Background checks: worries about personnel integrity are creating a few worries of their own

CFO: Magazine for Senior Financial Executives,  August, 2005  by Kris Frieswick

• E-mail
• Print
• Link

CRIME PREDICTORS To date, no organization has ever produced empirical evidence that background checks can reduce the incidence of fraud. In fact, the cost of employee fraud has remained steady since 2000, at about 6 percent of GDP, according to the Association of Certified Fraud Examiners (ACFE). A study by that group in 2004 reveals that most corporate fraud is committed by first-time offenders; only 12 percent are repeat offenders.

That's not to say that background checks are useless. They are certainly e ffective at weeding out people who are trying to hide an unsavory past. But the absence of guidelines on how to use background-check results means that managers are relying on gut instinct in evaluating them. "Most companies don't have guidelines," says Mark Jacoby, senior partner in the employment law practice group of Weil, Gotshal & Manges LLP in Manhattan. "I think it's generally a judgment call. You look at all the information at your disposal and ask if any of it raises a red flag."

The federal Fair Credit Reporting Act governs third-party "consumer reports," which include credit reports; the more in-depth "investigative consumer reports," which can include interviews with neighbors and associates; and criminal background checks. (The act does not apply to companies that conduct background checks in-house.) But state employment law varies widely, and are often stringent. Neither state nor federal rules offer guidance on how the data in the reports should be interpreted.

Absent real guidelines, either a company's legal department or HR bears de facto responsibility for developing background-check policies. It is also charged with protecting the safety and eventual destruction of whatever personal employee data is gathered.

New Federal Trade Commission rules that went into effect as of June 1 mandate that any consumer credit information discarded by a company must be destroyed properly so that it cannot be retrieved or reused. As recent data breaches at Bank of America and Time Warner show, this is far easier said than done, especially since the market for illegally procured personal data is expanding. Although no laws currently mandate handling or destruction rules governing noncredit data collected for a background check, experts say employers may still be liable if that data is stolen or misappropriated.

"If your company is collecting data for a business purpose," says J. Michael Gibbons, vice president for federal security services at Unisys, "how you handle, store, and destroy it is all subject to some concept of negligence. If you mishandle it, or don't protect it properly, I think you'll be subject to civil judgments" if the data is subsequently misused.

Eliminating background checks altogether is not really an option. Many industries now require checks for certain types of workers and prohibit hiring or licensing of anyone with a criminal history. For others, checks are just common sense. At Sunstone Hotel Properties, a hotel management firm and division of Interstate Hotels, every employee from a housekeeper to the CEO is subject to a background check.