization to conduct a background check.
- Conducting the Background Check
Upon issuing the disclosure and getting authorization, the organization can commission the background check. The vendor will conduct the background check and submit the results to the responsible person within the organization.
- Interpreting the Results
Upon receiving the results, the responsible personnel (perhaps the recruitment staff) will review the results, and interpret them. They will then decide whether or not to hire a person given what their background check has revealed.
In case the decision is to hire the applicant, then the background check process skips to step number 8. The steps 4 to 7 are only necessary in situations where the information unearthed in the background check prompts the organization to take an adverse employment action (i.e. not hire the applicant).
- Sending A Pre-Adverse Notice
In case the recruiters decide not to hire the applicant, the organization needs to send the applicant a “pre-adverse action notification.” This is basically a document which informs an applicant that they won’t be hired due to information contained in their background check report. This document should be accompanied by a copy of the background check report.
- Giving An Applicant the Opportunity To Challenge
After sending a pre-adverse action notice, an applicant needs to be given an opportunity to dispute the background check results. This is actually not mandatory, but it is advised. Most background check lawsuits arise when decisions are carried out basing on wrong background check information. Giving an applicant an opportunity to challenge the results eliminates such scenarios.
- Re-Evaluating The Results
This step only applies if the applicant actually disputes the results. In case they don’t, then the organization can proceed to the next step. If the candidate disputes the results, then the organization needs to reevaluate the results and reach a new decision.
In most cases, reevaluation will involve sending the dispute to the background checking company, and asking them to verify their information. If the reevaluation leads to the same decision i.e. not hiring, then the organization can proceed to the next step. Otherwise, the next step can be skipped.
- Sending An Adverse Action Notification
This is basically informing an applicant that they haven’t been hired because of information contained in the background check report. The adverse action notification should be sent together with the background check report, and other documents.
- Storing and Destroying the Information
This is the final step in the background checking process. The storage begins immediately after the final decision is made using the information in the background checking reports. The destruction commences at the end of the period in which an organization is legally mandated to store the information.
In a nutshell, those are the 8 basic steps required in a pre-employment background check process. Any process which follows these steps will be legally compliant. The only requirement is for the organization to observe some of the minute details which the FCRA outlines for each of the above steps.
Therefore, in case you don’t have a background check process in place, the above steps can provide the perfect template for creating your own. All you have to do is read through the FCRA, and observe its guidelines for implementing each of the above steps. Cheers!