The Fair Credit Reporting Act (FCRA) governs how employers use background checks for hiring decisions. Here's a clear checklist of your obligations.
Before the Background Check
- Provide clear written disclosure that a background check will be requested
- Obtain written authorization from the candidate on a standalone form (not buried in an employment application)
- Certify compliance to your screening vendor (they'll require this)
During the Background Check
- Use a compliant screening provider that follows FCRA procedures
- Limit access to background reports to decision-makers who need to know
- Store reports securely — they contain sensitive personal information
If You're Considering Adverse Action
- Send a pre-adverse action notice including a copy of the report and a written description of rights
- Wait a reasonable period (typically 5 business days) for the candidate to respond
- Consider any dispute or explanation the candidate provides
- Send a final adverse action notice if you still choose not to hire, including the name/address/phone of the screening company
State and Local Compliance
- Review ban-the-box laws in your jurisdiction (some require delaying background checks until after interviews)
- Check salary-history ban laws — many jurisdictions prohibit asking about salary history
- Verify juvenile record protections — many states seal or limit access to juvenile records
- Review local ordinances in cities like San Francisco, New York City, and Los Angeles
Ongoing Best Practices
- Document your screening policy in writing
- Apply the policy consistently across all candidates
- Train hiring managers on FCRA basics
- Audit your process annually for compliance gaps
The Bottom Line
FCRA compliance isn't optional. The FTC and private plaintiffs actively pursue employers who skip steps, and individual lawsuits can result in statutory damages of $100 to $1,000 per violation, plus punitive damages and attorney fees. A defensible screening program protects your company, your candidates, and your reputation.
