How to Legally Conduct Employment Background Checks

The legal framework you must follow

When you need reliable information about a candidate, background checks are essential — but they come with legal obligations and liability risks. Federal and state laws intersect in ways that make background screening more than an administrative task.

Federal Fair Credit Reporting Act (FCRA)

Key FCRA duties include:

• Providing a standalone disclosure that expressly states a consumer report may be obtained, separate from application materials.
• Obtaining a separate, written authorization from the candidate before ordering a report.
• Giving the candidate a summary of their rights under FCRA (note: the CFPB released an updated “Summary of Your Rights” form with a mandatory implementation deadline).
• Following the FCRA adverse-action process: a pre-adverse action notice with a copy of the report and rights summary, then a final adverse action notice after a reasonable opportunity to dispute.
• Certifying to your CRA that you will comply with FCRA requirements and use reports for permissible purposes.

Equal Employment Opportunity Commission (EEOC)

The EEOC adds another dimension: blanket exclusions based on criminal records can result in disparate impact discrimination against protected groups. The EEOC recommends individualized assessments that consider:

• The nature and seriousness of the offense,
• The time that has passed since the offense or completion of sentence, and
• The relationship between the offense and the job’s duties.

State and local laws

State and local laws can be stricter than federal rules. For example:

• California’s Fair Chance Act generally bars employers with five or more employees from asking about criminal history until after a conditional offer and requires individualized assessments.
• New York State and New York City impose timing restrictions and limit the use of certain criminal history information.
• Many jurisdictions have ban-the-box laws, clean slate or expungement rules, and other restrictions you must track.

Noncompliance can trigger civil penalties, statutory damages, private lawsuits, and administrative enforcement. That makes compliance a business priority, not a housekeeping item.

“Make compliance a core part of your hiring process — not an afterthought.”

Step-by-step guide to legally conducting employment background checks

Follow these practical steps to reduce legal exposure and protect candidates’ rights.

1. Create a job-related screening policy

• Define which checks are required for each role and why those checks are job-related and consistent across similar positions.
• Include record retention, who reviews results, and how adverse action decisions are made and documented.

2. Choose an FCRA-compliant CRA and verify processes

• Confirm the vendor follows FCRA accuracy standards, uses reliable data sources, and provides timely consumer report copies.
• Ensure the CRA supports multi-state compliance and the updated CFPB rights form.

3. Prepare proper disclosure and authorization

• Use a standalone disclosure that plainly states a consumer report may be obtained; do not embed it in the application or pair it with liability waivers.
• Collect a separate, written authorization from the candidate before placing any orders.

4. Respect timing rules in ban-the-box and fair-chance jurisdictions

Delay criminal-history questions and arrest/conviction checks when local laws require doing so only after a conditional offer. Apply consistent timing and process across similarly situated candidates.

5. Order only the checks you need and interpret them in context

• Typical checks: identity verification, criminal records, employment verification, education verification, driving records (for safety-sensitive roles), and credit reports where legally permitted and job-related.
• Avoid overbroad searches that surface irrelevant or stale information.

6. Conduct individualized assessments for adverse information

If a criminal record appears, document the offense details, how long ago it occurred, and the specific job duties that could be affected. Consider rehabilitation evidence, context, and whether the record actually predicts job performance or workplace safety.

7. Follow the two-step adverse action process

• Pre-adverse action: Provide the candidate a copy of the report and the FCRA summary of rights (use the updated CFPB form), plus a clear notice describing the employer’s intent to take adverse action. Allow a reasonable time for the candidate to review and dispute inaccuracies (commonly five business days, but follow applicable guidance).
• Final adverse action: If you proceed after the candidate’s opportunity to respond, send a final notice that identifies the CRA, gives contact details, and explains the candidate’s rights.

8. Keep careful records and train your team

• Maintain copies of disclosures, authorizations, report results, individualized assessments, adverse-action notices, and decision rationales.
• Train HR, hiring managers, and recruiters on FCRA, EEOC principles, and state variations so everyone applies your policy consistently.

Types of checks and legal nuances to consider

• Criminal background checks: High legal risk if used as blanket bans. Always ask whether the offense is relevant to the role and how long ago it occurred.
• Employment and education verifications: Focus on accuracy; incorrect termination dates or credential claims can be disputed.
• DMV/driving records: Only for roles requiring driving; state motor-vehicle laws and privacy rules apply.
• Credit reports: Allowed only when job-related and compliant with state law; tread carefully, especially for non-financial roles.
• Identity and right-to-work checks: Verify identity and eligibility to work, but avoid collecting medically sensitive or protected information.

Common compliance pitfalls and how to avoid them

• Embedding FCRA disclosure in other forms: Use a separate document for disclosure and a separate consent signature.
• Skipping the pre-adverse action process: Always provide the report and rights summary before making final decisions.
• Applying blanket criminal exclusions: Implement individualized assessments to reduce discrimination risk.
• Not updating forms: Adopt the CFPB’s updated rights form and keep policies current with state law changes.
• Outsourcing without oversight: Choose vendors with compliance expertise and audit them regularly.
• Failing to document: Poor documentation undermines your defense in audits or litigation.

Practical takeaways for employers

• Use standalone FCRA disclosure and obtain separate written authorization before any background check.
• Delay criminal-history inquiries where ban-the-box or fair-chance laws apply (e.g., California, parts of New York).
• Document individualized assessments for any criminal findings, explaining relevance and recency.
• Select and monitor FCRA-compliant CRAs; require vendor certifications and accurate reporting.
• Provide pre-adverse notices with a copy of the report and the CFPB rights summary; follow with a final adverse-action notice when applicable.
• Train hiring teams on EEOC guidance to avoid disparate impact claims.
• Maintain records of all screening steps, decisions, and communications for audits and potential disputes.

How a screening partner can reduce your risk and speed hiring

A knowledgeable screening partner can help you operationalize these steps without adding administrative burden. Look for a provider that:

• Automates FCRA-compliant disclosures, consent capture, and the adverse-action workflow,
• Keeps up with state and local fair-chance and ban-the-box rules,
• Sources and verifies accurate data while offering timely dispute resolution,
• Provides audit trails and record retention that align with legal requirements,
• Offers consulting on job-related screening policies and individualized assessment templates.

Rapid Hire Solutions can act as that partner, helping employers maintain compliant workflows, minimize legal exposure, and make faster, better-informed hiring decisions across multiple jurisdictions.

Conclusion

Legally conducting employment background checks in the U.S. requires more than pulling reports — it demands a documented policy, FCRA-compliant processes, individualized assessments for criminal records, and ongoing attention to state and local laws. Take a systematic approach: map job-related screening needs, use proper disclosures and authorizations, follow the adverse-action steps, and keep clear records.

If you’d like a compliance review or help implementing automated, multi-state screening workflows, Rapid Hire Solutions can provide guidance and managed screening services to reduce risk and streamline hiring.