Chapter 04 · 6 min read
Background Checks Without Getting Sued
If you're checking someone's criminal record or employment history in the US, FCRA applies. Get the consent flow right and the rest is mechanical.
The single most expensive way to misunderstand background screening is to skip the FCRA-mandated consent and disclosure flow. Class actions follow. Settlements measured in millions follow.
This chapter covers the consent flow. The rest of background screening — what to check, where to check it, how to interpret results — is mechanical and well-understood.
What FCRA actually requires
The Fair Credit Reporting Act applies whenever a "consumer reporting agency" provides a "consumer report" for a "permissible purpose." If you're conducting background checks on employees or contractors in the US, all three of those terms apply to you.
The core requirements:
- Disclosure. Before you obtain a background report, give the candidate a clear, standalone written disclosure that you intend to do so.
- Authorization. Obtain explicit written authorization from the candidate to obtain the report.
- Pre-adverse action notice. If the report contains information that may lead to a negative decision, notify the candidate before you make the decision. Give them a copy of the report and a "Summary of Rights" document. Wait at least five business days.
- Adverse action notice. If you proceed with the negative decision, send a final notice telling them, including the consumer reporting agency's contact info and their right to dispute the report's accuracy.
Skip step 3 and you're in textbook FCRA violation territory. The damages are statutory — $100–$1,000 per violation, plus actual damages, plus attorney's fees, plus class action multipliers.
The "standalone disclosure" trap
The disclosure has to be a standalone document. You cannot bundle it with your job application, your terms of service, your offer letter, or anything else.
The Ninth Circuit has been particularly aggressive on this. In Syed v. M-I, LLC (2017), the disclosure was on the same page as the authorization, with some other employment-related text. The court found this violated FCRA. The settlement was $20.6M.
What to actually check
| Check | What it returns | Cost (typical) |
|---|---|---|
| SSN trace | Address history derived from SSN | $1–3 |
| National criminal database | Aggregated criminal records | $5–10 |
| County criminal search | Direct courthouse records (most accurate) | $10–25 per county |
| Federal criminal search | Federal court records | $10 |
| Sex offender registry | National + state SOR data | $1 |
| Employment verification | Confirms past employment dates + roles | $10–20 per employer |
| Education verification | Confirms degrees | $10–15 per institution |
| Motor vehicle records | Driving history | $5–15 per state |
Ban-the-box and salary history laws
Roughly 35 US states and 150+ municipalities have "ban-the-box" laws restricting when in the hiring process you can ask about criminal history. Some prohibit asking until after a conditional offer. Some prohibit considering arrests that didn't lead to convictions. Some prohibit considering convictions older than seven years.
This is jurisdiction-by-jurisdiction. You can't operate a single national background check policy and be compliant everywhere. You need either (a) the most restrictive jurisdiction's policy applied universally, or (b) per-jurisdiction logic.
EEOC and disparate impact
Even with FCRA-compliant consent, you can still violate Title VII if your screening criteria have a disparate impact on protected classes. The EEOC's 2012 guidance is the framework: do an "individualized assessment" considering the nature of the offense, time elapsed, and relevance to the job.
In practice: if your hiring policy auto-rejects anyone with any conviction, you have legal exposure. If your policy considers conviction-job fit on a case-by-case basis, you're defensible.