In 2011 and 2013, Peri Domante’s personal information was stolen and fraudulently used to open two accounts with Dish Networks, LLC (“Dish”), a provider of television services. After being alerted to the fraud, Domante sued Dish for violation of the Fair Credit Reporting Act (“FCRA”).  The parties settled the lawsuit.  A part of the agreement, Dish promised to flag Domante’s Social Security number to preclude further unauthorized attempts to obtain Dish services. To implement this provision, Dish entered Domante’s personal information, including her date of birth and Social Security number, into an internal system designed to prevent unauthorized accounts from being opened.

In 2017, an unknown individual applied online for a Dish account using the last four digits of Domante’s Social Security number, date of birth, and first name, while using a different last name, address, and telephone number. Dish’s automated system submitted the applicant’s information to a consumer reporting agency (“CRA”) to verify the individual’s identity. The CRA matched this information with Domante and returned her credit report to Dish, which included Domante’s full Social Security number. Dish then blocked the application, and no Dish account was opened in Domante’s name.  Dish also requested that the CRA delete the inquiry from Domante’s credit record, and the CRA complied.

Domante sued Dish in the U.S. District Court for the Middle District of Florida, alleging that Dish negligently and willfully obtained her credit report without a “permissible purpose” in violation of § 1681b of the FCRA.

The trial court granted summary judgment in favor of Dish, ruling that it had a legitimate business need to verify the information that was submitted to determine the eligibility of the applicant.

On appeal to the U.S. Court of Appeals for the Eleventh Circuit, Domante argued that that Dish did not have a legitimate business need to pull her credit report because Dish either knew or should have known that Domante had not initiated the business transaction because of their prior settlement agreement.

In affirming the district court’s ruling, the Eleventh Circuit noted that, when the account application was submitted, Dish had only the last four digits of the provided Social Security number, not the full number. Dish depended in part on the CRA’s credit report to verify the identity of the applicant so that it could obtain the full Social Security number for cross-checking with its internal records. In reaching this conclusion, the Eleventh Circuit followed the Sixth Circuit’s reasoning in Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014), which held that requesting and obtaining a consumer report for verification and eligibility purposes is a “legitimate business need” under the FCRA.

A copy of the decision can be accessed by clicking here.