Workers need to be rescreened periodically to detect warning signs that could lead to fraud or workplace violence, but companies must be cognizant of the legal restraints when doing such screens.
Most large corporations understand the importance of preemployment screening. But few recognize the need to periodically rescreen the work force. They presume that a person who had a clean criminal, credit, or driving record when they were hired will continue to have a spotless record. But people change, and so do their circumstances. Consider the case of one woman who checked out perfectly when hired as a bookkeeper. After ten years with the firm, however, she found herself overwhelmed with debt due to large medical bills incurred by her sick child. She saw a loophole in the company’s financial tracking system and exploited it to embezzle funds so that she could pay off her bills and continue to fund her child’s medical care.
In this case, the firm had a policy of conducting biannual screens on all individuals in sensitive jobs, including those working with the company’s books. The policy called for examining the credit history, bankruptcy filings, and financial records of these employees. A routine posthire screening uncovered the worker’s serious credit problems. This led to an audit of her files, which revealed that the books were being falsified.
The case shows the potential power of rechecking employees after employment, a process sometimes called infinity screening. The practice is emerging as an important weapon for fighting internal fraud, property and information theft, workplace violence, and even terrorism. It’s easier to conduct continuous screening thanks to advances in data-collection techniques, but companies must tread carefully and be sure to address all the relevant legal issues, such as privacy and employment regulations.
The first step is to develop a comprehensive policy that sets the tone and provides the framework for how infinity screening will be handled in the organization. The following are among the key points to be addressed.
Identify positions. The company must first determine which positions will be screened. The decision should be based on the nature of the work to be performed. Jobs should be classified according to their sensitivity or the risk factor associated with the position.
Set frequency. The policy should specify how often screenings will be conducted. If a third party has been directed to alert the company whenever there is activity, such as a driver’s license infraction, the policy should explain how that affects the frequency of screens.
Set search parameters. The policy should also list the types of information that will be sought as a part of the screening. Companies must be mindful of the legal restrictions that apply.
While it is well established law that a company has the right to check a person’s criminal record before making a job offer, the legal landscape is murkier when it comes to checking that information and other off-duty behavior, such as credit history and driving record, after a person is employed. Some businesses are pushing the envelope here, but employers must be cautious, because monitoring such information could be considered an invasion of privacy and might invite litigation. The company’s legal counsel should ensure that the policy conforms to relevant state laws, which are fairly clear on what type of screening is prohibited.
With regard to off-duty conduct, the employer should limit screening to information that it can show has a clear relationship to job performance. Checking the driving record of a person who operates a company car should be legally defensible. But the connection to the job need not be that direct. It may also be relevant to examine an employee’s off-duty conduct if it could jeopardize the company’s business or reputation.
Consent. The policy must state how employees will receive notification of the screening and how they will grant consent. Companies should notify affected employees when they are hired that the organization plans to conduct posthire background checks. These new hires should be asked to sign a written authorization and consent form as part of the hiring process. If the process is implemented later, all affected employees should be asked to sign the form when the policy is activated. However, companies may also want to have a consent form signed just prior to each new check, depending on the law in that jurisdiction.
Consent requirements vary by state. Les Rosen, president of Employment Screening Resources notes that to fully comply with state law in California, it is arguable that a new consent form is required every time a search is done. There has yet to be a test case. It is possible, however, that if a company does not obtain the required consent from employees, a court could decide—if a case were brought by an employee—that the company had no right to use any information gleaned from those searches.
Contract staff. Companies have many people in their buildings who are not direct employees. Outsourced staff may include administrative assistants, cleaners, security officers, and IT consultants. The company should have an infinity screening policy for these positions as well. In this type of situation, the screening should be among the obligations listed in the service contract for each provider. These organizations should be required to have both preemployment screening and periodic screening that meets the standards the company imposes on its own direct hires.
Response. The company’s infinity screening policy must lay out the process for handling and responding to negative information uncovered during any new search. Key issues include who needs to know about the information and who needs to be part of the decision making.
Due to the highly sensitive nature of the information involved, and also the possibility that a negative hit will taint future decisions regarding the employee, it is crucial that a minimum number of people be involved. That might typically include legal and security personnel. Supervisors and managers should specifically be excluded until the negative information is verified.
Because human resource personnel are frequently involved in career mobility discussions, and because their view of the individual could inadvertently be tainted by access to raw screening data, it is better for security to handle the information-verification process. Once the negative hit is affirmed as accurate, human resources should be brought into the discussion.
EEOC. A company must be mindful of many issues as it reviews information that may surface in a background check, especially after employment has begun. For example, the Equal Employment Opportunity Commission (EEOC) warns against using criminal records to automatically disqualify an individual from consideration without a legitimate business reason for doing so.
A case that illustrates this point is Wright v. Home Depot (Hawaii Supreme Court, 2006) in which the court ruled that an employee’s conviction must bear a rational relationship to the employee’s job before a company can take action.
Wright, a Home Depot employee who had been with the company for about a year, applied for a promotion to department supervisor. During the review period for the promotion, Wright was tested for illegal drug use twice. Both of the tests were negative.
Home Depot also conducted a criminal background check on Wright as part of the review. The check uncovered that Wright had a prior drug conviction, and Home Depot fired him. Hawaii’s high court ruled that the company wrongfully terminated wright based on his prior criminal record.
FCRA Compliance. Other legal issues associated with infinity screening relate to compliance with the Fair Credit Reporting Act (FCRA) as amended by the Fair and Accurate Credit Transaction Act. FCRA provides the requirements for using consumer reporting agencies, as defined by the law, which includes background screening firms.
If a business does its own background screening using internal staff and does not use a consumer report in any part of the process, FCRA does not apply. State laws with similar requirements may, however, come into play. In any case, businesses should still follow the FCRA requirements to avoid even the appearance of unfairness. Doing so will also put companies in a solid position should the process be challenged.
Industry requirements. The company’s screening policies should address whatever special requirements may apply to its particular industry. For example, in the medical and healthcare fields, facilities are required to make sure that medical licenses and certifications are current and meet established standards. Banks and brokerage firms have their guidelines as well.
Negligent retention is a legal doctrine that has evolved out of numerous court cases. The underlying premise is that if an employer is aware that an employee has been violent or has violent tendencies—or should have been aware of the problem and did not take reasonable actions to address the situation—the employer can potentially be held liable for the actions of that employee. This concept has been applied to many employment situations.
Infinity screening programs can help employers avoid negligent retention lawsuits. If, for example, a company finds that one of its drivers was convicted of driving while intoxicated, the company can decide whether to allow the driver to continue deliveries, change that employee’s assignments, or take other appropriate actions. Without this information, the company would have difficulty defending itself in the case of a lawsuit if the driver had an accident while making a delivery and injured someone. The company might only discover during the trial that the driver had a suspended license and had been convicted of a DUI.
In such a situation, several questions are likely to arise in court. They may include whether it is reasonable to expect that the company should have been aware of the employee’s driving record, whether there were reasonable steps that the employer could have taken to have current information on the employee’s driving record, and, if the company had known of the incident, what action could have been taken? Companies could avoid this situation altogether by conducting infinity screening.
Infinity screening helps a company continually re-assess the risk an employee presents to the company over that employee’s work lifecycle. Infinity screening can help improve the organization’s risk- management posture. Businesses should embrace this opportunity to better manage their risk. n
Barry Nixon is executive director for the National Institute for Prevention of Workplace Violence, Inc. He is a member of ASIS International and serves on the ASIS Council on Crime and Loss Prevention.