Consumer Finance Law Blog : Consumer Finance Lawyer & Attorney : Kelley Drye & Warren Law Firm : Financial Privacy & Security

Today the Federal Trade Commission ("FTC"), Consumer Financial Protection Bureau ("CFPB"), and Department of Justice ("DOJ") filed a brief supporting the constitutionality of the Fair Credit Reporting Act ("FCRA").  FCRA limits the use of credit report information, protecting the privacy of the information, and establishes procedures for correcting mistakes in credit reports.  The brief addresses a provision of FCRA (§ 1681c) that bars a credit reporting agency ("CRA") from disclosing individuals' arrest records or other adverse information that is more than seven years old.

The government filed the brief in King v. General Information Services, Inc., which is pending in the Eastern District of Pennsylvania District Court.  The defendant argues that the FCRA provision is an unconstitutional restriction of free speech.  Contrary to that position, the government argues that the provision satisfies the applicable Central Hudson test for restrictions on commercial speech and should not be invalidated, despite the U.S. Supreme Court's recent ruling in Sorrell v. IMS Health Inc.  The brief concludes, "The law directly advances the government’s substantial interest in protecting individuals’ privacy and is no more extensive than necessary to protect that interest while also accommodating businesses’ competing interest in obtaining complete information about people to whom they are considering offering a loan, an insurance policy, or a job."

The brief demonstrates the cooperation expected between the FTC and CFPB as they jointly enforce FCRA.  In July 2011, the FTC issued "40 Years of Experience with the Fair Credit Reporting Act," a staff report "to share [the FTC's] extensive experience with the CFPB and the public through a summary of its key interpretations and guidance" developed through its 40 years of enforcing FCRA.  Companies subject to FCRA should continue to watch for coordination between the agencies as the enforcement roles evolve.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Earlier this week, the Federal Trade Commission (“FTC”) and the Federal Reserve Board issued proposed amendments to the Risk-Based Pricing Rule (“Rule”) that would require creditors to disclose credit score information when a credit score is used to set or adjust credit terms. The proposed changes would implement provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act and become effective July 21, 2011.

The Rule, promulgated under the Fair Credit Reporting Act, currently requires creditors to send a risk-based pricing notice if, based on the consumer’s credit report, the creditor provides materially less favorable credit terms than the most favorable terms it provides to a substantial portion of other consumers. A recipient of the notice can obtain a free credit report to check its accuracy.

The proposed amendments would require credit score disclosure if a credit score is used to make the determination, add content to the notices, and provide new model notices. There will be a 60-day comment period once the proposal is published in the Federal register.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

FTC Commissioner Julie Brill spoke about the new Consumer Financial Protection Bureau (“CFPB”) during a keynote address she delivered at the International Association of Privacy Professionals Second Annual Conference on December 7th. While describing how Congress enacted the Fair Credit Reporting Act (“FCRA”) to protect consumers’ personal information, Brill stated that the FTC and CFPB “need to make sure our current rules continue, in this technologically advanced age, to protect consumers’ rights under the FCRA.” Given that the FTC already has several staff members involved in setting up the CFPB, it is no surprise that the FTC plans to work in tandem with the CFPB to enforce existing consumer protection laws and to understand new uses of data in connection with such efforts.

During the address, Brill also outlined the major components of the FTC’s preliminary staff report on privacy, "Protecting Consumer Privacy in an Era of Rapid Change” which includes a proposal for a Do Not Track mechanism that would permit consumers to control their tracking preferences at every website they visit. For a more detailed discussion of the FTC’s Report, including the concepts behind Do Not Track, please click here to read the Kelley Drye client advisory.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In Andrews v. Equifax Information Services LLC, No.: C-08-0817, 2010 U.S. Dist. Lexis 38020 (W.D. Wash. Mar. 30, 2010), plaintiff filed suit against Equifax after it allegedly “mixed up” her information with that of another individual of the same name and disseminated that information to third parties. Plaintiff alleges that this “mix up” was caused by Equifax’s failure to follow reasonable procedures to ensure maximum possible accuracy of the information it reported as well as its failure to re-investigate her disputes, both of which are required by FCRA.

FCRA requires claims to be brought within two years after the plaintiff discovers the violation or within five years after the date the violation occurs. Invoking the former provision, Equifax argued that it was entitled to dismissal because the plaintiff had discovered the alleged violations more than two-years before she filed suit in May 2008. Equifax cited record evidence that plaintiff had called in 2004 and 2005 to dispute information in her credit file that she believed was inaccurate. Equifax contended further that it sent plaintiff the results of its investigation into her disputes on three occasions, the last of which was in late November 2005. According to Equifax, because these results contained the inaccurate information forming the basis of her FCRA allegations, plaintiff had discovered the violation more than two years before filing suit.

The Western District of Washington denied the motion, rejecting the argument that plaintiff’s knowledge of inaccurate information in her credit report put her on notice of Equifax’s alleged FCRA violation. “FCRA is not a strict liability statute,” said the court. Indeed, a credit reporting agency can escape liability under FCRA for an inaccurate credit report as long as it shows it followed reasonable procedures in generating it. Therefore, inaccurate information in a credit report, standing alone, cannot violate FCRA. According to the court, to obtain dismissal, Equifax had to show something more. Specifically, it had to produce sufficient evidence tying the investigation reports it provided to the plaintiff with plaintiff’s discovery of the precise violations alleged in the lawsuit. This, according to the court, it failed to do.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Businesses have until July 1, 2010 to comply with the new rules and guidelines under the Fair and Accurate Credit Transactions Act (“FACTA”), which amended the Fair Credit Reporting Act (“FCRA”), adopted by the Federal Trade Commission nearly a year ago relating to information provided to credit reporting agencies. Many know FACTA as the statute that allows consumers to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies (Equifax, Experian, and TransUnion), or the Act that contains provisions to help reduce identity theft. These new guidelines are designed to increase the accuracy and integrity of the information that furnishers provide to credit reporting agencies. The rules, in turn, require furnishers to establish reasonable written policies and procedures that implement the guidelines. The policies and procedures that furnishers are required to establish will vary depending on the “nature, size, complexity, and scope of each furnisher’s activities.” 16 C.F.R. § 660.3(a).  

The rules also provide consumers an additional avenue to challenge the accuracy of information used to generate their credit rating. Historically, consumers were encouraged to deal with the credit reporting agency about the accuracy of such information. Under the new FACTA rules, furnishers are now required, in most cases, to investigate disputes that are submitted directly to them by consumers regarding the accuracy of information that furnishers provided to a credit reporting agency.

Click here to review the final inter-agency rules and guidelines.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Recently, Federal Trade Commission Chairman Jon Leibowitz released the FTC’s 2010 Annual Report, which focused largely on the FTC’s endeavors to defend financially distressed consumers and to spur competition during these tough economic times.

For example, the FTC, among other things, emphasized that while the past year’s economic downturn prompted companies to offer new services targeted towards those most in need, some of these companies failed to deliver on these services. The FTC obtained preliminary or temporary relief in all twenty-two federal lawsuits filed against operators who allegedly falsely asserted they would obtain a loan modification or halt a foreclosure on consumers’ behalf. Typically, the operator allegedly was paid a high initial fee by the consumer, and then did little or nothing to help to modify the loan or halt foreclosure.

In order to maximize its efforts, the FTC indicated that it has renewed its efforts to partner with state and local enforcement agencies. The FTC secured relief through its participation in ten mortgage fraud task forces all over the nation. For example, the FTC entered into an $8.5 million settlement with a foreclosure “rescue” company, which precludes the company from making representations about the likelihood that it could stop a foreclosure. The FTC had alleged that the company collected high fees from consumers often exceeding $1,000, but did not endeavor to help them to avoid foreclosure.

The FTC also announced that in settling five Federal Credit Reporting Act suits (four of which were against users of credit reports and one of which was against a Credit Reporting Agency), the FTC obtained $447,000 in civil penalties and $157,000 in suspended penalties. In two of these actions, the FTC alleged that the users made adverse employment decisions predicated on background checks without notifying them of their rights under the FCRA.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

As of January 1, 2009, and in contrast to federal law, California Civil Code Section 1747.09 requires that no more than the last five digits of a credit or debit card number be printed on both the electronically-printed card receipt retained by the business as well as the receipt provided to customers. See CAL. CIVIL CODE § 1747.09(a)-(d). If you or your business accept credit cards or debit cards for payment you must ensure that all machines and registers are in compliance with these truncation requirements. Businesses that fail to comply with revised Section 1747.09 face potentially significant consequences, including enforcement actions by state agencies, and, perhaps more significantly, individual and class action lawsuits brought by cardholders.

A brief look at the recent history of class actions filed under the federal truncation statute – the Fair Credit Reporting Act (“FCRA”), which applies only to transaction receipts provided to customers – may offer guidance on how California courts may deal with actions brought under Section 1747.09.

Beginning in December 2006, plaintiffs’ attorneys began filing class action lawsuits against a broad spectrum of retailers and other businesses in California based largely on the failure to truncate expiration dates on electronically printed credit card receipts provided to consumers, and sought statutory penalties of between $100 and $1,000 per transaction for each “willful” violation alleged, plus attorneys’ fees, costs and punitive damages. See15 U.S.C. § 1681n. In order to prevent consumers, who had not suffered any actual damage, from recovering potentially annihilating statutory damages against retailers and other merchants, Congress passed the Credit and Debit Card Receipt Clarification Act, which added a provision to the Fair and Accurate Credit Transactions Act (“FACTA”) preventing consumers from obtaining statutory damages for willful expiration date violations taking place between December 4, 2004 and June 3, 2008. Further, several courts refused to certify a class on the theory that a class action is not superior to other methods for the fair and efficient adjudication of the controversy. However, no similar legislation has been enacted by the California legislature, and it remains to be seen whether courts will deny certification of a class action brought under Section 1747.09, as several courts have done in FACTA cases, to limit abusive lawsuits brought by consumers under California state law.

Accordingly, if you have not already done so, you should act swiftly to ensure that all machines and registers are in compliance with the truncation requirements. To accomplish this, consider auditing machines and registers by printing out receipts both retained by the company and issued to the customer. If any violation of Section 1747.09 or FACTA is detected, corrective action should be taken to limit potential liability and to decrease the risk of a potential lawsuit. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Which among the following businesses are potentially subject to consumer financial services laws, rules, and regulations?

A. a retail clothing chain
B. a bank or mortgage company
C. an internet retailer
D. a fast food franchisor
E. all of the above

If you answered E, “All of the above,” you are CORRECT. However, many companies do not realize their businesses are subject to consumer financial services laws. Consequently, their businesses may not be compliant and may be subject to litigation risk.

The focus of the Consumer Finance Law Blog is to keep – all on one site – traditional and non-traditional financial service providers subject to consumer financial services laws abreast of recent developments in:

• State consumer protection statutes and regulations
• State privacy statutes
• Privacy and consumer protection litigation
• Card Association Rules
• Equal Credit Opportunity Act
• Electronic Funds Transfer Act
• Fair Credit Reporting Act
• Fair Credit Transactions Act
• Fair Debt Collection Practices Act
• Payment Card Industry Data Security Standard
• State Money Transmitter Statutes
• State Retail Installment Sales Act
• State and Federal Unfair and Deceptive Trade Practices Acts
• TILA, RESPA, and related federal and state consumer disclosure and notice requirements
• Insurance coverage issues
• Legislation that may impact company compliance or create new litigation risk.

We welcome you and hope that you find our posts interesting, educational, and thought provoking. We also welcome your feedback and invite you to suggest topics or recent decisions of interest that you would like us to address.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link