Background Checks

State and federal laws protect employees against the unfair and discriminatory use of background and credit checks by employers.


Fair Credit Reporting Act (“FCRA”) (15 U.S.C. § 1681 et seq.

Discriminatory Use of Background Checks

It is illegal under state and federal anti-discrimination laws for an employer to conduct background checks of job applicants based on the applicant’s race, gender, national origin, or any other protected characteristic. 

Unfair Use of Background Checks

When conducting background and credit checks, the employer must comply with very specific requirements under state and federal laws. Employees/applicants can sue for actual damages or penalties ranging from $100 to $1,000 for willful violations of the FCRA.  

General Requirements

When an outside company prepares a background report, the FCRA requires the employer to:

  • Give the employee/applicant notice on a separate document that a report may be required.  This notice cannot be buried within other documents such as an employee handbook.
  • Obtain the employee/applicant’s written authorization.  The authorization must be limited to just that; it cannot ask you to waive other rights in addition to providing authorization for the background check.
  • Get the employee/applicant’s specific permission if medical information is requested.
  • Provide specific notice if an employee/applicant’s neighbors, friends, or associates will be interviewed about “character, general reputation, personal characteristics, or mode of living”

Before Any Adverse Action May Be Taken

Before the employer takes any adverse action against an employee/applicant based on information garnered from a background check, the employer must provide a notice that includes a copy of the consumer report the employer relied on to make the decision, and a copy of: “A Summary of Your Rights Under the Fair Credit Reporting Act.”

After Adverse Action Is Taken

After taking an adverse employment action, the employer must, among other things, inform the employee/applicant of the following: that he or she was rejected because of information in the report; the name, address, and phone number of the company that sold the report; and that he or she has a right to dispute the accuracy or completeness of the report and get an additional free report from the reporting company within 60 days.


California Consumer Credit Reporting Agencies Act (“CCRAA”) (Cal. Civ. Code § 1785, et seq.)  

California Investigative Consumer Reporting Agencies Act (“ICRRA”) (Cal. Civ. Code § 1786.10, et seq.)

The CCRAA and ICRRA are similar to the FCRA, but they provide California employees with even greater privacy protections. For instance, the FCRA only applies when an employer uses an outside company to conduct the background report, while the CCRAA applies even when an employer does the background check internally (if an employer chooses a self-screening method, the employer must provide you with a box to check on an application or other document that asks if you would like a copy of public records).

Another difference is that under the FCRA, once an employee/applicant gives permission for background check, the employer does not need to get your permission to run a check in the future. However, under California law, an employer must give an employee notice and secure permission “at any time an investigative consumer report is sought for employment other than suspicion of wrongdoing or misconduct.” 

Under the CCRAA, employees/applicants can sue for actual damages or penalties of up to $5,000.


Unsolicited Telemarketing Calls - The Telephone Consumer Protection Act (“TCPA”) (47 U.S.C. § 227)

The TCPA restricts the making of telemarketing calls and the use of automatic telephone dialing systems and artificial or prerecorded voice messages:

  • A “telemarketing” call is a call made by advertisers that market products or services. Purely informational calls and calls for non-commercial purposes are exempt. 
  • An “autodialed” call is a phone call that is made using an “autodialer,” or automatic telephone dialing system, that can produce, store and call telephone numbers using a random or sequential number generator. 
  • A “robocall” is a phone call that uses an “autodialer” system to deliver a pre-recorded telemarketing message. SMS text messages to cellular phones are considered “calls” under the TCPA. The TCPA applies to both voice and text messages, if they are transmitted for marketing purposes. The TCPA has been interpreted in recent years to prohibit the sending of unsolicited commercial text messages to cell phones – with limited exceptions (i.e., messages sent for emergency purposes).

Prior express written consent is required for:

  • All autodialed and/or pre-recorded calls/texts sent/made to cell phones.
  • All pre-recorded calls made to residential land lines for marketing purposes. Note that even if you have an “established business relationship,” the company still has to obtain your written consent.

Consumer consent must be unambiguous, meaning that the consumer must receive a “clear and conspicuous disclosure” that he/she will receive future calls that deliver autodialed and/or pre-recorded telemarketing messages on behalf of a specific advertiser; that his/her consent is not a condition of purchase; and he/she must designate a phone number at which to be reached (which should not be pre-populated by the advertiser in an online form). Limited exceptions apply to this requirement, such as calls/texts from the consumer’s cellular carrier, debt collectors, schools, informational notices and healthcare-related calls.

The TCPA provides for either actual damages or statutory damages ranging from $500 to $1,500 per unsolicited call/message. 


Illegal Call Recording

Under California Penal Code § 631 et seq., it is unlawful for any person to record a telephone conversation, where at least one end of the line is a cellular or cordless phone, without the express consent of all parties to the conversation. A person who violates this law is subject to penalties of up to $2,500 per violation.


Unlawful Requests for Personal Identifying Information During Retail Purchases

Under the California Song-Beverly Act (Cal. Civil Code1747.08) retailers are prohibited from collecting and storing personal identification information (“PII”) from customers when completing credit card transactions. PII includes information not on the credit card, such as your address, telephone number, or even just your zip code. The retailer may demand reasonable identification, but may not record PII by entering it into the cash register, for instance, at the time of the transaction. There are exceptions to this law, and it generally does not apply to transactions conducted online or via telephone or mail.

A retailer that violates the Song-Beverly Act may be subject to penalties of up to $1,000 per violation.


Unlawful Storage of Credit Card Information

The Fair and Accurate Credit Transactions Act (“FACTA”) (15 U.S.C. § 1681 et seq.) mandates that retailers adhere to certain criteria in order to protect consumers’ personal information and help prevent credit card fraud and identity theft. FACTA applies to all forms of electronically printed customer receipts that are printed during a transaction by a cash register, self-service kiosk, or by other means or machines. Under FACTA, a retailer can only include the last five digits of a debit or credit card number on a receipt, and additionally, the receipt cannot list the expiration date of a debit or credit card. For instance, a receipt that lists “xxxx xxxx xx33 xxxx” would be in violation of FACTA, even though there are fewer than five digits listed, because the digits listed were not part of the last five digits.

A retailer that violates FACTA may be subject to penalties of up to $1,000 per violation.