February 4th, 2022 | Sterling

What Does Your Compliance Team Need to Know in 2022?

It’s often hard for HR compliance teams to find the time to keep current on upcoming background screening trends. How can you spot major regulatory issues early enough and put plans in place to overcome major compliance challenges? With this in mind, Sterling produced an end-of-year compliance webinar on December 16, 2021, “Background Screening Trends in 2022: Key Trends to Know,” now available on-demand. This insightful discussion featured Angela Preston, Sterling’s Senior VP and Counsel for Corporate Ethics & Compliance, and Chris Christian, Director of Compliance at Sterling. Together they pinpointed evolving 2022 trends in background screening, including fair chance/ban-the-box, new state privacy laws, and Covid-19 testing and vaccine mandates. Uncover the 2022 trends they showcased and learn actionable ways to help keep your business compliant while promoting trust and safety in your workplace.

Hosted and moderated by Sterling’s Social Media Manager, Katelyn Brower, the webinar quickly started off as Katelyn polled attendees, asking if they feel confident in their background screening compliance processes going into 2022. The result? Most of our audience (72%) said yes, while over a quarter (28%) said no. After seeing proof of the audience’s need for more insights into HR compliance, Katelyn introduced our panelists, who quickly began to explore 2022’s major background screening trends, outlined below.

Fair Chance/Ban-the-Box Laws

In the United States, shifts in societal and criminal justice perspectives have led to new laws and provisions affecting criminal background screening. That’s why Chris Christian began the webinar by discussing emerging ban-the-box laws prohibiting employers from asking about criminal history during the hiring process. “That’s why today’s job applications can only focus on job application questions. Along with this we’ve also seen the EEOC (Equal Employment Opportunity Commission) enforcement guidance for a consideration of criminal history records and employment decisions, which recommended that employers conduct an individualized assessment to determine what, if any, criminal history can be legally related to the job. Since then, we’ve seen a variety of different models of fair chance laws emerge.”

Chris outlined that, from a 2022 trend standpoint, the latest compliance trend in this area is that some state and local jurisdictions are layering in their own unique requirements by requiring specific steps in the screening process. However, this is making these laws much more complex for employers trying to stay in compliance.

Chris expanded on this topic: “There’s an additional trend here that we’re seeing: jurisdictions are expanding their existing laws and imposing new, more stringent requirements than the original version of the law. There are about 35 states and many cities and counties that have already adopted some variation of fair chance. Private employers are already being affected by these (and many other) ban-the-box laws. The first one we’ve noted is the move toward more advanced EEOC- style individualized assessments, basically requiring additional individual assessment factors to consider, or different than what the EEOC has published. Another trend here is the introduction of specific forms and notices, such as Los Angeles and New York City. They have prescribed specific forms which need to be implemented into the employer’s screening process.”

Chris also covered another example, adverse action, which includes notice content and timing. For example, there’s additional or different information from the FCRA (Fair Credit Reporting Act) as far as content in adverse action notices (both pre- and final notice) and also regarding timing. “Requirements between the pre-notice and the final notice setting, for example, specific time frames, give the consumer time between the first and the second notice. Another trend that we’re seeing here is these laws are basically specifying timing for when screening may occur after an interview or an unconditional offer of employment.”

Chris concluded with the takeaways for 2022’s fair chance/ban-the-box compliance trends:

  • Closely examine and review your background screening processes and policies in light of these and other new laws.
  • Reassess any screening procedures you’ve put in place in your jurisdiction at the time the original laws were introduced. Consult with legal counsel about your processes in your jurisdictions if they’re applicable to your hiring locations.

Angela Preston added that even if you don’t have a physical location in one of these jurisdictions, the new trend around remote work means that you need to take into account whether or not you have remote employees who work from these jurisdictions, because often the law will also apply to those employees. “Actions may be covered under these state or local provisions which are specific to a jurisdiction or a geographic area, so these trends are now overlapping to create new challenges for employers, especially if you are conducting enterprise hiring on a national level and have to take into account different jurisdictional considerations.”

State Privacy Laws

Privacy is on everyone’s mind in recent years, including critical issues arising from the use of Facebook metadata, PII (personally identifiable information) data leaks, and the government’s response to these issues. Chris began his look at this topic by explaining that historically, the US has operated under a patchwork made up of a few state and federal sector-specific compliance rule laws. A common example is HIPAA (Health Insurance Portability and Accountability Act) as it applies to TPAs (Third-Party Administrators). However, the US has never had a single federal comprehensive privacy law.

Chris continued, “Right now at the state level, there’s momentum for comprehensive privacy bills, and it’s now at an all-time high after the CCPA (California Consumer Privacy Act), which was passed in 2018. Since then we’ve seen multiple states propose similar legislation created to protect consumers. The bottom line that employers need to understand is that consumers are becoming more aware of their privacy rights and states are looking to address those concerns in the law.”

Chris pointed to three states which have currently passed comprehensive privacy laws: California, Colorado, and Virginia. From these new laws, two different trends have emerged:

  • The California model (the CCPA) has been described as a model resembling the EU’s GDPR (General Data Protection Regulation), which has been mainly focused on HR data.
  • The Colorado and Virginia models are more typical models of the state privacy laws we’re seeing develop.

Meanwhile, currently-proposed bills from other states, which are more comprehensive, focus on privacy rights outside of just HR data.

From a legislative activity standpoint, we’ve seen over 30 states introduce some sort of comprehensive privacy laws in 2021. Most of those laws failed, while others are still being considered as of early 2022 but are also likely to fail. However, since more than half the country has proposed some kind of privacy law, we see privacy as being a trending topic. We’ll probably see more states proposing their own laws in 2022.

Chris continued, “Moving on to another privacy trend in the laws that we’re seeing proposed, there are two distinct components, consumer rights and business obligations, built into these laws. When we talk about consumer rights, we’re talking about the right to access and the right to correction, i.e. to delete information. Currently we’re seeing restrictions on the use of private information, and that businesses are now required to provide notice requirements when consumers opt out of their personal information being used.”

Chris was quick to point out that, regarding opt-in age requirements and purpose limitations, the FCC is restraining activities which are generally exempted in these laws. Again, while there’s no comprehensive federal privacy law yet, there is bipartisan support for data privacy regulation. However, there exists wide disagreement around how to implement it all, which so far has prevented Congress from actually creating a federal law. We believe that as more states like California, Colorado, and Virginia pass comprehensive privacy laws, it’s likely that those state models will prompt a comprehensive federal law in the future.

What are the takeaways for HR managers concerning privacy laws? While you should continue to monitor your state’s privacy laws, you should also stay aware of any activities outside of the FCRA that may trigger these laws. For example let’s say your organization is undertaking a project that you believe is training-related but is actually ancillary. If it’s not covered on the FCRA, and it’s not actually background screening activity, you might want to have a look at those laws and see if that activity is now being affected by the law. As always, consult with counsel.

Covid-19 Testing and Vaccine Mandates

The last couple of years of the pandemic have ushered in a new era presenting many challenges for the world, the US, and the workplace, including new compliance challenges. Angela Preston outlined compliance strategies focusing on Covid-19 testing and vaccine mandates, stating, “By now we all know that the Biden administration has been very bullish on vaccine mandates, which will impact your onboarding process and your day-to-day operations for workplace safety. In fact, as of December 2021, the court order blocking the OSHA vaccine mandate for private employers with 100 or more employees has been overturned in federal court.”

Angela continued, “The first thing that HR teams must keep in mind is that it’s up to organizations themselves to figure out whether or not there is a mandate that applies to you, whether it be state or federal. In addition to the large employer mandate, the Biden administration also has mandates in place for federal government employees and the military.”

There is also a healthcare worker vaccine mandate that’s recently been blocked in federal court. But state or even local mandates may apply to your business: some states have their own Covid-19 mandates, so it’s important to speak with counsel about this issue. For example, New York State does have a healthcare worker vaccine mandate. One thing to keep in mind is that with the mandates come additional potential testing requirements and logging of vaccine information. These are all relevant whether you’re an employer who is subject to a mandate, or if you simply want to have a policy to support vaccination for safety purposes and protecting your workplace.

Angela also explained that as part of their compliance efforts, HR teams will also need to collect and document employee vaccination status. Additionally, federal law and EEO law does require reasonable accommodation for employees based on religious or disability reasons. These accommodations can be invoked by your employees.

All of this highlights the need for systems and methods for collecting vaccination information, and in the alternative, to offer and implement testing programs for those who can’t be vaccinated.

Angela continued, “OSHA has described what type of testing is acceptable for the large employer mandate. If you know that you have employees who need to enter your workplace who are unable or unwilling to be vaccinated, you need to make sure you understand what tests are going to be acceptable to administer, as well as the testing protocols and routines that are required by the particular mandate, whether it be OSHA or a state-specific mandate. Some of these state-specific laws may also require you to reimburse or cover the costs, while the federal large employee testing provisions do not require employers to cover the cost of testing.”

Angela’s takeaways include:

  • Make sure to consult with your counsel on the applicability of vaccine mandates to your business and to your return-to-work policies.
  • Be aware that the federal mandate’s need for reasonable accommodation and its documentation requirements are quite extensive.
  • Consider state laws that may require compensation for time off, enough for actually obtaining the vaccine and/or for testing.
  • Ensure that your testing protocols are in compliance with the mandates.
  • Start planning now with your policies and procedures in order to get buttoned-up in this safety-critical area.

Marijuana Drug Laws: Defining Legalization and Decriminalization

Marijuana drug laws are another difficult compliance area which many employers (and employees) are uncertain about. Our panelists took some time to clear up some of the confusion surrounding compliance issues focusing on these laws.

Angela noted the importance of defining “decriminalization” and “legalization.” “Legalization” means that it’s legal to buy a substance and to use it. “Decriminalization” means that the penalties have changed from being a criminal penalty to just a fine or a civil offense.

We’re seeing a trend of marijuana legalization in 18 states and two territories including the District of Columbia. 27 states have also decriminalized small amounts of cannabis for recreational use. We also see a trend with different jurisdictions passing laws prohibiting employers from performing drug testing.

If you employ workers who are in safety-sensitive positions and if you have a drug screening program, you need to think about it first in terms of those safety-sensitive positions. For example, this means finding out whether or not your jurisdiction has decriminalized marijuana, or in fact has prohibited drug testing altogether.

Going into 2022 we’re also seeing a trend at the employment level to remove marijuana from a testing panel, unless it’s required. But for many employers, drug testing is still required.

Marijuana is a federally-controlled substance and should be thought about in that light. Bear in mind there may be different jurisdictions where different laws are going to apply depending on where you’re hiring, where your employees are, and where your workers are going to be.

The risk of not testing can potentially expose your business to negligent hiring or retention claims: for example if you are engaging with vulnerable populations and operating motor vehicles. You absolutely need to account beforehand for these and other factors.

Part of the problem with marijuana is that there is no legal standard for impairment. Without a pre-defined level of impairment, it can be challenging even at the workplace for testing to determine: is this person impaired or not impaired? This is difficult to measure for marijuana, unlike with alcohol, which has long-established legal levels of impairment.

Therefore, our drug-testing takeaway is that there are multiple jurisdictions for drug laws, so employers need to consider whether they want to have multiple policies by jurisdiction or whether they want to adopt a universal drug policy. You can also consider dropping pre-hire testing unless it’s needed under state or federal law. Also be aware that you still have a right to require drug tests for candidates and employees unless there is a specific prohibition in your jurisdiction. We work with clients to try to develop customized programs for their specific needs.


Angela and Chris also touched on background screening trends relating to salary and credit history, remote work, the gig economy and social media. During our webinar Q&A they also fielded questions from the audience:

Q: Is it prohibited to test for marijuana across the entire state of New York, or just in New York City?

A: Marijuana restrictions have recently been extended to all of New York State. Consult with your counsel on prohibited activity.

Q: Are employers still required to do CRA adverse action in places that have banned the box and fair chance laws?

A: Yes, as a general answer. However, employers need to know if those fair chance laws have some kind of extra requirement that might be in addition to the FCRA or a little different. For example, Illinois was one of the examples we covered, but overall you have to comply to the FCRA and then layer in the state or local law.

Q: Can companies still perform drug testing in jurisdictions which have decriminalized marijuana?

A: Yes, but this really requires that you create a custom compliance program. Depending on where you’re hiring, you absolutely can still do drug testing and screening, but you may need to closely examine the drug laws in the jurisdiction where your employees are and where they’re going to be working.

Q: Do background check laws apply to gig and remote workers too?

A: There are some jurisdictions that carve out or have special laws that apply specifically to the gig sector and remote workers. For example, there are some laws applying to transportation network companies involving drivers and how far back you can look into someone’s criminal history, but generally the same laws that apply for background screening also apply to gig and remote work. The FCRA has a very broad definition of employment that typically will encompass gig workers and contract workers, even if they’re not considered a traditional W2-type employee. Existing consumer protections are extended to those different types of workers.

What’s the key takeaway for HR compliance teams for 2022? Again and again, our panelists cautioned HR teams to avoid having a “set it and forget it” mentality when it comes to compliance. Each state and jurisdiction may differ in its laws, so you should consult with your counsel while keeping current on existing and pending regulations as they evolve throughout the year. It’s the surest way to help promote trust and safety in your workplace throughout 2022.

Watch the full on-demand webinar to discover more insights about 2022 compliance challenges, and learn more about the latest compliance updatescompliance forms, and more from Sterling’s compliance team. Angela Preston will be hosting another compliance webinar on January 26 with Human Resource Executive. Click here for details and to register.

Sterling is not a law firm. This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.

This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.