Taking Screening to the Next Level

By Barry Nixon


The first step is to develop a comprehensive policy that sets the tone and provides the framework for how infinity screening will be handled in the organization. The following are among the key points to be addressed.

Identify positions. The company must first determine which positions will be screened. The decision should be based on the nature of the work to be performed. Jobs should be classified according to their sensitivity or the risk factor associated with the position.

Set frequency. The policy should specify how often screenings will be conducted. If a third party has been directed to alert the company whenever there is activity, such as a driver’s license infraction, the policy should explain how that affects the frequency of screens.

Set search parameters. The policy should also list the types of information that will be sought as a part of the screening. Companies must be mindful of the legal restrictions that apply.

While it is well established law that a company has the right to check a person’s criminal record before making a job offer, the legal landscape is murkier when it comes to checking that information and other off-duty behavior, such as credit history and driving record, after a person is employed. Some businesses are pushing the envelope here, but employers must be cautious, because monitoring such information could be considered an invasion of privacy and might invite litigation. The  company’s legal counsel should ensure that the policy conforms to relevant state laws, which are fairly clear on what type of screening is prohibited.

With regard to off-duty conduct, the employer should limit screening to information that it can show has a clear relationship to job performance. Checking the driving record of a person who operates a company car should be legally defensible. But the connection to the job need not be that direct. It may also be relevant to examine an employee’s off-duty conduct if it could jeopardize the company’s business or reputation.

Consent. The policy must state how employees will receive notification of the screening and how they will grant consent. Companies should notify affected employees when they are hired that the organization plans to conduct posthire background checks. These new hires should be asked to sign a written authorization and consent form as part of the hiring process. If the process is implemented later, all affected employees should be asked to sign the form when the policy is activated. However, companies may also want to have a consent form signed just prior to each new check, depending on the law in that jurisdiction.

Consent requirements vary by state. Les Rosen, president of Employment Screening Resources notes that to fully comply with state law in California, it is arguable that a new consent form is required every time a search is done. There has yet to be a test case. It is possible, however, that if a company does not obtain the required consent from employees, a court could decide—if a case were brought by an employee—that the company had no right to use any information gleaned from those searches.

Contract staff. Companies have many people in their buildings who are not direct employees. Outsourced staff may include administrative assistants, cleaners, security officers, and IT consultants. The company should have an infinity screening policy for these positions as well. In this type of situation, the screening should be among the obligations listed in the service contract for each provider. These organizations should be required to have both preemployment screening and periodic screening that meets the standards the company imposes on its own direct hires.

Response. The company’s infinity screening policy must lay out the process for handling and responding to negative information uncovered during any new search. Key issues include who needs to know about the information and who needs to be part of the decision making.

Due to the highly sensitive nature of the information involved, and also the possibility that a negative hit will taint future decisions regarding the employee, it is crucial that a minimum number of people be involved. That might typically include legal and security personnel. Supervisors and managers should specifically be excluded until the negative information is verified.

Because human resource personnel are frequently involved in career mobility discussions, and because their view of the individual could inadvertently be tainted by access to raw screening data, it is better for security to handle the information-verification process. Once the negative hit is affirmed as accurate, human resources should be brought into the discussion.

EEOC. A company must be mindful of many issues as it reviews information that may surface in a background check, especially after employment has begun. For example, the Equal Employment Opportunity Commission (EEOC) warns against using criminal records to automatically disqualify an individual from consideration without a legitimate business reason for doing so.

A case that illustrates this point is Wright v. Home Depot (Hawaii Supreme Court, 2006) in which the court ruled that an employee’s conviction must bear a rational relationship to the employee’s job before a company can take action.

Wright, a Home Depot employee who had been with the company for about a year, applied for a promotion to department supervisor. During the review period for the promotion, Wright was tested for illegal drug use twice. Both of the tests were negative.

Home Depot also conducted a criminal background check on Wright as part of the review. The check uncovered that Wright had a prior drug conviction, and Home Depot fired him. Hawaii’s high court ruled that the company wrongfully terminated wright based on his prior criminal record.

FCRA Compliance. Other legal issues associated with infinity screening relate to compliance with the Fair Credit Reporting Act (FCRA) as amended by the Fair and Accurate Credit Transaction Act. FCRA provides the requirements for using consumer reporting agencies, as defined by the law, which includes background screening firms.

If a business does its own background screening using internal staff and does not use a consumer report in any part of the process, FCRA does not apply. State laws with similar requirements may, however, come into play. In any case, businesses should still follow the FCRA requirements to avoid even the appearance of unfairness. Doing so will also put companies in a solid position should the process be challenged.

Industry requirements. The company’s screening policies should address whatever special requirements may apply to its particular industry. For example, in the medical and healthcare fields, facilities are required to make sure that medical licenses and certifications are current and meet established standards. Banks and brokerage firms have their guidelines as well.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.