In Abdelfattah v. DHS, the D.C. Circuit held that credit information obtained by the Department of Homeland Security on a person of interest can constitute a consumer report under the Fair Credit Reporting Act.  Because DHS did not have a permissible purpose to obtain the information, it may be liable for an FCRA violation.

In Abdelfattah, the plaintiff was the subject of a multi-year investigation by various government agencies, including DHS.  In order to learn more about the investigation, the plaintiff ultimately submitted a FOIA request for information.  In response, he received various documents in the investigation file that included a list of his previous addresses, driver’s license numbers, credit card number, and notations of the type and issuer of the credit card.

The plaintiff brought a claim against DHS under the FCRA.  He claimed that the information DHS obtained constituted a consumer report.  He also claimed DHS violated the FCRA by obtaining the information without his consent and without a court order.  The court of appeals reversed the district court, finding that the information DHS obtained was governed by the FCRA.

According to the court, the government may obtain basic identifying information about a consumer without a permissible purpose.  If the government requires more detailed information, however, it must seek a court order.  In the court’s eyes, the information the government possessed constituted more than basic identifying information.  Because the plaintiff’s credit card number and the type of card to which it was attached reflected on the plaintiff’s “mode of living,” the court of appeals found that the information constituted a consumer report.

Although the Abdelfattah case dealt with the FCRA and its applicability to a government agency, the case serves as a reminder to private employers that the FCRA can often govern situations where its applicability is unexpected.