Good (and Bad) Background Checks

More organizations use background checks to investigate criminal histories and to make hiring and firing decisions. It's up to CSOs to make sure this powerful but flawed weapon doesn't backfire.

As a rule of thumb, the employer should follow either the strictest rule, or the one that governs the state where the job candidate lives. But there's no consensus about whose job it is to purge reports that can't be used.

Another area of confusion is what exactly constitutes a "third party" that is subject to the FCRA. Employers are free to call a job candidate's university to confirm her degree or to check employment history with past employers. As long as they do it themselves, they are also free to look up criminal records at a courthouse; that's public information. But what happens, for instance, when security departments gather information themselves by searching an online database? Marquis explains: "If the website merely diverts the employer to the public record site, it isn't a consumer reporting agency; if it 'assembles' the information, it is." All of this is tricky enough, however, that he recommends employers follow the FCRA regardless; if for no other reason, it's good business practice.

The process gets even murkier when companies are hiring employees from other countries, where records may not be public or cannot legally be used by employers. Japan, for instance, doesn't really allow background checks as we know them in the United States, and the European Union has restrictive policies on the kinds of data that employers can collect. Security departments have to team with local legal experts to create screening programs on a country-by-country basis.

"You work around it and obtain as much information as you can," says Lampeter of Boston-based State Street, which has employees in 24 countries. Because State Street is a financial services company, it has a legal obligation to make sure that it doesn't hire anyone with a history of crimes such as theft or money laundering. Lampeter relies on a global, cross-functional team of legal counsel, human resources and security to navigate the legal waters.

"What we have tried to do on a country-specific basis is evaluate and understand the local laws and labor practices," Lampeter says. "We're not, in many cases, able to implement 100 percent of the U.S.-based screening program in other countries, but we can implement an equivalent program within the balance of local laws and regulations."Mistakes Get MadeWhen researchers at the University of Maryland studied recidivism rates in a county in Virginia, they were unable to gain access to records housed by the state police; so, they decided to turn to the experts. To save valuable staff time, they enlisted a background check company to conduct a search on the 120 parolees and probationers that were part of the study, to see whether any additional arrests would appear on their records.