Not legal advice. This is operational guidance from working with US staffing agencies. Consult a labor attorney for situations specific to your firm.
The three compliance regimes that actually matter
For a US staffing agency, the federal compliance landscape is wider than three regimes, but these are the three that have produced the most expensive incidents we’ve seen in this industry:
- TCPA (Telephone Consumer Protection Act) — governs SMS and automated calls
- EEOC (Equal Employment Opportunity Commission) — governs hiring practices and discrimination
- FCRA (Fair Credit Reporting Act) — governs background checks and consumer reports
Get these three right and you’ve eliminated the most common five-figure-and-up compliance hits.
TCPA — SMS and auto-call
TCPA penalties run $500 per message for negligent violations, $1,500 per message for willful violations. Class actions stack these up fast. A single “we sent 2,000 unauthorized SMS” lawsuit can be a six- or seven-figure event.
What you must have:
- Prior express written consent before sending any marketing SMS or auto-call to any candidate. Capture this at application intake with a checkbox and timestamp.
- STOP keyword handling. Replying STOP must immediately opt-out the number from all future automated messages.
- Opt-out audit log. Be able to show, for any complainant, the exact date/time they opted in or opted out.
- No purchased lists. Lists you buy come with no consent. Don’t text them.
What the Hiring Snapshot does:
- Captures consent at intake with IP + timestamp
- Auto-handles STOP, START, HELP keywords per TCPA spec
- Maintains an opt-out list that’s checked before every outbound message
- Stores the full audit log for 4+ years (TCPA statute of limitations)
Recruiter-personal phones
A common compliance gap: recruiters texting candidates from their personal cell phones. There’s no consent capture, no audit log, no STOP keyword handling. If a candidate complains, the agency has no defense. The snapshot’s two-way SMS in the unified inbox solves this — recruiters text from the branded number, all compliance plumbing is automatic.
EEOC — Equal employment opportunity
EEOC enforcement against staffing agencies has been increasing. The agency is treated as the employer for many compliance purposes, including disparate-impact analysis of hiring decisions.
What you must have:
- EEO-1 reporting if you have 100+ employees, including W-2 contractors on assignment
- Self-identification (race, gender, veteran status, disability) offered to all applicants, opt-in only
- No discriminatory job criteria — knockout questions can’t be a proxy for protected categories (e.g., “must speak English natively” raises national-origin issues)
- Reasonable accommodations during application and interview process
What the Hiring Snapshot does:
- Self-identification fields are opt-in with the EEOC’s recommended wording
- EEO data is stored separately from candidate records — recruiters don’t see individual demographic data
- Aggregated reports for EEO-1 generation
- Audit logs of every job-criteria change (so you can show the criteria weren’t tweaked to exclude protected categories)
FCRA — Background checks
FCRA governs any third-party “consumer report” used for employment — credit checks, criminal background checks, employment verification, driving records. Violations include real damages plus statutory damages of $100–$1,000 per violation.
What you must have:
- Standalone disclosure before initiating any background check. The disclosure must be on a separate document, not buried in the application.
- Written consent signed before the check is run.
- Pre-adverse action notice if you’re about to reject a candidate based on a background-check result, giving them the report and a chance to dispute.
- Adverse action notice if you proceed with rejection, including the consumer-reporting agency’s contact info.
What the Hiring Snapshot does:
- Generates standalone FCRA disclosure as part of the consent flow
- Captures e-signature before any background check is initiated
- Pre-adverse and adverse action flows fire automatically if a candidate is rejected post-background-check
- Maintains the audit trail for FCRA’s 5-year retention requirement
State-specific layers
Federal compliance is the floor. States stack on top:
- California: ban-the-box at application, salary history ban, pay-range posting, CCPA / CPRA privacy
- New York, Washington, Colorado: pay-range posting, criminal-record consideration limits
- Massachusetts, Illinois: AI-decision-tool disclosure if using algorithmic screening
- Massachusetts: wage equity for substantially similar work
The Hiring Snapshot ships with state-aware configuration — when you post a role to California, the template enforces pay-range; when you post to NYC, it adds the AI-disclosure requirement.
The audit-ready posture
A “compliant” agency isn’t one that never makes a mistake — it’s one that can prove what happened on any given day for any given candidate. The audit log is your defense.
The snapshot’s audit log captures:
- Every consent given (TCPA, FCRA, EEO opt-in)
- Every job-criteria change with timestamp and editor
- Every outbound SMS / email with consent status at time of send
- Every background-check initiation with disclosure version and consent
- Every recruiter action on a candidate record
When a complaint or audit comes, you export the log for the candidate in question and you have the story.
What we’d recommend
- Configure consent capture during snapshot setup — don’t leave it for “later”
- Run a quarterly compliance review — randomly sample 20 candidate records and confirm consent / FCRA / EEO data is complete
- Train recruiters on STOP, HELP, START keywords so they don’t try to “manually override” an opt-out
- Don’t use recruiter-personal phones for SMS — this is the most common gap
- Consult a labor attorney annually for state-specific updates and any new federal guidance
The Hiring Snapshot does the heavy lifting on consent capture, audit logging, and template enforcement. Your job is to keep your team disciplined about using it correctly.