InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Special Alert: SCOTUS Vacates Ninth Circuit Decision in Case Alleging Procedural FCRA Violations
On May 16, the United States Supreme Court issued an opinion vacating the Ninth Circuit’s 2014 ruling that a plaintiff had standing under Article III of the Constitution to sue an alleged consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA), for alleged procedural violations of the FCRA, 15 U.S.C § 1681 et seq. Spokeo v. Robins, No. 13-1339 (U.S. May 16, 2016). According to plaintiff Thomas Robins, the reporting agency violated his individualized (rather than collective) statutory rights by reporting inaccurate credit information regarding Robins’s wealth, job status, graduate degree, and marital status in willful noncompliance with certain FCRA requirements. In a 6-2 opinion delivered by Justice Alito, the Court ruled that Robins could not establish standing by alleging a bare procedural violation because Article III requires a concrete injury even in the context of statutory violation. Here, the Ninth Circuit erred in failing to consider separately both the “concrete and particularized” aspects of the injury-in-fact component of standing. The Court opined that the Ninth Circuit’s analysis was incomplete:
[T]he injury-in-fact requirement requires a plaintiff to allege an injury that is both “concrete and particularized.” Friends of the Earth, Inc. v. Laidlaw Environmental Services (TOC), Inc., 528 U.S. 167, 180-181 (2000) (emphasis added). The Ninth Circuit’s analysis focused on the second characteristic (particularity), but it overlooked the first (concreteness). We therefore…remand for the Ninth Circuit to consider both aspects of the injury-in-fact requirement.
Relying on case law, the Court emphasized that the “irreducible constitutional minimum” of Article III’s standing to sue relies on the plaintiff demonstrating (i) an injury-in-fact; (ii) that the injury is fairly traceable to the challenged conduct of the defendant; and (iii) that the injury is likely to be redressed by a favorable judicial decision. Lujan v. Defenders of Wildlife, 504 U.S., 560-561 (U.S. June 12, 1992); Friends of the Earth, Inc., 528 U.S., at 180-181. Spokeo primarily revolves around the first element, establishing an injury-in-fact. Again relying on Lujan, the Court reasoned that to establish injury-in-fact, the plaintiff must “show that he or she suffered ‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.’” Lujan, at 560. According to the Court, the Ninth Circuit’s discussion of Robins’s standing to sue, and in particular its discussion of whether Robins had articulated an individualized statutory right rather than a collective right, concerned only the particularization element of establishing an injury-in-fact. The Court stated that the Ninth Circuit’s standing analysis was incomplete because it had failed to consider whether the “concreteness” requirement for an injury-in-fact—whether Robins had a “real” and “not abstract” injury—also had been satisfied. While the Court did make clear that a concrete injury could be intangible and that Congress may identify intangible harms that meet minimum Article III requirements, it noted that “Congress’ role in identifying and elevating intangible harms does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.”
The Court noted that because the Ninth Circuit had not fully distinguished concreteness from particularization, it had failed to consider whether the reporting agency’s procedural violations of the FCRA constituted a sufficient degree of risk to Robins to meet the concreteness standard. The Court observed that while a procedural violation of the FCRA may, in some cases, be sufficient to establish a concrete injury-in-fact, not all inaccuracies in consumer information, i.e. an incorrect zip code, cause harm or a material risk of harm. Further, because “Article III standing requires a concrete injury even in the context of a statutory violation” the Court explained that “Robins cannot satisfy the demands of Article III by alleging a bare procedural violation.”
The Court vacated the Ninth Circuit’s judgment, and remanded the case for the Ninth Circuit to consider both aspects of the injury-in-fact requirement.
* * *
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Amanda Raines Lawrence, (202) 349-8089
- Fredrick Levin, (310) 424-3984
- Andrew Louis, (202) 349-8061
FTC Issues Guidance on Consumer Reporting Obligations under the FCRA
On May 10, the FTC released new guidance on consumer reporting obligations under the FCRA. The guidance is intended to assist companies in understanding whether or not they are subject to consumer reporting requirements under the FCRA. According to the FTC, a company that sells or provides “consumer reports” as defined in Section 603 of the FCRA, 15 U.S.C. § 1681a(d), is considered a “consumer reporting agency” bound by FCRA requirements: “even if you don’t think of your company as a consumer reporting agency, it may be one if it provides information about people to employers for use in hiring or other employment decisions.” The guidance further notes that employment background screening companies are typically subject to FCRA requirements, such as: (i) establishing and following “‘reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates’”; (ii) obtaining certifications that verify, among other things, their clients are legitimate and that the credit report will only be used for employment purposes; (iii) providing clients with information regarding their responsibilities under the FCRA, as well as a summary of consumer rights under the FCRA; and (iv) honoring certain rights of applicants and employees, including providing access to files upon request and conducting a reasonable investigation of consumer disputes.
CFPB Provides Consumers with Information on Obtaining Credit Reports
On January 27, the CFPB announced that it published its 2016 list of consumer reporting companies. The list includes contact information for the three largest nationwide reporting companies and various specialty reporting companies concentrating on specific geographic market areas and consumer segments. In addition, the list provides consumers with (i) tips on determining which specialty credit reports may be important to review depending upon the particular circumstances, such as applying for a job or a new bank account; (ii) information regarding how companies confirm the identity of the consumer requesting a copy of his or her credit report; and (iii) information on which companies also provide free credit scores. The CFPB also reminds consumers of their legal rights to (i) obtain the information in their credit reports, per the FCRA; and (ii) dispute inaccuracies contained in the report.
FTC Issues Report on Big Data
On January 6, the FTC published a report titled, “Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues.” The report, which draws from information from a September 2014 FTC workshop, as well as public comments and research, primarily focuses on the final stage in the life cycle of big data use by addressing the commercial use of consumer data and its effect on low-income and underserved populations. According to the report, participants in the 2014 workshop expressed concern that potential inaccuracies and biases from big data may lead companies to “exclude low-income and underserved communities from credit and employment opportunities.” For example, the report states that, “if big data analytics incorrectly predicts that particular consumers are not good candidates for prime credit offers, educational opportunities, or certain lucrative jobs, such educational opportunities, employment, and credit may never be offered to these consumers.” In order to minimize legal and ethical risks, and to avoid possible exclusion and/or discrimination, the report suggests that companies should obtain an understanding of various laws that may apply to their big data practices, including the FCRA, equal opportunity laws, and the FTC Act. The report provides a basic overview of these laws and presents companies with a number of questions to consider when examining whether or not their data practices comply with such laws, including, but not limited to, whether or not a company maintains reasonable security over consumer data, and whether it complies with requirements under the Equal Credit Opportunity Act regarding requests for information and record retention. In addition to these questions, the report advises companies to consider the following four key policy questions: (i) How representative is your data set? (ii) Does your data model account for biases? (iii) How accurate are your predictions based on big data? (iv) Does your reliance on big data raise ethical or fairness concerns? Finally, while the report acknowledges the benefits of big data, such as providing access to credit using non-traditional methods and increasing equal access to employment, the FTC’s report stresses the significance of examining and raising awareness about big data practices that have the potential to adversely impact low-income and underserved populations.
CFPB Takes Action Against "Buy-Here, Pay-Here" Auto Dealer and Affiliated Financing Company
On December 17, the CFPB announced a consent order against a Minnesota-based auto dealer and its affiliated financing company for alleged violations of the FCRA and the CFPA. The CFPB alleged that the auto dealer, acting through its financing company, (i) repeatedly furnished inaccurate consumer credit information for more than 84,000 customers from January 2009 through September 2013; and (ii) engaged in deceptive acts and practices by failing to report “good credit” to the credit reporting agencies (CRAs) for tens of thousands of consumers after making written representations that the it would report positive credit information to help consumers build and maintain good credit. Alleged FCRA violations include: (i) inaccurately reporting that vehicles were repossessed and borrowers owed balances after the vehicles were returned to the dealer in accordance with the company’s 72-hour return policy; (ii) inaccurately reporting that consumers had outstanding balances after issuing documentation that disputed accounts had been settled; and (iii) failing to establish and maintain reasonable written policies and procedures to ensure the accuracy and integrity of consumer information furnished to CRAs.
Under the terms of the consent order, the companies are required to pay a $6,465,000 civil money penalty. In addition, the companies must (i) establish and implement written consumer-information furnishing policies and procedures that comply with the Furnisher Rule; (ii) identify and correct inaccurate consumer-information that was furnished to the CRAs (iv) cease from making false representations that it will report “good credit” or other positive information to the CRAs; (v) provide affected consumers with free credit reports; and (vi) implement an effective audit program of its credit reporting practices.
CFPB Announces Complaint and Proposed Consent Order Against Massachusetts Debt Collection Firm
On December 7, the CFPB announced the filing of a complaint and a proposed consent order against a Massachusetts-based debt collection firm for alleged violations of the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA), and the Dodd-Frank Act. In 2012, the firm’s subsidiary purchased a debt portfolio from a telephone service provider containing over three million defaulted, and predominantly outdated, cellphone accounts. The firm and its subsidiary entered into a collection services agreement, with the firm agreeing to remit money collected from consumers, less fees and expenses, to its subsidiary. According to the CFPB, the firm, having prior experience in the collection of telecommunications debt, knew that the portfolio likely contained defects, including inaccurate and incomplete dispute histories and unverified documentation. Still, even after customers disputed certain debt, the firm continued to report the debt to credit reporting companies and to collect on time-barred, disputed, fraudulent, and settled or paid debts. The CFPB further alleges that the firm reported faulty information to the credit reporting companies by initially reporting that the entire debt portfolio was disputed, and then removing and subsequently reinserting the dispute flags on the entire portfolio. The firm’s purportedly deceptive practices resulted in the collection of about $743,000 on more than 2,000 disputed accounts, where the debt was not verified.
Under the proposed consent order, the firm would be required to: (i) refund to customers the payments that it received for disputed debt that was not verified; (ii) cease collecting and reporting on unverified, disputed debt, and request the removal by the credit reporting companies of such reported information from customer files; (iii) for five years, review original account-level documents to verify a debt before collecting on it; (iv) for five years, refrain from reselling its purchased debt to other debt collectors; and (v) pay a penalty of $1.85 million.
CFPB Enforcement Action Targets Background Check Company's Screening Practices
On October 29, the CFPB announced a consent order with a national employment background screening provider and its affiliate for alleged violations of the FCRA. According to the CFPB, the company and its affiliate failed to (i) use reasonable procedures to assure maximum possible accuracy of the information in reports that they provided to employers; (ii) take appropriate measures to ensure that non-reportable information, such as civil suits and civil judgments older than seven years, was not included in reports; and (iii) comply with the requirement to maintain “strict procedures” to ensure complete and up to date information in reports or notify consumers when the reported information was likely to have an adverse effect on their ability to obtain employment. Under the terms of the consent order, the company and its affiliate are required to provide $10.5 million in relief to consumers and pay a $2.5 million civil money penalty. In addition, the company and its affiliate must revise their compliance procedures and hire an independent consultant to assess their policies, procedures, staffing levels, and systems.
FTC Announces Proposed Settlement with Telecommunications Company for Alleged FCRA Violations
On October 21, the FTC announced a $2.95 million settlement with a telecommunications company for alleged violations of the FCRA. According to the FTC, the company violated the FCRA’s Risk-Based Pricing Rule by failing to provide consumers with a fully compliant risk-based pricing notice when they were placed into a cell phone and data service program with an additional monthly fee because of information from their consumer reports and their credit scores. Specifically, the FTC’s complaint alleges that the company (i) failed to provide consumers in the program with required disclosures in their risk-based pricing notices, such as the key factors that adversely affected their credit scores and language encouraging consumers to verify the accuracy of their consumer reports; and (ii) provided consumers with the disclosures only after they have become contractually obligated. In addition to the $2.95 million civil money penalty, the proposed consent order would require the company to (i) abide by the requirements of the Risk-Based Pricing Rule in the future; (ii) provide consumers with the proper disclosures within five days of signing up for the company’s services, or by a certain date that would allow them to avoid recurring charges; and (iii) send the consumers who originally received incomplete disclosures new, corrected risk-based pricing notices. The proposed order is subject to court approval in the District Court for the District of Kansas.
State AGs File Amicus Brief With U.S. Supreme Court in FCRA Standing Case
On September 9, the Massachusetts Attorney General announced that her office, along with 12 other states and the District of Columbia, had filed with the U.S. Supreme Court an amicus brief supporting the plaintiff-respondent in Spokeo v. Robins. (Previous InfoBytes coverage can be seen here). The putative class-action plaintiff in that case claimed that an online data broker published inaccurate information about him in violation of the Fair Credit Reporting Act (FCRA). Reversing the district court, the U.S. Court of Appeals for the Ninth Circuit held that the violation of a statutory right created by FCRA was, in itself, a sufficient injury to confer standing to sue under Article III of the Constitution. In their multistate amicus brief, the AGs argued that the Supreme Court should affirm this holding. The states asserted that businesses frequently rely on consumer data profiles to make important credit, employment, housing, and insurance decisions. However, “the damage done by . . . an inaccurate data profile is frequently impossible for the affected consumer to detect or quantify,” they argued. Accordingly, “Congress rightly has authorized statutory damages for a willful violation of the FCRA.” The AGs asserted that, given their limited resources, statutory damage cases and private class actions are needed to supplement their own consumer protection actions.
CFPB Cracks Down on Medical Debt Collector Over Alleged FCRA and FDCPA Violations
On June 18, the CFPB announced an enforcement action against a third-party medical debt collection company for allegedly failing to issue debt validation notices to customers, mishandling consumer credit reporting disputes, and preventing customers from exercising certain debt collection rights. According to the Bureau, from 2011 through 2013, the company failed to properly investigate consumers’ complaints with respect to information furnished to credit reporting agencies, and lacked internal policies and procedures on how to handle and respond to the complaints, resulting in a violation of the Fair Credit Reporting Act (FCRA). In addition, the Bureau contends that the company did not properly inform consumers of the amount of medical debt owed before commencing efforts to obtain payment on the debt, subsequently violating the Fair Debt Collection Practices Act (FDCPA). The CFPB ordered the medical debt collector to, among other things, (i) provide over $5 million in restitution to affected consumers, (ii) correct errors in consumer credit reports, (iii) pay a $500,000 civil money penalty, and (iv) improve its business practices.