By: Bill Pilchak – 4/17/14
I have long felt that Consumer Reporting Agencies (“CRAs”) pay scant attention to their customers’ obligations under the Fair Credit Reporting Act (“FCRA”). Recently, I took a closer look at practices within the industry, and my casual observation has become a firm belief. Although CRA’s are required to obtain certification that their employer-customers are FCRA compliant before providing a report, not only do they often fail to do so, but some offer misleading information to customers about compliance. Accordingly, don’t rely upon the vendor providing background checks to guide you through your FCRA obligations. Some have as much expertise in the area as the infamous Detective Frank Drebin.
As most HR people know, the FCRA extends far beyond credit matters, and includes criminal background checks, reference checks and driving record reviews performed by third parties. FCRA compliance is currently critical because: 1) these days, those with criminal convictions are flexing their legal muscle when denied employment, prompted by the EEOC’s recent efforts on their behalf; and 2) you only get one chance to comply with the FCRA. You can’t “un-ring” that bell after a violation has occurred.
The FCRA requires employers to engage in specific actions at several steps. As noted, Congress intended that CRAs communicate with employers regarding those obligations, because a CRA is supposed to obtain certification of compliance. How easy it would be to comply with that requirement by presenting the employer’s pre-and-post-report obligations and requesting that the employer confirm it has taken or will take those actions. That is not usually the case.
Let’s review what the FCRA requires of employers and use an online CRA, pseudo-named “Guardman,” as an example of how one can be led astray. At Guardman’s website, virtually anyone can obtain background checks on anyone else for $20. Checks on friends, neighbors, etc are not subject to the FCRA. Employers are instructed to insert a date of birth, which apparently (and mysteriously somehow) informs Guardman that the request is from an employer and subject to the FCRA. One can click on that DOB instruction for more information, but the pop-up does not review the employer’s obligations or obtain certification that the employer has followed the steps. Rather, it touts how Guardman’s program allows for the correction of data, while competitors’ systems do not.
Ideally, Guardman would tell employers that the FCRA requires them to provide notification to the employee that a consumer report may be used and that the employer must obtain the employee’s authorization to obtain a report in a “stand-alone” document before obtaining a report. Courts have held that where the notification is on a separate page but paginated in sequence with the application and other pre-hire documents, it is not “stand-alone.” Likewise, courts have held that notification followed by language releasing FCRA claims and a signature line is not “stand-alone.” Obviously, a disclaimer buried within provisions of an employment application does not suffice. However, clicking on Guardman’s “employee background check release form” icon produces an authorization as part of an employee application, with the signature simultaneously authorizing a report and releasing Guardman for any claims against it. Accordingly, if an employer relies upon Guardman for guidance, it will surely violate the law.
When employers then elect to obtain a report, they must provide notice to the employee that a background check or other report has been requested within three days of making the request. This requirement appears nowhere in the CRA’s materials.
If a report contains information of concern, the employer must provide the employee with: a pre-adverse action letter explaining that action might be taken on the basis of the information; a copy of the report; and a copy of “A Summary of Your Rights under the Fair Credit Reporting Act,” a document prepared by the Federal Trade Commission. The employer should provide the employee with a chance to dispute the information, though that is not an absolute requirement. If the employer goes through with the adverse action, it must provide an “adverse action” letter containing:
- The name, address, phone number of the CRA supplying the report;
- A statement that the CRA did not make the decision to take adverse action and cannot give specific reasons for the adverse action; and
- A notice of the individual’s right to dispute the accuracy of any information supplied by the CRA, and his or her right to an additional free consumer report from the agency upon request in sixty days.
Guardman’s site does have an icon entitled “background check resource center,” where one can find another icon entitled legal requirements. They provide notification of the post-termination requirements. However, nothing compels an employer to review the legal requirements stated there. Certainly, no part of the process provides certification of compliance.
In an ideal world, a company whose only business entails providing criminal background checks would guide customers on how to lawfully use their service, given the provision of the law requiring certification of compliance. But it shouldn’t surprise any employer when folks do the bare minimum required and fail to go that extra mile – or even yard.