Free Word download • Edit online • Save & share with Drive • Export to PDF
A Reference Request and Release is a legally binding authorization document through which a job candidate grants a prospective employer written permission to contact named prior employers, supervisors, and professional references to obtain employment-related information. The document simultaneously releases those reference providers from liability for good-faith disclosures made in the course of the check. Unlike a casual verbal authorization, a signed release creates a documented legal record of consent, specifies the categories of information that may be discussed, limits disclosure to identified recipients, and sets an expiration date on the authorization — satisfying the consent requirements of privacy legislation in the US, Canada, the UK, and the EU.
Conducting a reference check without a signed authorization exposes your organization to privacy law violations, potential FCRA liability when third-party screening firms are involved, and GDPR or PIPEDA enforcement risk for any cross-border hiring. Reference providers who receive a request without documented authorization from the candidate typically decline to provide anything beyond dates and title — leaving you with the least useful information at the most critical decision point in your hiring process. A signed release changes that dynamic: it gives reference providers the legal confidence to speak candidly, it protects them against defamation claims, and it gives your organization a defensible paper trail if a hiring decision is later challenged. This template provides a complete, jurisdiction-aware starting point that covers both the inbound authorization from the candidate and the outbound request sent to reference providers — so every reference check your team conducts is documented, compliant, and protected.
| If your situation is… | Use this template |
|---|---|
| Standard pre-employment reference check for a salaried role | Reference Request and Release |
| Comprehensive background check covering criminal, credit, and employment history | Background Check Authorization Form |
| Academic or educational reference for a professional certification program | Academic Reference Request Letter |
| Candidate waiving the right to review confidential reference letters | Reference Waiver Letter |
| Employer providing a written reference on behalf of a departing employee | Employment Reference Letter |
| Confirming only dates of employment and title without substantive reference | Employment Verification Letter |
| Checking professional references for an executive or C-suite hire | Executive Reference Check Form |
Why it matters: In many jurisdictions, conducting a reference check without written consent exposes the employer to privacy law violations and, in the US, potential FCRA liability if a third-party agency is involved.
Fix: Make the signed release a mandatory step in your hiring workflow before any reference contact is initiated, and document the date the authorization was received.
Why it matters: An undated release cannot be used to prove the check was authorized before disclosure occurred, undermining your defense in any privacy or defamation claim.
Fix: Always capture both the candidate's signature and the exact date of signing — use eSign tools that timestamp execution automatically.
Why it matters: A release that purports to protect knowingly false or malicious statements is void as against public policy in most common-law jurisdictions, which can render the entire liability clause unenforceable.
Fix: Include explicit 'good faith' and 'without malice' qualifiers on the liability release clause so that it survives judicial scrutiny.
Why it matters: Under FCRA and equivalent provincial laws, authorization must specifically cover consumer reporting agencies — a general employer authorization does not extend to them automatically.
Fix: Identify any third-party screening vendor by name in the authorized-recipient clause and attach the required FCRA standalone disclosure if the vendor qualifies as a consumer reporting agency.
Why it matters: An open-ended release allows the employer to conduct reference checks months or years after the candidate signed it, for positions the candidate never applied for — a direct conflict with GDPR, PIPEDA, and reasonable privacy expectations.
Fix: Set a specific expiration date of 90–180 days from signature and obtain a fresh authorization for any subsequent hiring process.
Why it matters: FCRA requires a separate, standalone disclosure and authorization document for consumer reports — combining it with other terms can render the FCRA authorization invalid and expose the employer to statutory damages.
Fix: Use this template for peer and supervisor reference checks, and a separate FCRA-compliant authorization form for any check conducted by a consumer reporting agency.
In plain language: Identifies the candidate granting the release, the prospective employer or agency authorized to receive information, and the reference providers authorized to disclose it.
I, [CANDIDATE FULL NAME], of [CANDIDATE ADDRESS], hereby authorize [PROSPECTIVE EMPLOYER NAME] and its designated agents to contact the individuals and organizations listed in Schedule A for the purpose of obtaining employment references.
Common mistake: Naming only a company rather than specific supervisors or departments. When HR departments receive broad reference requests with no named contact, they default to confirming only dates and title — defeating the purpose of the check.
In plain language: Specifies which categories of employment information the candidate authorizes reference providers to discuss, such as job performance, attendance, disciplinary history, and reason for departure.
I authorize the above-named references to disclose information regarding my: (a) job title and dates of employment; (b) job performance and responsibilities; (c) attendance and reliability; (d) reason for leaving; (e) eligibility for rehire; and (f) any other information they consider relevant to my suitability for employment.
Common mistake: Using a catch-all 'any information' scope without itemizing categories. Overly broad authorization language can be challenged as unconscionable in some jurisdictions and may cause reference providers to decline participation out of caution.
In plain language: Releases all named reference providers from claims arising from statements made honestly during the reference check, including defamation, negligent misrepresentation, and invasion of privacy.
I hereby release [REFERENCE PROVIDER NAME / ALL LISTED REFERENCES] from any and all claims, damages, or liability of any kind arising from the disclosure of information made in good faith in response to a reference inquiry under this authorization.
Common mistake: Omitting a good-faith qualifier on the release. An unconditional release that purports to protect malicious or knowingly false statements is unenforceable in most jurisdictions and may invalidate the entire clause.
In plain language: Explicitly grants the prospective employer and its agents — including third-party screening firms — the right to receive and use disclosed reference information in making an employment decision.
I authorize [PROSPECTIVE EMPLOYER NAME], its employees, agents, and any designated third-party background screening provider to receive, record, and evaluate information disclosed pursuant to this release in connection with my application for the position of [POSITION TITLE].
Common mistake: Failing to name third-party screening agencies as authorized recipients. If a background check firm conducts the reference check and is not named, the authorization may not satisfy FCRA or equivalent provincial disclosure requirements.
In plain language: Requires the prospective employer to keep reference information confidential and use it only for the stated hiring purpose, limiting onward disclosure to decision-makers involved in the hiring process.
The prospective employer agrees to maintain the confidentiality of all reference information received and to use it solely for the purpose of evaluating the candidate's suitability for the position of [POSITION TITLE]. Reference information shall not be disclosed to unauthorized parties.
Common mistake: No confidentiality obligation on the receiving employer. Without this clause, reference content can be shared freely — including back to the candidate's current employer — creating legal and reputational risk for the reference giver.
In plain language: States that the candidate may revoke the authorization in writing before reference checks are conducted, but that revocation does not apply to disclosures already made.
This authorization may be revoked by the candidate in writing at any time prior to the commencement of reference checks. Revocation does not apply to information already disclosed in good faith pursuant to this release before receipt of written notice of revocation.
Common mistake: Omitting a revocation clause entirely. Without it, the document could be construed as an irrevocable perpetual release — which courts in several jurisdictions will not enforce, potentially voiding the entire instrument.
In plain language: Sets the period during which the release is valid — typically 90 to 180 days from the date of signature — after which the employer must obtain a fresh authorization before contacting references again.
This authorization is valid for [90 / 180] days from the date of signature below. After expiration, a new signed authorization must be obtained before any additional reference inquiries are made on behalf of the prospective employer.
Common mistake: Leaving the duration open-ended. A perpetual authorization exposes the candidate to indefinite reference checks for future roles they did not apply for, which creates privacy law issues under GDPR and Canadian PIPEDA.
In plain language: Specifies which jurisdiction's laws govern interpretation and enforcement of the release, and where any disputes will be resolved.
This Release shall be governed by and construed in accordance with the laws of [STATE / PROVINCE / COUNTRY]. Any dispute arising under this Release shall be subject to the exclusive jurisdiction of the courts of [JURISDICTION].
Common mistake: Choosing governing law based on the employer's headquarters when the candidate and reference providers are all located in a different jurisdiction. Many employment and privacy laws apply based on where the employee works, not where the employer is incorporated.
In plain language: Records the candidate's informed, voluntary consent to the release, confirming they have read and understood the document before signing.
By signing below, I confirm that I have read and understood this Reference Request and Release, that I sign it voluntarily, and that I authorize the disclosures and release liability as set out above. Candidate Signature: ___________ Date: [DATE] Printed Name: [CANDIDATE FULL NAME]
Common mistake: Collecting only an electronic checkbox without preserving a dated, identifiable signature record. In a dispute over whether authorization was granted, an unattributed checkbox provides significantly weaker evidence than a timestamped, identity-verified signature.
Enter the candidate's full legal name and address in the parties block. Add the prospective employer's registered legal entity name — not just a brand or division name — and the specific position the candidate has applied for.
💡 Using the employer's registered legal name rather than a trade name matters if the authorization is ever challenged — the release must bind the correct legal entity.
Name each reference provider with their full name, current employer, title, and preferred contact method. Attach Schedule A to the signed release so the authorization is traceable to specific individuals.
💡 Ask the candidate to confirm each reference provider's current contact details before you finalize Schedule A — stale contact information is the single most common reason reference checks stall.
Review the itemized scope-of-information clause and check or edit each category to match what you actually need for the role. For regulated positions (finance, healthcare, childcare), include specific categories such as disciplinary history and license status.
💡 Narrower scope increases the likelihood that reference providers will respond fully — overly broad language causes legal teams to advise silence.
If a background screening firm will conduct the reference check on your behalf, name the firm explicitly in the authorization-of-recipient clause. Add a separate FCRA-compliant disclosure and authorization if the firm qualifies as a consumer reporting agency.
💡 If you are not sure whether your screening vendor is a consumer reporting agency under FCRA, ask them directly — misclassification creates material compliance liability.
Choose a specific expiration period — 90 days is standard for single-position hiring; 180 days is appropriate for extended or phased hiring processes. Enter the number in the duration clause.
💡 For candidates in the EU or Canada, cap the authorization at 90 days maximum to align with data minimization principles under GDPR and PIPEDA.
Set the governing jurisdiction to the state or province where the candidate will perform the role — not necessarily where your company is headquartered. Cross-check that the chosen jurisdiction does not have specific reference check restrictions that require additional disclosures.
💡 California requires a separate standalone authorization disclosure for background checks conducted by third-party agencies — bundle it with this release rather than creating two separate documents.
Present the release to the candidate after an offer is conditionally extended or at the point you are ready to begin reference checks. Collect a wet or electronic signature with a timestamp and retain the executed copy in the candidate's hiring file.
💡 Use Business in a Box eSign to collect a timestamped, legally attributable electronic signature and store the executed document in BIB Drive automatically.
Store the signed release with the candidate's application materials for a minimum of the period required by applicable employment records law — typically 1–3 years post-hire decision in the US and Canada.
💡 If you decline to hire the candidate based partly on reference information, document the adverse action notice requirements under FCRA or applicable provincial law before closing the file.
A reference request and release form is a signed legal document in which a job candidate authorizes named prior employers, supervisors, and contacts to disclose employment-related information to a prospective employer. It simultaneously releases those reference providers from liability for honest statements made during the check. Without a signed release, employers and HR teams risk privacy law violations by contacting references, and reference givers lack a documented protection against defamation claims.
In the United States, a written reference authorization is not universally required by federal law for informal peer references — but it is required under FCRA when a third-party consumer reporting agency conducts the check. In Canada, PIPEDA requires consent before collecting personal information, including employment references. In the EU and UK, GDPR and the UK GDPR require a lawful basis for processing — typically explicit consent — before reference information is gathered. Obtaining a signed release is best practice regardless of jurisdiction.
With a signed release in place, a former employer can typically disclose job title, dates of employment, responsibilities, performance assessments, attendance, reason for departure, and eligibility for rehire. Without a release — or in jurisdictions with strict reference check restrictions — many employers limit disclosure to title and dates only to avoid defamation exposure. A signed release with a good-faith liability clause gives reference providers the confidence to respond more fully.
A well-drafted release provides meaningful but not absolute protection. It protects reference givers from claims arising from good-faith, honest statements. Qualified privilege, available in most common-law jurisdictions, provides additional protection for employment references made without malice. Neither the release nor qualified privilege shields a reference provider who makes statements they know to be false or who acts with deliberate intent to harm the candidate.
Yes, a candidate can refuse to sign. An employer cannot legally compel signature. However, the employer is generally within their rights to withdraw a conditional offer or decline to proceed with a candidacy if the release is a standard part of the hiring process and the candidate refuses. This should be handled consistently — applying the requirement to all candidates in a role class to avoid discrimination claims.
A reference release authorizes specific named individuals to discuss their personal knowledge of the candidate's employment history and performance. A background check authorization — particularly one governed by FCRA in the US — authorizes a consumer reporting agency to compile a report that may include criminal records, credit history, driving records, and employment verification from databases. FCRA requires the background check authorization to be a separate, standalone document; combining it with a reference release can invalidate the FCRA consent.
Yes. In the US, the Electronic Signatures in Global and National Commerce Act (ESIGN) and state UETA adoptions make electronic signatures legally equivalent to wet signatures for employment documents including reference releases. Canada's PIPEDA and provincial e-signature laws, the UK's Electronic Communications Act, and EU eIDAS regulation similarly recognize electronic signatures. Use a platform that records a timestamp and links the signature to an identified individual to ensure the authorization is attributable and auditable.
Naming specific individuals in a Schedule A provides clearer protection for both parties. It limits the scope of the authorization to people the candidate has consented to, reduces the risk of the employer contacting unauthorized parties, and gives each named reference provider explicit documentation of their authorization. A generic authorization to contact 'any former employer' is weaker legally and may cause cautious HR departments to decline participation without a named individual release.
An employment reference letter is a written statement provided by a former employer describing a candidate's performance and character. A reference request and release is the authorization document that must precede any reference check — it enables the letter or phone reference to happen lawfully. The release protects the reference giver; the letter is the substantive output.
A background check authorization governs checks conducted by a consumer reporting agency — covering criminal records, credit, and database searches — and must comply with FCRA as a standalone document in the US. A reference request and release covers peer and supervisor interviews and employment verification. Combining them into one document can invalidate the FCRA consent, so both documents are needed for comprehensive pre-employment screening.
An employment verification letter confirms factual employment data — dates, title, and sometimes salary — without any performance assessment. A reference request and release authorizes a much broader conversation including performance, conduct, and eligibility for rehire. Organizations that provide only verification letters without a release do so to minimize liability; a signed release opens the door to more substantive information.
An NDA restricts the receiving party from disclosing confidential information they have been given access to. A reference release does the opposite — it authorizes disclosure of information that would otherwise be private. The two documents serve opposite purposes, though some employers include a confidentiality obligation on the receiving employer within the release to protect reference content from being circulated beyond the hiring team.
Regulatory requirements under FINRA and FCA mandate reference checks for licensed roles — a signed release with explicit scope covering disciplinary history and license status is essential documentation for compliance audits.
Credentialing bodies and state licensing boards require documented reference authorization before verifying clinical performance history — the release must cover malpractice and disciplinary proceedings where permitted.
Law firms, accounting firms, and consulting practices use reference releases to authorize checks on professional conduct, client relationships, and engagement performance for senior hires where discretion and client confidentiality are paramount.
Fast-moving hiring pipelines and distributed reference providers across multiple jurisdictions make a standardized, electronically signable release critical for maintaining both compliance and hiring velocity.
Schools and universities conducting reference checks on staff working with minors require releases that explicitly authorize disclosure of safeguarding-related information, subject to applicable child protection laws.
Staffing agencies place candidates across multiple client employers and must ensure the release names each prospective client employer or grants broad enough authorization to cover all parties in the placement chain.
FCRA governs reference checks conducted by third-party consumer reporting agencies and requires a standalone written authorization — separate from this release — before the agency may act. Many states have additional reference check laws; California, New York, and Colorado restrict the use of certain information (e.g., salary history, conviction records) even with a release in place. Qualified privilege protects employers providing good-faith references in most states, but the scope varies — some states require the candidate's signed consent to activate the privilege.
PIPEDA and provincial privacy statutes (including Quebec's Law 25, Alberta's PIPA, and BC's PIPA) require meaningful consent before collecting personal information — a signed reference release satisfies this requirement. Quebec's Law 25 imposes stricter consent and data minimization standards, including a requirement to disclose the purpose of collection in plain language. Authorization should be capped at 90 days to align with data minimization principles. French-language versions of the release are required for Quebec-based candidates under the Charter of the French Language.
UK GDPR requires a lawful basis for processing personal data — explicit consent via a signed release is the most practical basis for reference checks involving third parties. Reference providers have qualified privilege under UK defamation law for honest, good-faith references. The Information Commissioner's Office employment practices code recommends that reference requests be specific and proportionate to the role. Retention of signed releases should not exceed the period necessary for the hiring decision, typically one year post-decision.
GDPR Article 6 requires a lawful basis for processing reference data — consent under Article 6(1)(a) is appropriate when the candidate has genuine freedom to refuse without detriment. Article 13 requires the prospective employer to provide a privacy notice to the candidate at the time of collecting the authorization, explaining the purpose, retention period, and data subject rights. Cross-border transfers of reference data outside the EU/EEA require additional safeguards under Chapter V of GDPR. Member state implementations vary — Germany and France impose particularly strict employment privacy protections beyond GDPR's baseline.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Standard domestic reference checks for non-regulated roles where all parties are in the same jurisdiction | Free | 15–20 minutes per candidate |
| Template + legal review | Multi-jurisdiction hiring, regulated industries such as financial services or healthcare, or senior roles with material liability exposure | $200–$500 for an employment lawyer review | 1–3 days |
| Custom drafted | Enterprise hiring programs, staffing agencies placing hundreds of candidates across multiple jurisdictions, or organizations subject to FCRA enforcement scrutiny | $800–$2,500+ | 1–2 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start free · No credit card required
