Background Check Record Retention: How Long to Keep
Introduction
Background check record retention refers to the legal requirements governing how long employers, screening companies, and other entities must maintain documents related to employment screening processes. These regulations establish specific timeframes for keeping various types of records, from initial applications and background reports to adverse action notices and employee personnel files.
This comprehensive framework applies to virtually all employers who conduct background checks, regardless of size or industry, as well as Consumer Reporting Agencies (CRAs) that provide screening services. The requirements stem from multiple federal laws, including the Fair Credit Reporting Act (FCRA), Equal Employment Opportunity Commission (EEOC) guidelines, and various labor standards, each with distinct retention periods and documentation requirements.
Compliance with background check record retention laws is crucial for several reasons. First, proper record-keeping protects organizations from discrimination lawsuits by providing documented evidence of fair hiring practices. Second, it ensures compliance during government audits and investigations. Third, it helps maintain transparency and accountability in hiring decisions. Finally, failure to comply can result in significant financial penalties, legal liability, and reputational damage that far exceeds the cost of implementing proper retention policies.
Legal Overview
The legal framework for background check record retention is built on several key federal statutes, each addressing different aspects of the employment screening process.
Fair Credit Reporting Act (FCRA) serves as the primary federal law governing background checks. Under FCRA Section 615, employers must retain copies of any adverse action notices for at least three years. This includes pre-adverse action notices, final adverse action letters, and all supporting documentation. The law also requires Consumer Reporting Agencies to maintain reasonable procedures to ensure maximum possible accuracy and to provide consumers with access to their files.
Equal Employment Opportunity Commission (EEOC) regulations require employers to preserve employment records for varying periods depending on the type of document and company size. Under Title VII of the Civil Rights Act, employers with 15 or more employees must retain all personnel records, including background check results, for at least one year from the date of termination or the date the employment action was taken, whichever is later.
Age Discrimination in Employment Act (ADEA) mandates that employers keep payroll records and other employment documents for three years, while personnel records must be retained for one year after termination.
The enforcement mechanism includes both private civil actions and government investigations. The Federal Trade Commission (FTC) enforces FCRA compliance for CRAs and can impose civil penalties up to $4,304 per violation. The EEOC can investigate discrimination complaints and may require access to retained records dating back several years. Individual plaintiffs can seek actual damages, attorney fees, and in cases of willful non-compliance, punitive damages ranging from $100 to $1,000 per violation, plus statutory damages.
Rights and obligations under these laws include the employer’s duty to provide proper notices, obtain written authorization for background checks, and maintain accurate records. Employees and applicants have rights to access their records, dispute inaccurate information, and receive copies of background reports used in employment decisions.
Who Must Comply
Covered Entities include virtually all employers who conduct background checks, regardless of industry or company size. This encompasses private companies, non-profit organizations, government agencies, staffing firms, and independent contractors who make hiring decisions. Consumer Reporting Agencies, including national background check providers, local screening companies, and specialized verification services, must also comply with retention requirements.
Educational institutions conducting employee background checks, healthcare facilities screening workers, financial services companies, and transportation companies subject to DOT regulations all fall under these requirements. Additionally, any organization that uses third-party screening services shares compliance responsibilities with their CRA partners.
Size-Based Variations affect specific requirements. Companies with fewer than 15 employees are exempt from certain EEOC record retention requirements under Title VII, but must still comply with FCRA obligations. Organizations with 20 or more employees face additional ADEA requirements. Federal contractors and subcontractors often have extended retention periods regardless of size.
Exemptions are limited but include certain small employers for specific EEOC requirements, some agricultural employers, and private membership clubs. However, FCRA obligations generally apply regardless of these exemptions when consumer reports are used for employment purposes.
Determining Applicability requires analyzing several factors: the size of your workforce, whether you conduct background checks directly or through third parties, your industry’s specific regulations, any federal contracts or subcontracts, and your geographic scope of operations. Multi-state employers must consider varying state requirements, while companies in regulated industries like healthcare, finance, or transportation may face additional sector-specific retention requirements.
Requirements Breakdown
Federal Retention Periods establish the baseline requirements across different document types:
FCRA-Related Documents must be retained for three years, including all adverse action notices, pre-adverse action communications, consumer report copies provided to applicants, written authorizations for background checks, and certification forms submitted to CRAs.
EEOC-Required Records have varying retention periods. Personnel records, including background check results and hiring decision documentation, must be kept for one year after termination. Application materials, including those from unsuccessful candidates, require six-month retention for most employers, extended to one year for federal contractors. Payroll and benefits records require three-year retention under ADEA.
Specific Documentation Requirements include maintaining complete copies of all background reports received, preserving original signed authorization forms, retaining all correspondence between employer and CRA, documenting any disputes or corrections to background information, and keeping records of training provided to employees involved in the screening process.
Format and Storage Standards allow for both physical and electronic record retention, provided the information remains accurate, legible, and accessible. Electronic storage systems must include appropriate backup procedures, access controls to protect sensitive information, and the ability to produce records in a reasonable timeframe upon request.
Special Considerations apply to certain document types. Medical information obtained during background checks must be stored separately from other personnel records and maintained in confidential files. Drug and alcohol testing records have specific retention requirements under DOT regulations. Immigration-related verification documents (I-9 forms) must be retained for three years after hiring or one year after termination, whichever is longer.
Compliance Steps
Implementation Checklist for establishing compliant retention practices:
Step 1: Audit Current Practices by reviewing existing record retention policies, identifying all types of background check-related documents currently collected, assessing current storage methods and security measures, and determining gaps between current practices and legal requirements.
Step 2: Develop Written Policies that clearly define retention periods for each document type, establish procedures for secure storage and access, designate responsible personnel for record maintenance, and create protocols for record disposal at the end of retention periods.
Step 3: Implement Storage Systems that ensure security and accessibility. This includes establishing secure physical storage with limited access, implementing electronic document management systems with appropriate backups, creating indexing systems for efficient record retrieval, and ensuring compliance with privacy and data protection requirements.
Step 4: Train Personnel involved in the background check process on retention requirements, proper handling and storage procedures, confidentiality obligations, and procedures for responding to record requests or audits.
Step 5: Establish Monitoring Procedures including regular audits of retention compliance, periodic review and updates to policies, tracking of retention periods and disposal schedules, and documentation of any record requests or disputes.
Best Practices include maintaining records longer than minimum requirements when practical, implementing redundant storage systems to prevent data loss, regularly backing up electronic records, creating detailed logs of record access and modifications, and establishing relationships with qualified legal counsel for compliance guidance.
Technology Solutions can streamline compliance through automated retention tracking systems, secure cloud-based storage platforms, integrated background check and record management platforms, and automated alerts for approaching disposal dates.
Common Violations
Documentation Failures represent the most frequent compliance issues. Many organizations fail to maintain complete copies of adverse action notices or lose track of required documentation over time. Some employers retain background reports but fail to preserve the accompanying authorization forms or correspondence with screening agencies.
Timing Violations occur when organizations dispose of records prematurely or fail to maintain them for the full required period. A common mistake involves calculating retention periods from the wrong date, such as using the background check date instead of the termination date for personnel records.
Access and Security Issues arise when records are not properly secured or when unauthorized personnel have access to confidential information. Some organizations fail to segregate medical information or maintain separate files for different types of sensitive data.
Case Examples (anonymized) illustrate common violations:
A mid-size retailer faced EEOC penalties after discarding background check records six months after hiring, believing they were no longer needed. When discrimination complaints were filed two years later, the company couldn’t produce documentation to defend their hiring practices, resulting in significant settlement costs.
A healthcare facility received FTC fines for failing to maintain proper adverse action documentation. When audited, they could not produce copies of pre-adverse action notices or evidence that applicants received required waiting periods before final decisions were made.
A staffing agency discovered during a client audit that their electronic storage system had been automatically deleting background check records after one year, violating three-year FCRA requirements. They faced both regulatory penalties and client contract violations.
How to Fix Issues depends on the nature of the violation. For ongoing compliance gaps, immediately implement proper retention procedures and conduct comprehensive training. For past violations discovered during audits, work with legal counsel to assess exposure and develop remediation strategies. Consider voluntary disclosure to regulatory agencies when appropriate, and always document corrective actions taken.
State Variations
While federal laws establish baseline requirements, many states impose additional or extended retention periods that create a complex compliance landscape for multi-state employers.
Stricter State Requirements often exceed federal minimums. California requires retention of personnel records for at least three years, longer than the federal one-year requirement. New York mandates six-year retention for certain employment records. Illinois requires three-year retention of job application records, exceeding federal requirements.
Notable State Differences include specific protections for certain types of information. Massachusetts restricts the use of criminal records and requires specific documentation of compliance with state guidelines. Texas has detailed requirements for storing and accessing employment records. Florida mandates specific retention periods for public sector employees that differ from private sector requirements.
Industry-Specific State Rules add another layer of complexity. Healthcare workers’ background check records may require extended retention in states like Pennsylvania and Ohio. Educational institutions face varying state requirements for Continuous Background Monitoring: documentation. Financial services companies must comply with state banking regulations that may extend retention requirements.
Multi-State Considerations require employers to identify the most restrictive requirements among all states where they operate and apply those standards uniformly to ensure comprehensive compliance. This approach simplifies administration while ensuring adherence to all applicable laws.
Practical Multi-State Strategies include maintaining a comprehensive matrix of state requirements, implementing the longest retention period applicable to any jurisdiction, regularly monitoring state law changes, and consulting with employment attorneys familiar with relevant state requirements.
Frequently Asked Questions
1. How long must employers keep background check reports after an employee is terminated?
Under FCRA, adverse action notices must be retained for three years. EEOC guidelines require personnel records, including background check results, to be kept for one year after termination. However, some states require longer periods, and best practice suggests retaining all background check documentation for at least three years to ensure compliance with all applicable laws.
2. Are there different retention requirements for applicants who weren’t hired versus those who were?
Yes, the requirements can differ. For hired employees, retention periods typically run from the termination date. For unsuccessful applicants, EEOC requires six months retention of application materials (one year for federal contractors), while FCRA adverse action notices must be kept for three years regardless of hiring outcome. The longest applicable period should govern your retention policy.
3. Can background check records be stored electronically, or must they be kept in physical form?
Both electronic and physical storage are acceptable, provided the records remain accurate, legible, and accessible throughout the retention period. Electronic storage must include proper backup procedures, security measures to protect confidential information, and the ability to produce records promptly when requested by regulatory agencies or in legal proceedings.
4. What happens if we discover we’ve been disposing of records too early?
Immediately stop improper disposal and implement correct retention procedures. Document the corrective actions taken and consider consulting with employment law counsel to assess potential exposure. While past violations can’t be undone, demonstrating good faith efforts to achieve compliance may help mitigate penalties if violations are discovered during audits or investigations.
5. Do retention requirements differ for different types of background checks?
While the core FCRA and EEOC requirements apply broadly, some specialized screenings have additional requirements. DOT-regulated drug and alcohol testing records have specific retention periods. Medical information must be stored separately and may have extended retention requirements. Credit checks, when permitted, may have additional state law considerations. Always identify the most restrictive requirement applicable to each type of screening conducted.
Conclusion
Background check record retention compliance is a critical but manageable aspect of employment screening that requires careful attention to multiple legal frameworks and varying state requirements. Success depends on understanding the applicable laws, implementing comprehensive policies and procedures, and maintaining consistent practices over time.
The key to effective compliance lies in treating retention requirements as an integrated part of your overall background screening process rather than an afterthought. By establishing clear policies, training responsible personnel, implementing secure storage systems, and regularly auditing your practices, organizations can protect themselves from regulatory penalties while supporting fair and transparent hiring practices.
Remember that this guidance provides educational information about general legal requirements, but specific situations may require consultation with qualified employment law attorneys who can provide advice tailored to your organization’s unique circumstances and risk profile.
Ready to streamline your background screening process with built-in compliance support? BackgroundChecker.com provides fast, affordable, and FCRA-compliant background checks trusted by individuals, landlords, small businesses, and enterprise HR teams nationwide. Our easy online process delivers clear, comprehensive reports with dedicated support to help you maintain compliance while making informed hiring decisions. With transparent pricing and quick turnaround times, we make background screening simple and compliant. [Start your compliant background check today](https://backgroundchecker.com) and experience the difference that proper screening procedures can make for your organization.
