HR Tips
HR TipsTracefyHR Team6 min read

Background Checks: What to Verify, What to Skip, What's Illegal

Background checks are a minefield. Do too little and you hire someone you shouldn't. Do too much and you violate federal law. Most small businesses either skip them entirely (risky) or outsource blindly to a service that runs every check available (expensive and sometimes illegal).

Here is the honest guide.

The checks worth running

1. Employment verification

Confirms that the candidate actually worked where they say they worked. Call the HR department, confirm dates and title. Takes 10 minutes, prevents the most common resume fraud.

2. Education verification

Only if the role requires a specific degree. Most small businesses over-verify this. Unless you need a licensed professional (lawyer, accountant, nurse), skip it for general knowledge-worker roles.

3. Professional reference checks

The single most valuable signal. Do these yourself, do not outsource to a service. Three references minimum. See the question list in hiring your first 10 employees.

4. Criminal background check

Necessary for roles involving vulnerable populations (children, elderly, healthcare patients), handling money, or security clearance. Outside those categories, "ban the box" laws in 14+ US states restrict how you can use criminal history in hiring. Check your state law.

5. Identity verification (I-9 or equivalent)

Legally required for every US employee, no exceptions. Do it right on day one.

The checks to skip (unless you have a specific reason)

  • Credit checks. Legal in most states but ethically dubious for most roles. Only use for finance roles with fiduciary responsibility. Banned in NYC, CA, CO, IL, MD, NV, OR, WA, VT for most positions.
  • Driving records. Only if the role involves driving on the job.
  • Drug testing. Controversial. Marijuana legalization complicates pre-employment drug screens. Skip unless safety-critical (pilots, commercial drivers).
  • Social media screens. Legal but risky. You see protected-class information (religion, family status, disability) that you are not allowed to factor in. If you look, you own the knowledge whether you used it or not.

What's illegal (US federal level)

  • Running a credit check without written consent (Fair Credit Reporting Act).
  • Rejecting based on bankruptcy: federal law prohibits this as an employment decision.
  • Asking about arrest records that didn't lead to conviction in most states.
  • Medical history questions before a job offer (Americans with Disabilities Act).
  • Genetic information of any kind (Genetic Information Nondiscrimination Act).
  • Pre-employment drug tests for marijuana in several states (CA, NY, NJ, WA, CT, NV, list grows yearly).
  • Asking for social media passwords: illegal in 26+ states.

FCRA compliance in 4 steps

If you use a background check vendor, you must comply with the Fair Credit Reporting Act:

  1. Written disclosure to the candidate on a standalone form (not buried in the application)
  2. Written authorization from the candidate before running the check
  3. "Pre-adverse action" notice if the report contains information that might lead you to reject, with a copy of the report and the candidate's rights
  4. "Adverse action" notice if you decide not to hire based on the report, with another copy and a dispute explanation

Skip any of these and you are exposed to a class-action lawsuit. These are not theoretical, they happen every year.

Working with a vendor

If you run more than 2 background checks per month, use a vendor. Checkr, GoodHire, and HireRight are the three most common. Expect to pay $25-$75 per check depending on what is included.

Questions to ask a vendor before signing:

  • Do you handle FCRA notices automatically or is that my responsibility?
  • Do you comply with state-specific ban-the-box laws?
  • What is the turnaround time for a standard package?
  • How do disputes get handled?

Making the hiring decision

A background check result is not a yes/no input to your hiring decision, it is context. If a conviction shows up, consider:

  • How long ago was it?
  • How relevant is it to the role?
  • What has the person done since?
  • What does the candidate say when you ask them directly?

"Individualized assessment" is the legally defensible standard. Blanket rejection policies get overturned in court.

Document your process

Whatever you decide to check, document it in your employee handbook and apply it consistently. Inconsistent application is the fastest way to a discrimination claim. See contractors vs employees for classification, different worker types may need different checks.

The TracefyHR angle

TracefyHR stores background check authorizations, completion dates, and compliance records in the employee profile, alongside I-9s and signed offers. No more lost PDFs in someone's inbox. See how it works →

Tags

background checkhiringcompliancelegalsmall business

More from the blog

H
HR Tips

Hiring Your First 10 Employees: The Playbook

The first 10 hires set the ceiling for everything that comes after. Here's the practical playbook for finding, evaluating, and closing the right first team.

7 min read
A
AI & Automation

AI Tools Every HR Team Should Actually Use in 2026

A hype-free review of the AI tools that actually help HR teams in 2026. Recruiting, onboarding, policies, performance, with specific recommendations.

7 min read
T
Industry Trends

The 4-Day Work Week: Should Your Small Business Try It?

The 4-day work week is no longer a fringe idea. Here's what the research really shows, which SMBs should try it, and a practical 90-day pilot framework.

7 min read

Start managing HR smarter

Join teams that use TracefyHR to streamline payroll, attendance, leave management, and more.

Get started freeExplore features