Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC, CFPB discuss scope of Fair Credit Reporting Act during Senate Banking Committee hearing

    Federal Issues

    On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.

    Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.

    Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.

    Federal Issues FTC CFPB Senate Banking Committee FCRA Consumer Reporting Agency Enforcement Consumer Education

    Share page with AddThis
  • House passes bill allowing for reporting of rental, telecom, and utility payments to CRAs

    Federal Issues

    On June 25, the House passed H.R. 435, the “The Credit Access and Inclusion Act of 2017.” The bill would amend the Fair Credit Reporting Act to include a section allowing a person or the Department of Housing and Urban Development to furnish information to credit reporting agencies relating to the payment performance of a residential lease agreement, contract for a utility, or contract for a telecommunications service. The bill does not allow an energy utility to furnish information related to the usage of utility services or information related to an outstanding consumer balance if the consumer has entered into a payment plan and is meeting the obligations of the payment plan. Civil liability for violations of the Consumer Credit Protection Act do not apply to violations of the bill.

    Federal Issues Credit Reporting Agency Information Furnisher FCRA U.S. House Federal Legislation HUD

    Share page with AddThis
  • 9th Circuit affirms credit reporting agency’s code data did not violate the FCRA


    On May 29, the U.S. Court of Appeals for the 9th Circuit affirmed summary judgment for a national credit reporting agency, holding that the company did not violate the Fair Credit Reporting Act (FCRA) in its reporting of short sales executed by the plaintiffs. The decision results from a proposed class action suit alleging that the credit reporting agency violated the FCRA by reporting short sales executed between 2010 and 2011 with code numbers that misreported the data as foreclosures. In September 2016, the lower court found that the credit reporting agency provided creditors with clear instructions on how to interpret the code system and Fannie Mae’s Desktop Underwriter program misinterpreted the “settled” code number “9” as a foreclosure, which was not the credit reporting agency’s fault. In affirming the lower court’s decision, the 9th Circuit held that the credit reporting agency “clearly and accurately disclosed to [consumers] all information that [the company] recorded and retained that might be reflected in a consumer report.” Additionally, the panel noted that the credit reporting agency was not required to report that Fannie Mae mishandled the code data when it became aware of it.

    Courts Ninth Circuit FCRA Credit Reporting Agency Short Sale Foreclosure Fannie Mae Appellate

    Share page with AddThis
  • District court grants partial summary judgment, rules bank did not violate federal and state fair credit reporting laws


    On April 25, the U.S. District Court for the Northern District of California granted a bank’s partial motion for summary judgment, holding that a Fair Credit Reporting Act (FCRA) disclosure and authorization form (disclosure form) completed by the plaintiff as part of the bank’s background check hiring process did not violate federal and state fair credit reporting laws. The plaintiff—who brought the proposed class action suit following the bank’s decision not to hire plaintiff following an offer of employment that was contingent upon a satisfactory background check—asserted claims under the FCRA, the California Investigative Consumer Reporting Agencies Act (ICRA), and the California Consumer Credit Reporting Agencies Act (CCRA), including that (i) the disclosure form was not a standalone document; (ii) the disclosure did not accurately identify the investigative consumer reporting agency; and (iii) the bank failed to comply with CCRA disclosure requirements.

    Addressing whether the disclosure form, which “appeared as a separate and distinct web page separated from the rest of the documents,” violated the FCRA, the court ruled that because it “was a stand-alone document that contained no extraneous information or liability waiver” it was in compliance. The court also determined that the bank did not violate the ICRA because it was only required to disclose the agency it engaged to provide an investigative consumer report, not the various sources the agency itself may have used when conducting its investigation. Finally, the court ruled that the plaintiff’s argument that the disclosure form failed to comply with the CCRA lacked merit because—although the bank could not apply an exemption under state law to the section allegedly violated—the bank’s disclosure form complied with the CCRA’s disclosure requirements, and furthermore, the bank was not required to disclose the reasons for requesting the report nor the “various repositories” of information the disclosed source used when compiling the report.

    Courts State Issues FCRA Credit Reporting Agency Disclosures

    Share page with AddThis
  • Court grants summary judgment to credit reporting agency over FCRA dispute


    On April 4, the U.S. District Court for the Northern District of California granted a consumer reporting agency’s motion for summary judgment, holding that a “firm offer of credit” under the FCRA does not require that an offer based on furnished information result in an enforceable contract. According to the opinion, a consumer filed a putative class action suit alleging that the consumer reporting agency violated the FCRA by providing California residents’ credit report information to two businesses that were not licensed to make consumer loans in California and that offered interest rates which exceed allowable limits under California law. The court disagreed, holding that the FCRA only requires that a prescreened offer not be retracted if the consumer meets the creditor’s pre-selection criteria. Additionally, the court rejected the consumer’s argument that the FCRA also imposes a duty on consumer reporting agencies to separately credential service providers who are given access to the furnished information from their credentialed principals. The court emphasized that “neither the FCRA, nor any case authority addressing the FCRA” imposes this duty.

    Courts FCRA Usury Prescreened Offers

    Share page with AddThis
  • District Court finds government is not immune from private claims under the FCRA


    On March 22, the U.S. District Court for the Western District of Louisiana denied the Defense Finance and Accounting Service’s (DFAS), a federal government agency within the Department of Defense, motion to dismiss a private action under the Fair Credit Reporting Act (FCRA) based on a lack of subject matter jurisdiction as a result of sovereign immunity. The court found that FCRA’s definition of person includes “government or governmental subdivision or agency,” and therefore, waives the United States’ sovereign immunity under FCRA. The court did not agree with DFAS’ position that the terms “government or governmental subdivision or agency” are too broad to constitute a wavier of sovereign immunity. In support of its position, the court cited a decision by the U.S. Court of Appeals for the 7th Circuit providing that the FCRA “unequivocally waives the United States’ sovereign immunity from damages for violations under the FCRA.”

    Courts FCRA Sovereign Immunity Appellate Seventh Circuit

    Share page with AddThis
  • 7th Circuit affirms debt collector verification of debt satisfies FDCPA and FCRA


    On March 21, the U.S. Court of Appeals for the 7th Circuit held that a debt collector does not need to contact an original creditor directly in order to satisfy the verification of debt requirement under the FDCPA. According to the opinion, a consumer filed a lawsuit against a debt collection company for, among other things, allegedly violating Section 1692 of the FDCPA, which requires that a debt collector obtain verification of a debt. The debt collector had sent multiple notices to the consumer regarding a telecommunications debt, but certain digits of the original account number were incorrect. The consumer argued that the debt collector was obligated to contact the telecommunications company to confirm the account number was accurate. The district court granted summary judgment in favor of the debt collector, agreeing that the debt collector’s responsibility under Section 1692 was satisfied when the notices sent to the consumer matched the telecommunications company’s description of the debt amount and debtor’s name. In affirming the lower court’s decision, the 7th Circuit stated “[i]t would be both burdensome and significantly beyond the [FDCPA]’s purpose” to “require[e] a debt collector to undertake an investigation into whether the creditor is actually entitled to the money it seeks.”

    The 7th Circuit also affirmed summary judgment for the debt collector with respect to allegations that it violated the FCRA by inadequately investigating the disputed debt. The court, noting that the debt collector’s “investigation was unquestionably reasonable,” concluded that the debt collector satisfied the requirements of the FCRA when it (i) verified the consumer’s information with her debt collection file; and (ii) after learning that the consumer disputed the accuracy of the account number associated with the debt, asked the credit reporting agencies to delete the adverse credit report.

    Courts Appellate Seventh Circuit FDCPA FCRA

    Share page with AddThis
  • House Financial Services Committee holds hearing on data security, breach notifications

    Privacy, Cyber Risk & Data Security

    On March 7, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Legislative Proposals to Reform the Current Data Security and Breach Notification Regulatory Regime” to discuss data security and breach notification rules and cybersecurity supervision and examination standards for reporting agencies. Subcommittee Chairman Blaine Luetkemeyer, R-Mo., opened the hearing by stating that “[f]orty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have all enacted differing laws requiring private companies to notify individuals of breaches of personal information,” and emphasized the need for a “national solution” to create data security safeguards and responsible notification processes.

    Legislation. The hearing discussed two legislative proposals sponsored by Representatives Luetkemeyer and Patrick McHenry, R-NC, respectively: the “Data Acquisition and Technology Accountability and Security Act” (DATAS Act) and the “Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act of 2017” (PROTECT Act). The DATAS Act would, among other things, (i) establish broad standards for data protection across industries; (ii) create new federal post-data breach notification requirements; and (iii) establish steps that covered entities must take to notify regulators, law enforcement, and victims after certain types of data breaches. Included within the PROTECT Act are provisions that would (i) subject large consumer reporting agencies to cybersecurity supervision and examination measures; (ii) amend the FCRA to allow consumers to request security freezes be placed, removed, or temporarily lifted on their credit reports; (iii) provide provisions for fees and exceptions from such fees; and (iv) prohibit consumer reporting agencies from including a consumer’s Social Security number in a credit report or being used as a method to identify a consumer.

    Hearing Testimony. The hearing’s four witnesses provided testimony related to current issues with data beaches and protecting consumer information, and commented on the inconsistencies in data breach laws. Among the issues discussed were (i) the challenges of creating a “universal, unique identifier” separate from a Social Security number; (ii) efforts to establish streamlined, uniform, national data breach notification, security, and credit freeze standards; and (iii) the need for U.S. businesses that handle sensitive financial information to implement measures to protect the data and maintain consumers’ trust. Massachusetts Assistant Attorney General and Director of Data Privacy & Security for the Attorney General’s Consumer Protection Division, Sara Cable, stated in her written testimony and during the hearing that the proposed DATAS Act’s consumer notice provisions would “leave consumers in a worse position than the status quo.” She also expressed concern that the bill “allows entities to push the cost of the data security crisis onto consumers without providing any meaningful remedy, strips the state Attorneys General of the authority they are presently and actively using to protect their consumers from breaches, and hamstrings efforts of the States to enact laws in response to future risks in an era of increasing and rapidly evolving technology.” 

    Privacy/Cyber Risk & Data Security House Financial Services Committee Data Breach FCRA Federal Legislation Security Freeze

    Share page with AddThis
  • District judge denies law firm’s motion to compel arbitration


    On February 12, a judge for the U.S. District Court for the Western District of Wisconsin held that a debt collection law firm could not compel a plaintiff to settle claims in arbitration because the law firm was not a party to the arbitration agreement it sought to enforce. According to the opinion, the plaintiff filed a proposed class action suit against the law firm and a credit card issuer for allegedly violating the Fair Credit Reporting Act (FCRA) and the Fair Debt Collection Practices Act (FDCPA) by publishing the plaintiff’s credit score on a complaint to obtain payment filed with a local country circuit court. The plaintiff subsequently dismissed the claims against the credit card issuer after resolving the issues outside of the court. The law firm filed a motion to compel arbitration, arguing that it is a third party co-defendant of a claim subject to an arbitration provision, which covered the credit card issuer, cardholders, and third party co-defendants. In denying the motion to compel, the judge held that the law firm is not a co-defendant “at the only time that matters, which is when the court is deciding the motion to compel arbitration” because the credit card issuer is no longer a party to the lawsuit. The judge also noted that if the credit card issuer wanted an associated law firm to be covered by the arbitration provision, it could have used broader language in the agreement.

    Courts Arbitration Debt Collection FCRA FDCPA

    Share page with AddThis
  • Supreme Court denies cert petition in Spokeo


    On January 22, the U.S. Supreme Court denied a second petition for writ of certiorari in Spokeo v. Robins, thereby declining to reconsider its position on Article III’s standing to sue requirements or to provide further clarification on what constitutes injury in fact. Citing “widespread confusion” over how to determine whether intangible injuries qualify as injury in fact, and therefore meet the standing threshold, Spokeo argued in its petition that review is “warranted to ensure that the jurisdiction asserted by the federal courts remains within constitutional limits.” The second petition was filed by Spokeo last December to request a review of the U.S. Court of Appeals for the Ninth Circuit’s August 2017 decision—on remand from the Supreme Court (see Buckley Sandler Special Alert here)—which ruled that Robins had established standing to sue for alleged violations of the Fair Credit Reporting Act (FCRA) by claiming an intangible statutory injury without any additional harm. The 9th Circuit opined that information contained in a consumer report about age, marital status, educational background, and employment history is important for employment and loan applications, home purchases, and more, and that it “does not take much imagination to understand how inaccurate reports on such a broad range of material facts about Robins’s life could be deemed a real harm.” Further, guaranteeing the accuracy of such information “seems directly and substantially related to FCRA’s goals.” The 9th Circuit reversed and remanded the case to the Central District of California after finding that Robins had adequately alleged the essential elements of standing (see previous InfoBytes coverage here).

    Courts U.S. Supreme Court Ninth Circuit Appellate FCRA Litigation Spokeo

    Share page with AddThis