Understanding FCRA Disclosure and Authorization Requirements
Pre-employment background checks are subject to strict regulations under a measure known as the Fair Credit Reporting Act (FCRA), and failure to meet FCRA requirements when running background checks on job candidates can result in financial penalties and legal troubles.
One common source of confusion for many employers occurs before a background check even begins, with requirements known as FCRA disclosure and FCRA authorization (or FCRA consent).
The idea behind these requirements is straightforward—before conducting a background check on a job applicant, a hiring company must:
- Inform the candidate that they intend to run the background check
- Get the candidate’s permission to do so
But, as with many other forms of regulatory compliance, the devil is in the details.
FCRA disclosure and authorization requirements (and related state and local compliance rules) are deceptively tricky—having been the source of many unfair-hiring lawsuits and civil penalties.
The fact that FCRA disclosure and authorization language typically appear in forms used by multiple job applicants can amplify the impact of getting them wrong: Depending on the size of the hiring company and the rate at which it adds headcount, poor (or nonexistent) disclosure and authorization forms can mean dozens, hundreds, or even thousands of FCRA violations.
FCRA Purpose: To Protect Consumers
When the FCRA was enacted in the 1970s, its purpose was to ensure the privacy of information in consumers’ credit files, and to limit how lenders, credit card issuers, and employers can and cannot use that information. Eventually extended to include other forms of personal information, including criminal and arrest records, FCRA is based on the notion that consumers are entitled to:
- Know what data has been compiled about them
- Decide who can see that data and how they intend to use it
- Correct any inaccuracies in records compiled about them
FCRA compliance is enforced by the Federal Trade Commission (FTC) and the Bureau of Consumer Financial Protection (BCFP). FCRA background-check regulations apply to all US businesses, public and private, regardless of state, revenue size, or headcount.
FCRA disclosure and authorization requirements apply to all candidates for full-time and part-time employment who will be subject to background checks.
Legal applicability to independent contractors (workers paid using IRS Form 1099, rather than Form W-2) is a little fuzzier, but FTC guidelines recommend treating prospective contractors the same as applicants for permanent positions when running background checks.
FCRA Disclosure: Make it Clear a Background Check Will be Run
The first step in conducting a FCRA-compliant background check is notification, also called disclosure, and is the process of informing the applicant of intent to run a background check on them. In broad terms, the disclosure must clearly indicate that a background check will be used to inform a hiring decision. If the hiring company is outsourcing the screening to a third party, such as a Consumer Reporting Agency (CRA), the name of the vendor must be indicated.
The FCRA doesn’t specify exact wording to be used in a background check disclosure notification, but it requires “clear and conspicuous disclosure in writing in a standalone document,” a mouthful that’s best understood by breaking it down into smaller bites:
- Clear: The disclosure form must be easy to understand, using simple, direct language. No legalese or corporate jargon.
- Conspicuous: The background-check disclosure form should be prominent and sufficiently attention-getting so that the candidate cannot overlook it. The disclosure cannot be buried in fine print or embedded in a job application form.
- In writing in a standalone document: An FCRA-compliant background-check disclosure must be provided in a printable form for review, on page(s) specifically for that purpose.
There is one exception to the FCRA ban on embedding background-check disclosure with other documents: An FCRA disclosure form can be combined with an FCRA authorization form, as described below.
FCRA Authorization: Obtain Permission for a Background Check
A compliant FCRA authorization form is an acknowledgement that a pre-employment background check will be conducted. It can be presented as a self-contained document or jointly with an FCRA disclosure form.
FCRA-compliant background-check authorization forms should NOT:
- Include liability waivers or other releases related to the hiring process or background check
- Require the applicant to certify the accuracy of a job application
- Seek applicant acknowledgement that the company follows fair hiring practices, avoids discrimination, is an equal-opportunity employer, etc. (Applicants aren’t in a position to attest to that, anyway.)
FCRA background-check authorizations may be used to capture the job candidate’s full name, address and Social Security number, and any other personal information required to conduct the background check.
The FCRA authorization must be signed by the job applicant, either in print or electronically. The employer should keep the original signed form and provide a copy to the applicant.
Tracking a Moving Target
Requirements for FCRA disclosure and authorization forms change occasionally, so it’s a good idea for employers to check regularly at ftc.gov to make sure disclosure and authorization information are current, or work with your background check provider to ensure your forms are compliant. GoodHire is committed to monitoring changes in FCRA disclosure and authorization guidelines, and maintains a library of compliant forms in our library of downloadable resources.
In addition, it’s important to remember that individual states and municipalities may have background-check disclosure and authorization requirements that are even stricter than those required by the FCRA. Consult your legal counsel to ensure full compliance, or consider working with a background check provider like GoodHire, which helps employers meet compliance requirements with all local and national regulations.
FCRA Compliance After a Background Check is Conducted
Employers who follow the requirements outlined above can move forward with (or outsource to a third party CRA) its pre-employment background checks, confident they are in compliance with FCRA regulations. To stay FCRA compliant, additional steps are necessary once the results of the background check are returned. That’s a subject for another blog post.
Do You Use GoodHire for Employment Screening?
GoodHire's e-consent and template consent form meet federal compliance obligations. If you use GoodHire for pre-employment background checks, you can choose to use the e-consent option and we’ll provide the disclosure and authorization form to your candidate. However, it’s the employer’s responsibility to review this template to ensure it meets your needs and is approved by your own legal team (you can find it on the employer forms page).
In the event you'd like to provide your own consent form, we can upload your custom e-consent into the candidate flow and it will be provided to each candidate you invite to screen through GoodHire. Please note that it is the employer’s responsibility to review the requirements of your and your candidate's specific jurisdictions to determine if additional information must be provided. For example, employers in California requesting credit checks on candidates must provide additional information to the candidate setting forth the exception under the credit inquiry ban that allows them to make the inquiry.