Imagine discovering your company’s standard screening process just cost you a $4 million class action. That’s exactly what happened to Dollar General, whose background-check forms buried extraneous notices inside the FCRA‑required disclosure.
Yet here’s the thing — most HR teams think they’re on solid ground. A 2024 study found 47% of employers aren’t completely confident their background check policy meets federal, state, and local regulations, or they don’t have one at all.
That false confidence is expensive. Over the past decade, employers have paid out $174 million to resolve background‑check class actions, with 40 companies paying $1 million or more. And individual statutory damages of $100–$1,000 per violation can multiply into staggering sums across an entire applicant pool.
This piece walks you through the hidden traps that fuel the biggest lawsuits, then hands you a six‑step audit you can run this quarter — before they cost you.
The Two Biggest FCRA Traps That Trigger Lawsuits (And Are Easily Preventable)
Trap #1: The Standalone Disclosure That Isn’t
FCRA requires a “clear and conspicuous” written disclosure, standing alone, before you pull a background check. Sounds simple, right?
The trouble starts when well‑meaning employers add state‑law notices, descriptions of the screening agency’s duties, or blanket authorizations — any “extraneous information” at all. Those additions convert a compliant form into a magnet for class actions.
The two most common FCRA lawsuit triggers are:
- failing to provide a standalone written disclosure
- botching the adverse action process.
7‑Eleven learned this the hard way, paying nearly $2 million for including state law facts, provider info, and a blanket authorization in a single document. Frito‑Lay’s $2.4 million settlement came down to a form with “impermissible extraneous information” (HR Dive).
The fix is embarrassingly straightforward: use a truly standalone disclosure. Separate the authorization from the disclosure if you must. The form should contain nothing but the disclosure itself — no waivers, no footnotes, no extra sentences.
Trap #2: The Adverse Action Process Most Employers Skip
Here’s a number that should keep you up at night: 70% of employers don’t always follow the FCRA’s adverse action process when they decide not to hire someone based on background check results. Skipping it is basically an invitation to plaintiffs’ attorneys — a mechanical violation that requires no proof of harm, just a missing notice.
The process has two steps. First, before you make a final decision, you send a pre‑adverse action notice along with a copy of the report and a summary of the candidate’s rights under the FCRA. Then you give the person a “reasonable time” to dispute inaccuracies. Only after that do you send the final adverse action notice.
Many employers rush, skip the pre‑adverse notice, or fail to document the waiting period.
Make sure you’re using the CFPB’s updated Summary of Rights form — mandatory as of March 20, 2024. Non‑compliance on the form alone can trigger lawsuits.
The Hidden Tax: Discrimination and EEOC Guidelines You Can’t Afford to Ignore
Discrimination claims add a whole extra layer of risk on top of FCRA violations. In fiscal year 2022, the EEOC secured over $513 million for victims of discrimination and resolved more than 65,000 charges. Criminal‑background policies are a particular flashpoint.
Target paid over $3.7 million to settle claims that its overly broad, outdated screening policy discriminated against African‑American and Latino applicants under Title VII (NAACP LDF).
The missing ingredient? Individualized assessment. 47% of employers may be overlooking the EEOC’s “nature‑time‑nature” (Green Factors) test — the requirement to consider the nature of the offense, the time that’s passed, and its relevance to the specific job.
Meanwhile, ban‑the‑box laws now cover 37 states and over 150 cities/counties, with 15 states extending fair‑chance laws to private employers.
A blanket policy that automatically excludes anyone with a criminal record is a ticking time bomb. Your audit has to confirm you’re documenting an individualized assessment for every criminal history that surfaces, not using a one‑size‑fits‑all exclusion.
Accuracy Nightmares: When Background Checks Get It Wrong
Even perfect compliance can’t protect you if the data itself is garbage. A University of Maryland study published in Criminology found that more than half of 101 participants had at least one false‑positive error on their background checks, and roughly 90% had false‑negative errors — all driven by name‑ and birth‑date‑based data aggregation instead of fingerprinting.
The lawsuit headlines are brutal. ADP settled a case in July 2024 after reporting a job candidate as a convicted murderer due to an alias error. That same year, another Texas applicant sued ADP when a false first‑degree felony conviction cost him a job offer.
In December 2024, Sterling Infosystems was sued for mixing up a candidate with a person of a different race who had an active arrest warrant.
The CFPB’s January 2024 advisory opinion made it crystal clear: screening agencies must have “reasonable procedures to assure maximum possible accuracy,” including not reporting expunged or sealed records, including disposition information for every court filing, and preventing duplicate entries.
When you’re auditing your criminal background checks process, demand that your CRA confirms these safeguards — and give candidates a clear, fast way to flag inaccuracies the moment they arise.
The State‑Level Compliance Maze That Multiplies Your Risk
Federal rules are one thing. But the state map? It’s a patchwork quilt that changes every legislative session. In the last five years alone, 12 states have passed Clean Slate laws that automatically expunge certain crimes — meaning background check providers, and by extension employers, can no longer report those records.
Beyond Clean Slate, the ban‑the‑box movement has swept the nation: 37 states and over 150 cities/counties have adopted fair‑chance policies, and more than four‑fifths of the U.S. population now lives in a jurisdiction with some form of ban‑the-box law.
A multi‑state employer that applies a single screening policy everywhere is almost certainly violating local restrictions — credit check limits here, salary‑history bans there, criminal history cut‑offs everywhere.
The audit you run has to map every hiring location to its specific requirements and confirm your disclosure and adverse‑action workflows match. Using technology that automates jurisdiction‑specific rules makes this exponentially easier — but you still need the map first.
The Compliance Audit Framework: 6 Steps to Fortify Your Process Immediately
This isn’t theoretical. Pull your current forms and follow these six checks. They’re simple, repeatable, and cost a fraction of one statutory‑damages judgment.
1. Disclosure & Authorization Audit
Grab your standalone disclosure document. If it contains state‑law references, liability waivers, future‑check authorizations, or anything beyond the pure disclosure, strip it out. Then confirm you’re obtaining signed authorization separately after the disclosure.
Frito‑Lay’s $2.4 million settlement came down to a single form with impermissible extras — don’t let yours be next.
2. Adverse Action Process Audit
Check that every candidate you rejected because of a background report received a pre‑adverse notice, a copy of the report, and the updated CFPB Summary of Rights.
Document the exact waiting period you allowed, and keep a record of the final adverse action notice.
3. Individualized Assessment Audit
Verify that your adjudication process applies the EEOC’s Green Factors for every criminal record. If you spot a blanket rule — “no felonies, ever” — kill it. Replace it with a documented evaluation that weighs nature, time, and job relevance.
4. Accuracy & CRA Oversight Audit
Require your background check provider to confirm they exclude expunged and sealed records, include disposition data for all entries, and prevent duplicates, exactly as the CFPB’s 2024 opinion demands.
Build an internal candidate dispute escalation process, and add employment verification cross‑checks to corroborate records from multiple sources.
5. State & Local Law Alignment Audit
Map every hiring jurisdiction to its specific fair‑chance and ban‑the-box requirements. Then update your policy annually — 12 new Clean Slate laws in five years shows how quickly this space moves.
6. Documentation & Recordkeeping Audit
Keep complete records of disclosures, authorizations, reports, adverse action steps, and individualized assessments for at least one year from the date the record was made or the personnel action was taken, whichever comes later. In a lawsuit, a clean audit trail is your best defense.
To help operationalize this framework, Checkr background check is FCRA‑compliant — complete with standalone disclosure forms, automated adverse action workflows, and built‑in jurisdictional rule engines — directly into the screening process.
Caveats & Counterpoints: What Even a Perfect Audit Can’t Guarantee
An airtight internal process dramatically reduces risk, but it can’t eliminate it entirely. Background‑check errors by third‑party agencies — like the ADP and Sterling mix‑ups — can still harm candidates and trigger litigation.
And regulations don’t stand still: CFPB guidance and state Clean Slate laws are moving targets, so an audit done today could be outdated in six months.
This framework is not a replacement for employment counsel. Especially in class‑action prevention, a lawyer’s review of your actual disclosure forms and adverse action letters is essential.
Finally, audits work best when paired with regular CRA quality metrics and candidate feedback loops — areas where even mature screening programs often have room to improve.
Audits Aren’t a Luxury — They’re Your Cheapest Insurance
$174 million in settlements. 70% of employers are skipping adverse action. Forty-seven percent of employers surveyed admitted they aren’t completely confident their background check policy complies with federal, state, and local regulations—or don’t have one at all (4%).
The compliance traps in pre‑employment background screening aren’t hiding — they’re sitting right inside your current process.
The six‑part audit above is simple, repeatable, and costs far less than a single statutory‑damages judgment. Pull your disclosure form, your adverse action logs, and your CRA’s accuracy report. Run the audit this quarter.
The lawsuits aren’t slowing down, but the fixes are entirely within your control.
