On January 6, the FTC published a report titled, “Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues.” The report, which draws from information from a September 2014 FTC workshop, as well as public comments and research, primarily focuses on the final stage in the life cycle of big data use by addressing the commercial use of consumer data and its effect on low-income and underserved populations. According to the report, participants in the 2014 workshop expressed concern that potential inaccuracies and biases from big data may lead companies to “exclude low-income and underserved communities from credit and employment opportunities.” For example, the report states that, “if big data analytics incorrectly predicts that particular consumers are not good candidates for prime credit offers, educational opportunities, or certain lucrative jobs, such educational opportunities, employment, and credit may never be offered to these consumers.” In order to minimize legal and ethical risks, and to avoid possible exclusion and/or discrimination, the report suggests that companies should obtain an understanding of various laws that may apply to their big data practices, including the FCRA, equal opportunity laws, and the FTC Act. Read more…
On January 27, the CFPB announced that it published its 2016 list of consumer reporting companies. The list includes contact information for the three largest nationwide reporting companies and various specialty reporting companies concentrating on specific geographic market areas and consumer segments. In addition, the list provides consumers with (i) tips on determining which specialty credit reports may be important to review depending upon the particular circumstances, such as applying for a job or a new bank account; (ii) information regarding how companies confirm the identity of the consumer requesting a copy of his or her credit report; and (iii) information on which companies also provide free credit scores. The CFPB also reminds consumers of their legal rights to (i) obtain the information in their credit reports, per the FCRA; and (ii) dispute inaccuracies contained in the report.
On December 17, the CFPB announced a consent order against a Minnesota-based auto dealer and its affiliated financing company for alleged violations of the FCRA and the CFPA. The CFPB alleged that the auto dealer, acting through its financing company, (i) repeatedly furnished inaccurate consumer credit information for more than 84,000 customers from January 2009 through September 2013; and (ii) engaged in deceptive acts and practices by failing to report “good credit” to the credit reporting agencies (CRAs) for tens of thousands of consumers after making written representations that the it would report positive credit information to help consumers build and maintain good credit. Alleged FCRA violations include: (i) inaccurately reporting that vehicles were repossessed and borrowers owed balances after the vehicles were returned to the dealer in accordance with the company’s 72-hour return policy; (ii) inaccurately reporting that consumers had outstanding balances after issuing documentation that disputed accounts had been settled; and (iii) failing to establish and maintain reasonable written policies and procedures to ensure the accuracy and integrity of consumer information furnished to CRAs.
On December 7, the CFPB announced the filing of a complaint and a proposed consent order against a Massachusetts-based debt collection firm for alleged violations of the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA), and the Dodd-Frank Act. In 2012, the firm’s subsidiary purchased a debt portfolio from a telephone service provider containing over three million defaulted, and predominantly outdated, cellphone accounts. The firm and its subsidiary entered into a collection services agreement, with the firm agreeing to remit money collected from consumers, less fees and expenses, to its subsidiary. According to the CFPB, the firm, having prior experience in the collection of telecommunications debt, knew that the portfolio likely contained defects, including inaccurate and incomplete dispute histories and unverified documentation. Read more…
On December 3, The CFPB took action against a nationwide credit reporting company and its owner over alleged violations of the Fair Credit Reporting Act. According to the CFPB, the defendants (i) obtained consumer reports, without permissible purpose, from third-party CRAs to generate marketing presentations for prospective clients; and (ii) failed to investigate consumer disputes, including those relating to identity theft. The CFPB further alleged that the company “routinely failed” to provide consumer dispute information to furnishers. In addition to an $8 million civil money penalty, the consent order requires the defendants to submit to the CFPB a compliance plan that ensures their “practices for obtaining Consumer Reports and conducting reinvestigations of disputes [comply] with all applicable federal consumer financial laws, as defined in the CFPA.” Finally, the order prohibits the company from engaging in certain practices, such as the selling or reselling of any consumer report to any person whose purpose for obtaining the report is to consider purchasing any service provided by the defendants, or to generate a lead.
On October 29, the CFPB announced a consent order with a national employment background screening provider and its affiliate for alleged violations of the FCRA. According to the CFPB, the company and its affiliate failed to (i) use reasonable procedures to assure maximum possible accuracy of the information in reports that they provided to employers; (ii) take appropriate measures to ensure that non-reportable information, such as civil suits and civil judgments older than seven years, was not included in reports; and (iii) comply with the requirement to maintain “strict procedures” to ensure complete and up to date information in reports or notify consumers when the reported information was likely to have an adverse effect on their ability to obtain employment. Under the terms of the consent order, the company and its affiliate are required to provide $10.5 million in relief to consumers and pay a $2.5 million civil money penalty. In addition, the company and its affiliate must revise their compliance procedures and hire an independent consultant to assess their policies, procedures, staffing levels, and systems.
On October 21, the FTC announced a $2.95 million settlement with a telecommunications company for alleged violations of the FCRA. According to the FTC, the company violated the FCRA’s Risk-Based Pricing Rule by failing to provide consumers with a fully compliant risk-based pricing notice when they were placed into a cell phone and data service program with an additional monthly fee because of information from their consumer reports and their credit scores. Specifically, the FTC’s complaint alleges that the company (i) failed to provide consumers in the program with required disclosures in their risk-based pricing notices, such as the key factors that adversely affected their credit scores and language encouraging consumers to verify the accuracy of their consumer reports; and (ii) provided consumers with the disclosures only after they have become contractually obligated. In addition to the $2.95 million civil money penalty, the proposed consent order would require the company to (i) abide by the requirements of the Risk-Based Pricing Rule in the future; (ii) provide consumers with the proper disclosures within five days of signing up for the company’s services, or by a certain date that would allow them to avoid recurring charges; and (iii) send the consumers who originally received incomplete disclosures new, corrected risk-based pricing notices. The proposed order is subject to court approval in the District Court for the District of Kansas.
On September 9, the Massachusetts Attorney General announced that her office, along with 12 other states and the District of Columbia, had filed with the U.S. Supreme Court an amicus brief supporting the plaintiff-respondent in Spokeo v. Robins. (Previous InfoBytes coverage can be seen here). The putative class-action plaintiff in that case claimed that an online data broker published inaccurate information about him in violation of the Fair Credit Reporting Act (FCRA). Reversing the district court, the U.S. Court of Appeals for the Ninth Circuit held that the violation of a statutory right created by FCRA was, in itself, a sufficient injury to confer standing to sue under Article III of the Constitution. In their multistate amicus brief, the AGs argued that the Supreme Court should affirm this holding. The states asserted that businesses frequently rely on consumer data profiles to make important credit, employment, housing, and insurance decisions. However, “the damage done by . . . an inaccurate data profile is frequently impossible for the affected consumer to detect or quantify,” they argued. Accordingly, “Congress rightly has authorized statutory damages for a willful violation of the FCRA.” The AGs asserted that, given their limited resources, statutory damage cases and private class actions are needed to supplement their own consumer protection actions.
On June 18, the CFPB announced an enforcement action against a third-party medical debt collection company for allegedly failing to issue debt validation notices to customers, mishandling consumer credit reporting disputes, and preventing customers from exercising certain debt collection rights. According to the Bureau, from 2011 through 2013, the company failed to properly investigate consumers’ complaints with respect to information furnished to credit reporting agencies, and lacked internal policies and procedures on how to handle and respond to the complaints, resulting in a violation of the Fair Credit Reporting Act (FCRA). In addition, the Bureau contends that the company did not properly inform consumers of the amount of medical debt owed before commencing efforts to obtain payment on the debt, subsequently violating the Fair Debt Collection Practices Act (FDCPA). The CFPB ordered the medical debt collector to, among other things, (i) provide over $5 million in restitution to affected consumers, (ii) correct errors in consumer credit reports, (iii) pay a $500,000 civil money penalty, and (iv) improve its business practices.
On April 27, the United States Supreme Court granted a petition for a writ of certiorari seeking review of a hotly-debated question with potentially far-reaching implications: whether a mere violation of a federal statute, without more, satisfies the “injury-in-fact” standard required for constitutional standing under Article III. The case at issue involves a plaintiff alleging violations of the Fair Credit Reporting Act (FCRA); specifically, the plaintiff argued that he suffered actual harm when an online search engine, acting as a credit reporting agency (CRA), published inaccurate information about his background and character in violation of FCRA provisions requiring a CRA to ensure accuracy and provide notice regarding the information it disseminates. The district court ruled that plaintiff failed to demonstrate injury-in-fact without showing more than mere violations of the FCRA. The Ninth Circuit reversed, holding that the violation of federal statutory rights is sufficient to show constitutional standing, and that a plaintiff need not demonstrate any actual damages in order to file suit. Notably, the Ninth Circuit did not opine that the “harm” alleged by the plaintiff – the online search engine portrayed him as wealthier and more educated than he actually was – affected him economically by impeding his employment prospects. Read more…
On February 5, the U.S. District Court for the Northern District of Illinois denied a credit reporting company’s motion to compel arbitration in a putative class action which alleged that the company sold credit scores to consumers that differed from the scores the company provided to lenders due to contrasting credit scoring models. The plaintiff alleged this practice violated provisions of the Fair Credit Reporting Act, Illinois Consumer Fraud and Deceptive Business Practices Act, and Missouri Merchandizing Practices Act, and that the credit reporting company was negligent in failing to inform consumers of the conflicting scores. The credit reporting company sought to compel arbitration on the basis of arbitration terms embedded in language in an online purchase agreement. Read more…
CFPB Initiative Results in Free Access to Credit Scores, Agency Pledges to Increase Credit Reporting Enforcement Authority
One year after launching an initiative to improve consumer access to credit reporting information, the CFPB announced on February 19 that at least 50 million Americans now have the ability to directly and freely access their credit scores. As a result of the CFPB’s credit score initiative, over a dozen major credit card issuers have elected to provide free credit reports to their cardholders, and more issuers are expected to follow suit. The initiative was launched to emphasize the significance of monitoring credit scores and to make it easier for consumers to keep themselves informed. CFPB Director Richard Cordray applauded the agency’s efforts to increase transparency in this arena in his prepared remarks for Thursday’s Consumer Advisory Board Meeting, stating that improving both the accessibility and accuracy of credit reports is vital to consumers and credit providers alike. Cordray also alluded that the CFPB intends to leverage its enforcement authority to more closely regulate the credit reporting industry, thereby placing creditors, debt collectors, and other businesses that furnish consumer credit information on high alert. “Using our supervision and enforcement authorities,” Cordray said, “we are already bringing significant new improvements to the credit reporting system − and we are only getting started.”
On January 28, the FTC released a comprehensive report detailing what the so-called “Internet of Things” is, how it is being used, and how both consumers and businesses can protect themselves. The report defines the Internet of Things as “devices or sensors – other than computers, smartphones, or tablets – that connect, store or transmit information with or between each other via the Internet,” and that are sold to or used by consumers. The report focuses on consumer privacy and security and offers a variety of recommendations for those companies offering devices that fall within the definition, including that security be a key part of the design process and data collection be limited where possible. The report does not call for new legislation specific to the Internet of Things because the FTC believes such legislation would be premature. The FTC states that it will use existing authority under laws such as the FTC Act, the Fair Credit Reporting Act, the Hi-Tech Act, and the Children’s Online Privacy Protection Act to take actions against Internet of Things products and services as necessary to protect consumers.
Special Alert: CFPB Takes Enforcement Action Against “Buy-Here, Pay-Here” Auto Dealer for Alleged Unfair Collection and Credit Reporting Tactics
On November 19, the CFPB announced an enforcement action against a ‘buy-here, pay-here’ auto dealer alleging unfair debt collection practices and the furnishing of inaccurate information about customers to credit reporting agencies. ‘Buy-here, pay-here’ auto dealers typically do not assign their retail installment sale contracts (RISCs) to unaffiliated finance companies or banks, and therefore are subject to the CFPB’s enforcement authority. Consistent with the position it staked out in CFPB Bulletin 2013-07, in this enforcement action the CFPB appears to have applied specific requirements of the Fair Debt Collection Practices Act (FDCPA) to the dealer in its capacity as a creditor based on the CFPB’s broader authority over unfair, deceptive, or abusive acts practices.
The CFPB charges that the auto dealer violated the Consumer Financial Protection Act, 12 U.S.C. §§ 5531, 5536, which prohibits unfair, deceptive, or abusive acts or practices, by (i) repeatedly calling customers at work, despite being asked to stop; (ii) repeatedly calling the references of customers, despite being asked to stop; and (iii) making excessive, repeated calls to wrong numbers in efforts to reach customers who fell behind on their auto loan payments. Specifically, the CFPB alleges that the auto dealer used a third-party database to “skip trace” for new phone numbers of its customers. As a result, numerous wrong parties were contacted who asked to stop receiving calls. Despite their requests, the auto dealer allegedly failed to prevent calls to these wrong parties or did not remove their contact information from its system.
In addition, the CFPB alleges that the auto dealer violated the Fair Credit Reporting Act by (i) providing inaccurate information to credit reporting agencies; (ii) improperly handling consumer disputes regarding furnished information; and (iii) not establishing and implementing “reasonable written policies and procedures regarding the accuracy and integrity of the information relating to [customers] that it furnishes to a consumer reporting agency.” Specifically, the CFPB alleges that, since 2010, the auto dealer did not review or update its written furnishing policies, despite knowing that conversion to its third-party servicing platform had led to widespread inaccuracies in furnished information. Also, the consent order alleges that the auto dealer received more than 22,000 credit disputes per year, including disputes regarding the timing of repossessions and dates of first delinquency for charged-off accounts, but nevertheless furnished inaccurate information. Read more…
On October 28, the CFPB released the fifth edition of its Supervisory Highlights report. The report highlighted the CFPB’s recent supervisory findings of regulatory violations and UDAAP violations relating to consumer reporting, debt collection, deposits, mortgage servicing and student loan servicing. The report also provided updated supervisory guidance regarding HMDA reporting relating to HMDA data resubmission standards. With respect to consumer reporting, the report identified a variety of violations of FCRA Section 611 regarding dispute resolution. The report noted findings of several FDCPA and UDAAP violations in connection with debt collection, including: (i) unlawful imposition of convenience fees; (ii) false threats of litigation; (iii) improper disclosures to third parties; and (iv) unfair practices with respect to debt sales. For deposits, the report identified several Regulation E violations found, including: (i) error resolution violations; (ii) liability for unauthorized transfers; and (iii) notice deficiencies. The report outlines four main compliance issues identified in the mortgage servicing industry: (i) new mortgage servicing rules regarding oversight of service providers; (ii) delays in finalizing permanent loan modifications; (iii) misleading borrowers about the status of permanent loan modifications; and (iv) inaccurate communications regarding short sales. Finally, the report outlines six practices at student loan servicers that could constitute UDAAP violations: (i) allocating the payments borrowers make to each loan, which results in minimum late fees on all loans and inevitable delinquent statuses; (ii) inflating the minimum payment due on periodic and online account statements; (iii) charging late fees when payments were received during the grace period; (iv) failing to give borrowers accurate information needed to deduct loan interest payments on tax filings; (v) providing false information regarding the “dischargeable” status of a loan in bankruptcy; and (vi) making debt collection calls to borrowers outside appropriate hours.