In Bickley v. Dish Network, the Sixth Circuit on May 13, 2014 affirmed the dismissal of a claim for violating the Fair Credit Reporting Act for accessing a credit report without a permissible purpose. Dish Network accessed the plaintiff’s credit report to investigate whether the person attempting to order satellite television service using plaintiff’s social security number was, in fact, the plaintiff or an identity thief. The Sixth Circuit held that verifying the identity of a consumer and assessing his eligibility for a service is a legitimate business need and therefore constitutes a permissible purpose under the FCRA.
In order to verify whether the imposter’s name and the plaintiff’s social security number matched, three credit reporting agencies were contacted. When the search indicated the name and social security number did not match, the imposter was turned down for service, and the plaintiff was notified of the incident. Despite the fact that the plaintiff was saved from becoming the victim of identity theft, he sued Dish Network for accessing his credit report without a “permissible purpose” under the FCRA.
The FCRA provides a private right of action against businesses that willfully or negligently access a consumer’s credit information without a “permissible purpose.” One such “permissible purpose” is when there is “a legitimate business need for the information . . . in connection with a business transaction that is initiated by the consumer.” Dish Network contended that it had a legitimate need, which was verifying the identity and qualification of the person attempting to order service. The plaintiff argued that he did not “initiate” the transaction and therefore Dish Network violated the FCRA.
In its opinion addressing an issue of first impression in the Sixth Circuit, the Court called the plaintiff’s argument “hollow” and noted that the plaintiff “blithely ignores that a consumer did initiate the transaction, and that Dish believed in good faith that [he] was ‘the consumer.’” The court found that Dish Network’s alleged conduct was consistent with the underlying purpose of the statute and stated that “[i]t also seems beyond dispute that a ‘legitimate business need’ exists to prevent identity theft.” In reaching this conclusion, the Sixth Circuit “reject[ed] the contention that a company, dealing with an imposter purporting to be the consumer, should be held liable when the company attempts in good faith to verify the consumer’s identity and eligibility for commercial services.”