Buying Background Checks From a Vendor? Check Your Forms!
Many employers contract with third parties to obtain background checks on job applicants. If you are one of those employers, heed the warning sounded by a new federal court decision: Make sure your background check documents are in the legally-required form, or face severe liability.
An employer’s procurement of background check reports from a third party is governed by the Fair Credit Reporting Act (FCRA). Under the FCRA, before an employer may request a background check on an individual, the employer must do two things: (1) give the individual a “Disclosure” form, and (2) obtain the employee’s signed “Authorization” to procure the background check. The Disclosure and the Authorization must comply with the statute.
And here’s the rub: The FCRA states that the Disclosure must be provided “in a document that consists solely of” the Disclosure and the Authorization. Despite the clarity of this requirement, many employers are using Disclosure and Authorization forms that contain additional language – such as a “waiver,” an authorization for employers to use or disclose information, or a request for personal information. A new federal court decision holds that including this additional language is a willful violation of the FCRA. And that can trigger substantial liability, as one employer recently learned the hard way.
In the case of Syed v. M-I, LLC (decided January 20, 2017), the employer asked an applicant to sign a document authorizing the employer to obtain a background check report. The document included a broad waiver of potential claims that might arise from the employer’s use or disclosure of information from the report. A U.S. Court of Appeals ruled that the employer’s inclusion of the waiver language violated the requirement that the Disclosure be provided “in a document that consists solely of” the Disclosure and the Authorization.
But this is obviously a paperwork technicality. Do real-world employers really need to be concerned about this? Absolutely! (Or we wouldn’t be sending you a Client Alert about it.)
First, the employer’s violation was held to be “willful.” Because the statutory language is so clear, the court said, the employer could not have reasonably believed that its form was permissible. That should send a chill down the spine of every background-checking employer.
Second, the potential liability can be severe. For a “willful” violation, the FCRA provides for damages from $100 to $1,000 per person, plus punitive damages, plus attorney’s fees. If an employer has provided defective forms to hundreds or thousands of applicants, $100 to $1,000 per person could become a very large amount. The FCRA contains no limit on the amount a court may allow for punitive damages. It is no surprise that FCRA lawsuits are becoming increasingly popular with class action lawyers.
Third, many employers use Disclosure and Authorization forms they received from the agencies providing background check reports. It would be reasonable to expect that an agency in the background-check business would provide its employer-clients the correct documents. Unfortunately, this is often not the case. On many occasions our lawyers have seen agency-provided Disclosure and Authorization forms that include additional language – thereby violating the FCRA requirement. Based on the Syed decision, “we got the form from our background-check company” might not be a valid defense for an employer. Nor would “we didn’t actually read the statute,” or “we got this off the internet.”
There is some good news: If you use FCRA Disclosure and Authorization forms that you obtained from Miller Johnson (and did not modify them), those forms comply with the FCRA requirement that the form “consist solely of” the Disclosure and the Authorization.
If you have not carefully examined your FCRA forms to ensure their compliance, we strongly encourage you to you review them now.
If you have any questions about this client alert, please contact the author or your Miller Johnson Employment and Labor attorney.