This article explains why Verified First masks sensitive consumer identifiers — including Social Security Numbers, dates of birth, and driver's license numbers — on downloadable background reports, and how your organization can access that information securely through the Verified First portal.
Verified First is not your legal counsel and cannot advise you on your specific compliance obligations. The information in this article is provided as general educational guidance only. Please consult qualified legal counsel to ensure your background screening practices comply with all applicable law.
Our Position on PII in Consumer Reports
If you have ever noticed that sensitive identifiers on a Verified First background report — such as a Social Security Number, date of birth, or driver's license number — appear partially masked, that is intentional. It reflects a deliberate data security and compliance position, not a limitation of our platform.
Background reports are documents that move. They get downloaded, printed, emailed to hiring managers, stored in applicant files, and reviewed by multiple people across your organization. Each one of those touch points is a potential exposure event. Embedding a full, unmasked SSN, DOB, or driver's license number in a document traveling that freely creates meaningful legal risk — for your organization as the end user, and for Verified First as the Consumer Reporting Agency (CRA) furnishing the report.
Our position: sensitive consumer identifiers will remain masked on static, downloadable consumer reports. This is not something we adjust on a per-account basis.
The Legal Framework Behind This Decision
Three separate legal frameworks independently support — and in some respects require — this approach. They operate together to create a clear and consistent obligation.
The Fair Credit Reporting Act (FCRA)
As a CRA, Verified First is required under the FCRA to maintain reasonable procedures to protect the confidentiality, accuracy, relevancy, and proper utilization of consumer information. Furnishing a full, unmasked SSN or similar identifier on a report that may be printed, forwarded, or stored outside of a secure environment is fundamentally inconsistent with that obligation.
It is worth noting that the FCRA does not require a breach to have occurred for there to be a violation — the failure to maintain reasonable procedures is itself an exposure. That means the risk is present at the point the document is created in an insecure format, not only if something goes wrong afterward.
The Driver's Privacy Protection Act (DPPA)
The DPPA strictly governs the permissible use and downstream disclosure of motor vehicle record information, including driver's license numbers. If a background report containing a full, unmasked driver's license number is viewed by personnel within your organization who do not have a legally documented permissible purpose to access that information, both your organization and Verified First face statutory liability under the DPPA.
Because we have no visibility into who within your organization will ultimately view a downloaded report, we cannot control that exposure once a document leaves the portal. Masking is the mechanism by which we prevent that liability from materializing — for both parties.
State Data Privacy Laws
Under modern state privacy frameworks — including California's CCPA and CPRA — a driver's license number is explicitly classified as sensitive personal information subject to heightened security obligations. While these are California-specific statutes, the trend across state legislatures is consistent: driver's license numbers, SSNs, and similar identifiers require additional layers of protection beyond what applies to general personal data.
If your organization operates in, or hires from, jurisdictions with strong state-level privacy laws, broadly displaying these identifiers on standard, downloadable documents creates real regulatory vulnerability on your end as the end user of the report.
Where You Can Access Full Identifier Information
The masking policy applies to static, downloadable consumer reports only. If you need to view full, unmasked identifier information for a legitimate administrative purpose, that access is available within the Verified First portal.
In-Portal Secure Viewing: Authorized administrators can view the full, unmasked Social Security Number, date of birth, and driver's license number directly within the Verified First portal on the order details page. This is a controlled, secure access path that keeps sensitive data within an encrypted environment, rather than embedded in a document that may be distributed outside of a secured system.
When the data is needed for an administrative workflow — such as verifying an applicant's identity against documentation on file — the correct path is to access it through the portal, not to request that it appear on the report itself.
Why the Distinction Matters
Accessing a sensitive identifier within a secured, credentialed portal environment is meaningfully different from having that identifier embedded in a document that may be emailed, printed, stored on a shared drive, or viewed by someone who does not have a permissible purpose to see it. The portal provides a controlled access point. A downloaded document does not.
This approach allows your authorized administrators to get the information they need while keeping the downloadable report safe from downstream exposure. Both things can be true at once — the data is accessible where it needs to be, and protected where it does not need to travel.
What to Expect When You Contact Us
If you contact Verified First requesting that full PII appear on a downloadable report, our team will explain this compliance position and direct you to the in-portal secure viewing option as the appropriate path for accessing that information.
We understand this may require an adjustment to certain administrative habits, and we are glad to walk your team through how in-portal viewing works. What we are not able to do is alter the report format to display unmasked identifiers on a static document, regardless of the circumstances.
Questions? If you have questions about secure data handling workflows, how to set up authorized administrator access in the portal, or how your organization's use of background report data intersects with applicable law, please reach out to your dedicated Account Management representative or contact us at clientservices@verifiedfirst.com.
Key Resources
| Resource | Description | Link |
| Fair Credit Reporting Act (FCRA) | Full statutory text — governs CRA obligations including data security and confidentiality | FTC FCRA PDF |
| FTC Background Screening Guidance | FTC guidance for background screening companies on FCRA obligations | FTC Resource |
| Verified First Trust Center | Security certifications and infrastructure documentation for the Verified First platform | trust.verifiedfirst.com |
| Verified First Privacy & Legal | Verified First data retention, privacy, and legal policies | legal.verifiedfirst.com |
| Verified First Client Resource Center | Compliance articles and client guidance from the Verified First Compliance Team | help.verifiedfirst.com |
This document is provided for general educational purposes only and does not constitute legal advice. Laws and regulations governing background screening and employment vary by jurisdiction and are subject to change. Verified First is a Consumer Reporting Agency under the FCRA. It is not your legal counsel. Please consult qualified legal counsel to ensure your employment screening program is compliant with all applicable federal, state, and local laws.
Comments
0 comments
Article is closed for comments.