Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • Court grants summary judgment to credit reporting agency over FCRA dispute

    Courts

    On April 4, the U.S. District Court for the Northern District of California granted a consumer reporting agency’s motion for summary judgment, holding that a “firm offer of credit” under the FCRA does not require that an offer based on furnished information result in an enforceable contract. According to the opinion, a consumer filed a putative class action suit alleging that the consumer reporting agency violated the FCRA by providing California residents’ credit report information to two businesses that were not licensed to make consumer loans in California and that offered interest rates which exceed allowable limits under California law. The court disagreed, holding that the FCRA only requires that a prescreened offer not be retracted if the consumer meets the creditor’s pre-selection criteria. Additionally, the court rejected the consumer’s argument that the FCRA also imposes a duty on consumer reporting agencies to separately credential service providers who are given access to the furnished information from their credentialed principals. The court emphasized that “neither the FCRA, nor any case authority addressing the FCRA” imposes this duty.

    Courts FCRA Usury Prescreened Offers

    Share page with AddThis
  • District Court finds government is not immune from private claims under the FCRA

    Courts

    On March 22, the U.S. District Court for the Western District of Louisiana denied the Defense Finance and Accounting Service’s (DFAS), a federal government agency within the Department of Defense, motion to dismiss a private action under the Fair Credit Reporting Act (FCRA) based on a lack of subject matter jurisdiction as a result of sovereign immunity. The court found that FCRA’s definition of person includes “government or governmental subdivision or agency,” and therefore, waives the United States’ sovereign immunity under FCRA. The court did not agree with DFAS’ position that the terms “government or governmental subdivision or agency” are too broad to constitute a wavier of sovereign immunity. In support of its position, the court cited a decision by the U.S. Court of Appeals for the 7th Circuit providing that the FCRA “unequivocally waives the United States’ sovereign immunity from damages for violations under the FCRA.”

    Courts FCRA Sovereign Immunity Appellate Seventh Circuit

    Share page with AddThis
  • 7th Circuit affirms debt collector verification of debt satisfies FDCPA and FCRA

    Courts

    On March 21, the U.S. Court of Appeals for the 7th Circuit held that a debt collector does not need to contact an original creditor directly in order to satisfy the verification of debt requirement under the FDCPA. According to the opinion, a consumer filed a lawsuit against a debt collection company for, among other things, allegedly violating Section 1692 of the FDCPA, which requires that a debt collector obtain verification of a debt. The debt collector had sent multiple notices to the consumer regarding a telecommunications debt, but certain digits of the original account number were incorrect. The consumer argued that the debt collector was obligated to contact the telecommunications company to confirm the account number was accurate. The district court granted summary judgment in favor of the debt collector, agreeing that the debt collector’s responsibility under Section 1692 was satisfied when the notices sent to the consumer matched the telecommunications company’s description of the debt amount and debtor’s name. In affirming the lower court’s decision, the 7th Circuit stated “[i]t would be both burdensome and significantly beyond the [FDCPA]’s purpose” to “require[e] a debt collector to undertake an investigation into whether the creditor is actually entitled to the money it seeks.”

    The 7th Circuit also affirmed summary judgment for the debt collector with respect to allegations that it violated the FCRA by inadequately investigating the disputed debt. The court, noting that the debt collector’s “investigation was unquestionably reasonable,” concluded that the debt collector satisfied the requirements of the FCRA when it (i) verified the consumer’s information with her debt collection file; and (ii) after learning that the consumer disputed the accuracy of the account number associated with the debt, asked the credit reporting agencies to delete the adverse credit report.

    Courts Appellate Seventh Circuit FDCPA FCRA

    Share page with AddThis
  • House Financial Services Committee holds hearing on data security, breach notifications

    Privacy, Cyber Risk & Data Security

    On March 7, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Legislative Proposals to Reform the Current Data Security and Breach Notification Regulatory Regime” to discuss data security and breach notification rules and cybersecurity supervision and examination standards for reporting agencies. Subcommittee Chairman Blaine Luetkemeyer, R-Mo., opened the hearing by stating that “[f]orty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have all enacted differing laws requiring private companies to notify individuals of breaches of personal information,” and emphasized the need for a “national solution” to create data security safeguards and responsible notification processes.

    Legislation. The hearing discussed two legislative proposals sponsored by Representatives Luetkemeyer and Patrick McHenry, R-NC, respectively: the “Data Acquisition and Technology Accountability and Security Act” (DATAS Act) and the “Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act of 2017” (PROTECT Act). The DATAS Act would, among other things, (i) establish broad standards for data protection across industries; (ii) create new federal post-data breach notification requirements; and (iii) establish steps that covered entities must take to notify regulators, law enforcement, and victims after certain types of data breaches. Included within the PROTECT Act are provisions that would (i) subject large consumer reporting agencies to cybersecurity supervision and examination measures; (ii) amend the FCRA to allow consumers to request security freezes be placed, removed, or temporarily lifted on their credit reports; (iii) provide provisions for fees and exceptions from such fees; and (iv) prohibit consumer reporting agencies from including a consumer’s Social Security number in a credit report or being used as a method to identify a consumer.

    Hearing Testimony. The hearing’s four witnesses provided testimony related to current issues with data beaches and protecting consumer information, and commented on the inconsistencies in data breach laws. Among the issues discussed were (i) the challenges of creating a “universal, unique identifier” separate from a Social Security number; (ii) efforts to establish streamlined, uniform, national data breach notification, security, and credit freeze standards; and (iii) the need for U.S. businesses that handle sensitive financial information to implement measures to protect the data and maintain consumers’ trust. Massachusetts Assistant Attorney General and Director of Data Privacy & Security for the Attorney General’s Consumer Protection Division, Sara Cable, stated in her written testimony and during the hearing that the proposed DATAS Act’s consumer notice provisions would “leave consumers in a worse position than the status quo.” She also expressed concern that the bill “allows entities to push the cost of the data security crisis onto consumers without providing any meaningful remedy, strips the state Attorneys General of the authority they are presently and actively using to protect their consumers from breaches, and hamstrings efforts of the States to enact laws in response to future risks in an era of increasing and rapidly evolving technology.” 

    Privacy/Cyber Risk & Data Security House Financial Services Committee Data Breach FCRA Federal Legislation Security Freeze

    Share page with AddThis
  • District judge denies law firm’s motion to compel arbitration

    Courts

    On February 12, a judge for the U.S. District Court for the Western District of Wisconsin held that a debt collection law firm could not compel a plaintiff to settle claims in arbitration because the law firm was not a party to the arbitration agreement it sought to enforce. According to the opinion, the plaintiff filed a proposed class action suit against the law firm and a credit card issuer for allegedly violating the Fair Credit Reporting Act (FCRA) and the Fair Debt Collection Practices Act (FDCPA) by publishing the plaintiff’s credit score on a complaint to obtain payment filed with a local country circuit court. The plaintiff subsequently dismissed the claims against the credit card issuer after resolving the issues outside of the court. The law firm filed a motion to compel arbitration, arguing that it is a third party co-defendant of a claim subject to an arbitration provision, which covered the credit card issuer, cardholders, and third party co-defendants. In denying the motion to compel, the judge held that the law firm is not a co-defendant “at the only time that matters, which is when the court is deciding the motion to compel arbitration” because the credit card issuer is no longer a party to the lawsuit. The judge also noted that if the credit card issuer wanted an associated law firm to be covered by the arbitration provision, it could have used broader language in the agreement.

    Courts Arbitration Debt Collection FCRA FDCPA

    Share page with AddThis
  • Supreme Court denies cert petition in Spokeo

    Courts

    On January 22, the U.S. Supreme Court denied a second petition for writ of certiorari in Spokeo v. Robins, thereby declining to reconsider its position on Article III’s standing to sue requirements or to provide further clarification on what constitutes injury in fact. Citing “widespread confusion” over how to determine whether intangible injuries qualify as injury in fact, and therefore meet the standing threshold, Spokeo argued in its petition that review is “warranted to ensure that the jurisdiction asserted by the federal courts remains within constitutional limits.” The second petition was filed by Spokeo last December to request a review of the U.S. Court of Appeals for the Ninth Circuit’s August 2017 decision—on remand from the Supreme Court (see Buckley Sandler Special Alert here)—which ruled that Robins had established standing to sue for alleged violations of the Fair Credit Reporting Act (FCRA) by claiming an intangible statutory injury without any additional harm. The 9th Circuit opined that information contained in a consumer report about age, marital status, educational background, and employment history is important for employment and loan applications, home purchases, and more, and that it “does not take much imagination to understand how inaccurate reports on such a broad range of material facts about Robins’s life could be deemed a real harm.” Further, guaranteeing the accuracy of such information “seems directly and substantially related to FCRA’s goals.” The 9th Circuit reversed and remanded the case to the Central District of California after finding that Robins had adequately alleged the essential elements of standing (see previous InfoBytes coverage here).

    Courts U.S. Supreme Court Ninth Circuit Appellate FCRA Litigation Spokeo

    Share page with AddThis
  • CFPB Requests Comments on Overdraft Disclosures; CFPB Announces Final Language Access Plan; Holds Ceiling at $12.00 for Allowable FCRA Charges

    Agency Rule-Making & Guidance

    On November 15, the CFPB published a request for comment on a proposal to the Office of Management and Budget (OMB) to conduct online testing of point of sale/ATM (POS/ATM) overdraft disclosure forms. In the request, the Bureau invited comments on, (i) “[w]hether the collection of information is necessary for the proper performance of the functions of the Bureau, including whether the information will have practical utility”; (ii) “[t]he accuracy of the Bureau’s estimate of the burden of the collection of information, including the validity of the methods and the assumptions used”; (iii) “[w]ays to enhance the quality, utility, and clarity of the information to be collected”; and (iv) “[w]ays to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology.” Comments must be received by January 16, 2018.

    On November 16, the CFPB released the final version of its Language Access Plan (Plan) to provide non-English speaking persons access to its programs and services. The Plan highlights two key language access functions of the Bureau: offering translated consumer-facing brochures and handling complaints from consumers in multiple languages. The Bureau originally proposed the Plan in 2014 (covered previously by InfoBytes). The final Plan is current as of November 13, 2017.

    CFPB also announced on November 16 that the maximum allowable charges for certain disclosures under the Fair Credit Reporting Act (FCRA) will remain at the current level. Each year the original amount referenced in the FCRA must be readjusted (and rounded to the nearest fifty cents) based on the annual percentage increase in the Consumer Price Index for All Urban Consumers (CPI-U). The amount for 2018, based on the annual percentage increase in the CPI-U, remains unchanged at $12.00.

    Agency Rule-Making & Guidance FCRA CFPB Consumer Finance Federal Register Consumer Education

    Share page with AddThis
  • District Court Upholds $60 Million Jury Verdict for Credit Reporting Agency’s Use of OFAC Alert

    Courts

    On November 7, the Northern District Court of California upheld a $60 million jury verdict against a credit reporting agency regarding the use of its OFAC Alert (previously covered by InfoBytes). The verdict stems from a 2012 class action lawsuit in which the plaintiffs alleged that the defendant had failed to distinguish law-abiding citizens from drug traffickers, terrorists, and other criminals with similar names found on the Treasury Department’s OFAC database. Following the defendant's motion for judgment as a matter of law or a new trial, the district court agreed with the jury’s findings that the defendant (i) “willfully fail[ed] to follow reasonable procedures to assure the maximum possible accuracy of the OFAC information it associated with members of the class’’; (ii) “willfully failed to clearly and accurately disclose OFAC information in the written disclosures it sent to members of the class”; and (iii) “failed to provide class members a summary of their FCRA rights with each written disclosure made to them.”

    Courts FCRA OFAC Credit Reporting Agency Consumer Finance

    Share page with AddThis
  • Eleventh Circuit Rules Credit Reporting Agency Did Not Willfully Violate FCRA

    Courts

    In an August 24 opinion, the U.S. Court of Appeals for the Eleventh Circuit held that a credit reporting agency had not interpreted the Fair Credit Reporting Act (FCRA) in an “objectively unreasonable” manner when it included in a plaintiff’s credit report that the plaintiff was an authorized user of her parents’ delinquent credit card account. In doing so, the appellate court upheld the Georgia district court’s decision to dismiss the class action lawsuit over allegations that two credit reporting agencies failed to take reasonable precautions to ensure the accuracy of the plaintiff’s credit score. The appellate court concluded that including the information was a reasonable interpretation of the FCRA obligation to “follow reasonable procedures to assure the maximum possible accuracy” of the reported information—meaning the report must be technically accurate. Because this interpretation was not objectively unreasonable, the plaintiff could not plead that the violations were willful.

    The case concerned a plaintiff who was designated as an authorized user of her parents’ credit card when they became ill. After the plaintiff’s parents died, the account went into default, and the credit card company reported the default to consumer reporting agencies listing the consumer as an authorized user, which caused her credit score to drop by 100 points. The credit card company—responding to the plaintiff’s complaint over the inaccurate information—interceded in the matter with the credit reporting agencies. The information was expunged from the plaintiff’s report and her credit score returned to its prior level. The plaintiff then filed a consumer class action complaint in 2015, contending that the consumer reporting agencies had violated their duty under the FCRA when they failed to take reasonable precautions to ensure the accuracy of her credit score.

    At issue, the appellate court opined, was which interpretation should be applied when determining “maximum possible accuracy,” which, depending on differing court opinions, might mean (i) making certain that any included information is “technically accurate,” or (ii) ensuring the information is not only technically accurate but also not misleading or incomplete. The appellate court asserted that while the first interpretation was a less exacting reading of the FCRA, the plaintiff failed to cite any judicial precedents or agency interpretive guidance advising that reporting authorized user information was a violation. Further, the plaintiff failed to show that the credit reporting agency reported false information.

    Of note, the appellate court determined the plaintiff had shown an “injury in fact” and had standing to sue based on the following reasons: (i) reporting inaccurate credit information “has a close relationship to the harm caused by the publication of defamatory information,” which has a long provided basis as a cause of action; (ii) a concrete injury was allegedly sustained due to time spent resolving the problems resulting from the credit inaccuracies; and (iii) the plaintiff was affected personally because her credit score fell due to the reported information.

    Courts Credit Reporting Agency Appellate Eleventh Circuit FCRA

    Share page with AddThis
  • Ninth Circuit Rules FCRA Plaintiff Has Article III Standing

    Courts

    On August 15, the U.S. Court of Appeals for the Ninth Circuit issued an opinion, on remand from the U.S. Supreme Court, ruling that a consumer plaintiff could proceed with his Fair Credit Reporting Act (FCRA) claims because he had sufficiently alleged a “concrete” injury and therefore had standing to sue under Article III of the Constitution. Robins v. Spokeo, Inc., No. 11-56843, 2017 WL 3480695 (9th Cir. Aug. 15, 2017). By way of background, the plaintiff had alleged that the defendant consumer reporting agency “willfully violated various procedural requirements under FCRA,” and consequently published an inaccurate consumer report on its website that “falsely stated his age, marital status, wealth, education level, and profession” and “included a photo of a different person.” In May 2016, the Supreme Court vacated an earlier Ninth Circuit decision, finding that the court failed to consider an essential element of Article III standing: whether the plaintiff alleged a “concrete” injury. (See previous Special Alert here.) After providing some guidance—including that the plaintiff’s injury must be “real” and not “abstract” or merely “procedural”—the high court remanded to the Ninth Circuit for further consideration. 

    On remand, the court first asked “whether the statutory provisions at issue were established to protect [the plaintiff’s] concrete interests (as opposed to purely procedural rights).” The court answered affirmatively, finding that “the FCRA procedures at issue in this case were crafted to protect consumers’ . . . concrete interest in accurate credit reporting about themselves.” Next, the court asked “whether the specific procedural violations alleged in this case actually harm, or present a material risk of harm to, such interests.” The court again answered affirmatively, finding that the plaintiff sufficiently alleged that he suffered a “real harm” to his “concrete interests in truthful credit reporting.” That is, the plaintiff sufficiently alleged that the defendant “prepared . . . an [inaccurate] report,” “that it then published the report on the Internet,” and that “the nature of the specific alleged reporting inaccuracies” was not “trivial or meaningless,” but instead covered “a broad range of material facts” about the plaintiff’s life “that may be important to employers or others making use of a consumer report.” Finally, the court found that the plaintiff’s allegations were not too speculative, because “both the challenged conduct and the attendant injury have already occurred.” After reaffirming that the plaintiff had adequately alleged the other essential elements of standing, the court remanded to the Central District of California for further proceedings.

    Courts FCRA Appellate Litigation Ninth Circuit U.S. Supreme Court Spokeo

    Share page with AddThis

Pages