Is a Credit Score Included in an Employment Background Check?
*Originally published for the CIC monthly newsletter in 2014.
A common misconception about employment background checks is the inclusion of a credit score.
With proper authorization, employers are allowed to conduct different types of background checks on job applicants. This includes running a "credit report" on each candidate.
For some job classifications--including financial roles and middle to top management positions--a review of each candidate's credit history can help to evaluate the competency and responsible nature of the candidate.
Contrary to popular belief, employers do not obtain a "credit score" when running a credit check on an applicant. What employers do receive is historical financial repayment information on various debts, including loans, credit cards, and mortgages. This may show debt to income ratio, but no credit score is assessed. Also, researching a pre-employment credit report does not negatively affect a job applicant's credit score.
The actual "credit report" is included in the final report along with the results of the other research requested by the employer. If a candidate's credit history does not meet the employer's hiring criteria for a particular job and the employer chooses not to pursue the candidate further, the employer must follow the Adverse Action Process.
Please feel free to review other details about different types of background checks in the National Association of Professional Background Screeners' (NAPBS) document titled The Facts about Background Checks.
Tips: Employment Applications and Background Checks
*Originally published for the CIC monthly newsletter in 2014. Parts of this article have been redacted per agreement with the original publisher.
Here are some key points about using employment applications and background checks in the workplace. Following these tips will help you keep a Safe Hiring Program in place.
1. The Fair Credit Reporting Act (FCRA) requires that a background check disclosure should be made by an employer on a standalone form. That is, the employer's disclosure that a background check may be run for employment purposes should not be contained within the employment application form. This is itemized in the FCRA under Section 604(b)(2)(A)(i).
The federal courts reserve the right to punish non-compliant parties under Section 619 of the FCRA ("Obtaining information under false pretenses").
2. Personally Identifiable Information (PII) is helpful in running accurate and quick background checks. Information such as Social Security Number (SSN) and Date of Birth (DOB) should be included with the background check consent form. However, this PII is not necessary for employment decision-making and should be omitted from the employment application.
Having PII such as DOB on an employment application leaves the door open for claims such as age discrimination in the hiring process.
3. "Ban the Box" is an emerging movement--it pertains to the checkbox that an employer may include on an employment application to ask applicants about whether or not they have prior criminal records. If your local jurisdiction has implemented a "Ban the Box" ordinance, then you must remove this checkbox from your employment applications.
Local jurisdictions reserve the right to levy fines and other punishments if an employer is not in compliance with a "Ban the Box" ordinance.
4. Legal counsel can help you with creating and updating your employment applications. This includes statements about "at will" employment and truthfulness, accuracy, and fullness in completing the application.
Such statements provide clarity to job applicants while also protecting employers from issues such as resume fraud.
Testing the Lack of Smartphone Security
*Originally published for the CIC monthly newsletter in 2014.
In 2011-2012, Symantec commissioned a project called "The Symantec Smartphone Honey Stick Project".
The purpose of the study was to simulate losing a smartphone and the ensuing consequences of the phone being found by a stranger. The researchers wanted to evaluate how finders would try to return the phone and/or try to access data on the phone or within phone applications.
In the project, 50 smartphones were "lost" in the U.S. and Canada. The applications contained within the phones were separated into 3 categories: personal, corporate, and neutral.
Out of 50 "lost" phones. only 50% of the finders contacted the owner to try to return the phone. Meanwhile, 96% of the finders went ahead and accessed data on the phones. This included nearly 90% accessing personal data, over 80% accessing corporate data, and 70% accessing both personal and corporate data.
In 2014, Symantec Canada commissioned another "Honey Stick" project, which involved 60 "lost" phones and yielded similar results.
In today's society, smartphones are not just personal devices--many are used for business purposes. As such, companies need to take appropriate steps to protect their networks and databases as well as any other devices--including smartphones--that are used to get access to their systems.