Background Screening Compliance Updates Employers Need to Watch

What changed in 2026: the headline rules

Several jurisdictions introduced near-term changes that directly affect criminal history reporting, timing of inquiries, and candidate data protection. These developments require immediate attention from HR and recruiting teams:

• Virginia — Clean Slate (effective July 1, 2026): Many misdemeanors and some lower-level felonies will be automatically sealed and therefore non-reportable on consumer background checks. Employers must ensure screening vendors suppress sealed records and that policy treats sealed records as if they don’t exist for hiring decisions.
• Philadelphia — Amended Fair Criminal Record Screening Standards (effective January 6, 2026): Shorter misdemeanor lookback periods, bans on reporting certain minor offenses, and new procedural requirements including written pre-adverse notices with an opportunity for the applicant to respond before any adverse action.
• Washington (HB 1747) — Expanded Fair Chance (phased in starting July 1, 2026 for employers with 15+ employees): Prohibits asking about criminal history before a conditional offer, bans adverse actions based on arrests or juvenile convictions, and requires employers to justify use of adult convictions with legitimate business reasons while allowing applicants time to provide mitigating evidence. Civil penalties can apply, with first-violation fines up to $1,500.
• Indiana & Kentucky — New Consumer Data Protection Acts (effective January 1, 2026): These statutes impose privacy obligations on entities that collect candidate screening data, including notice requirements, candidate access and correction rights, and deletion obligations for controllers and processors.
• FCRA enforcement environment: While federal regulatory enforcement fell, FCRA litigation against employers rose by more than 36% year-to-date by the end of 2025. That trend emphasizes civil risk from procedural mistakes — inaccurate reports, failure to suppress sealed records, or defective adverse action notices.

Why timing, suppression, and individualized assessments matter

Recent laws map to three practical compliance levers:

1. Timing of inquiries — More jurisdictions require criminal history inquiries only after a conditional offer. Asking earlier risks violating state fair chance rules and can trigger costly rescission disputes.
2. Suppression of sealed/expunged records — Clean slate laws and sealing expansions mean records once visible on public databases will soon be non-reportable. Failure to suppress sealed records can lead to wrongful adverse employment actions.
3. Individualized assessments — Blanket exclusions based on criminal history are increasingly unlawful. Employers must show job-relatedness, provide notice, and permit applicants to present mitigating evidence before taking adverse action.

Interaction with the FCRA: These levers also interact with FCRA obligations (permissible purpose, consumer consent, disclosure, and two-step adverse action notices). For example, even if a report shows a conviction, an employer still needs to perform an individualized assessment and follow required pre-adverse and final adverse action steps under the FCRA — and state laws often add additional steps or timing windows.

Operational changes HR and recruiting teams should make now

To reduce legal exposure and keep hiring efficient, take these operational steps:

• Audit vendor capabilities
  • Confirm automatic suppression of sealed/expunged records in states like Virginia.
  • Verify workflows prevent criminal queries before conditional offers where required (e.g., Washington, Philadelphia).
  • Ensure the vendor’s adverse action templates and timing support both FCRA and state-specific pre-adverse notice requirements.
• Update job postings, applications, and internal policies
  • Remove questions about criminal history from job applications in jurisdictions where the law requires post-offer inquiries.
  • Add clear, role-specific statements explaining background checks will be performed after a conditional offer (where applicable).
• Revise adjudication matrices and screening criteria
  • Replace blanket disqualifiers with job-relevant, tiered criteria. Require individualized assessments for potentially disqualifying convictions and document the business justification tied to job duties.
• Train recruiting and HR staff
  • Teach teams how to handle pre-adverse notices, candidate response windows, and documentation expectations.
  • Reinforce that records sealed under clean-slate laws are treated as non-existent for hiring.
• Strengthen data privacy controls
  • Update candidate privacy notices to reflect Indiana and Kentucky consumer data protection obligations.
  • Confirm retention and deletion policies meet new deletion and access-rights requirements and implement secure disposal workflows.
• Document decisions and maintain audit trails
  • Record the business necessity analysis, applicant responses, and the rationale for any adverse action. Comprehensive documentation helps in defending against FCRA claims and state enforcement.

Practical checklist for vendor selection and integration

When your background screening vendor contract comes up for renewal or you’re onboarding a new provider, evaluate them against this checklist:

• Can the vendor automatically suppress sealed/expunged records by jurisdiction and update suppression logic when laws change?
• Do their systems block criminal-history searches until the employer marks a candidate as having a conditional offer?
• Are their adverse action workflows compliant with FCRA and tailored for state-specific pre-adverse timing and notice language?
• Do they support role-based report configurations to limit data to job-relevant categories?
• Can they produce audit-ready documentation for individualized assessments and decision rationales?
• Do they support data subject access, correction, and deletion requests required under state privacy laws?

Choosing a vendor that continuously monitors legal changes and operationalizes them into the product reduces manual error and litigation exposure.

Handling adverse actions the defensible way

Adverse action missteps are a leading source of FCRA litigation. Follow these steps to reduce risk:

1. Verify report accuracy and that it contains only legally reportable information for the jurisdiction and timing of the decision.
2. If the report includes disqualifying information, perform a documented individualized assessment tying the conviction or conduct to the essential job functions and public safety considerations.
3. Provide a clear, written pre-adverse notice that includes the report, a summary of rights, and a reasonable timeframe for the candidate to respond or provide mitigating evidence.
4. Consider any new information the applicant provides, reassess, and then issue a final adverse action notice if still taking adverse action. Ensure both the pre-adverse and final notices satisfy FCRA and any state-specific content or delivery requirements.

Important: Treat sealed records as non-existent in your assessment. If a vendor failed to suppress a sealed record, pause decision-making until the vendor corrects the report.

Comprehensive documentation and careful timing are your best defenses against both litigation and administrative penalties.

Practical takeaways for busy HR leaders

• Audit your current screening workflows and vendor controls for automatic suppression, post-offer timing, and updated adverse action processes.
• Remove blanket criminal exclusions; require individualized, documented assessments for disqualifying history.
• Update job postings, applications, and internal hiring scripts to reflect timing rules and fair chance obligations.
• Train recruiting and HR teams on pre-adverse notice timing, candidate response handling, and documentation standards.
• Review privacy notices, retention schedules, and deletion practices to comply with new state data protection laws in 2026.
• Maintain detailed, audit-ready records tying hiring decisions to job-relevant business justifications.

What rising FCRA litigation means for employers

Even with fewer federal enforcement actions, litigation risk is on the rise. Plaintiffs’ attorneys target procedural gaps — missing disclosures, incorrect adverse-action steps, or failure to exclude sealed records. That makes the administrative details as important as the substantive screening criteria. Proper vendor configuration, thorough documentation of individualized assessments, and consistent application of policies are your best defenses.

Conclusion: prioritize process, not just reports

Summary: Background screening compliance updates employers need to watch in 2026 are less about single statutes and more about a shift in how criminal records and candidate data must be handled: suppress sealed records, delay inquiries until the permitted point in the hiring process, apply individualized assessments, and meet new privacy obligations.

Employers that update their vendor relationships, policies, and training now will reduce litigation risk, avoid statutory penalties, and create fairer, more defensible hiring processes.

If you’d like an operational review of your screening workflows or help aligning vendor capabilities with the 2026 legal landscape, Rapid Hire Solutions can assist with compliance-ready screening configurations, documentation support for individualized assessments, and privacy-aligned data handling to help keep hiring moving while minimizing risk.