In Mowrer v. United States Department of Transportation, the U.S. Court of Appeals for the District of Columbia held that government immunity is waived under the FCRA, but also found that the Federal Motor Carrier Safety Administration (FMCSA) does not act as a consumer reporting agency (CRA) in distributing safety records of commercial truck drivers to prospective employers. No. 19-5321, 2021 U.S. App. LEXIS 28947 (D.C. Cir. Sep. 24, 2021). This decision is nuanced in that it suggests the potential to sue a government agency under the FCRA, but also establishes that the FMCSA is not a CRA.
The U.S. Department of Transportation is required to collect certain information on commercial drivers, including crash reports and roadside inspections, which is housed in the Motor Carrier Management Information System (MCMIS). FMCSA uses the MCMIS information for various government purposes, such as allocating grants to states to improve motor-carrier safety. Additionally, MCMIS information is used in a pre-employment screening program (PSP), which allows prospective employers to access the information and facilitate the pre-employment screening process. In Mowrer, the drivers alleged the FMCSA violated the FCRA by releasing PSP reports to prospective employers that included allegedly inaccurate driving citations, which negatively affected drivers’ ability to secure employment. The two truck drivers took issue with information provided to prospective employers through FMCSA’s MCMIS.
In recent years, the Fourth, Seventh, and Ninth circuits have dealt with whether sovereign immunity is waived under the FCRA. Both the Fourth and Ninth circuits have found immunity is not waived, while the Seventh Circuit has ruled in favor of immunity. The D.C. Circuit’s opinion furthers the divide by finding a waiver of sovereign immunity under the FCRA. In coming to a decision of whether the drivers could seek recovery from the FMCSA under the FCRA, the court first addressed whether Congress intended for the FCRA to apply to governmental entities. The court reasoned that Congress intended to waive immunity by zeroing in on how the FCRA defines “person” within the statutory text. The court noted the FCRA defines person as “any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency, or other entity.” Id. at *10. Agreeing with the Seventh Circuit’s reasoning, the court concluded that the FCRA waived sovereign immunity in Bormes v. United States, while stating that the Fourth and Ninth circuits’ arguments opposing waiver of sovereign immunity are “unpersuasive” in Robinson v. U.S. Department of Education and Daniel v. National Park Service. Id. at *11. The court noted that the Fourth and Ninth circuits support finding no waiver of immunity by citing to a provision within the FCRA that imposes separate liability for government entities that receive consumer information. Id. In contrast the court stated that “the fact that section 626 [of the FCRA] imposes liability only on federal agencies … says little about whether FCRA’s other causes of action cover the United States through broader language encompassing ‘any … government.'” Id.
After finding waiver of immunity, the court next turned to the question of whether the FMCSA acted as a CRA by furnishing PSP reports to prospective employers. For argument’s sake, the court assumed the PSP reports were “consumer reports” to analyze the more nuanced issue of whether the FMCSA can qualify as a CRA. The FCRA defines a CRA as a person regularly engaged in “the practice of assembling or evaluating consumer credit information or other information on consumers for purposes of furnishing consumer reports to third parties.” Id. at *11. Pointing to the history of the FMCSA’s use of “MCMIS data to inform its administration … for safety related activities … and to inform its own enforcement activit[ies],” the court found FMCSA’s sole purpose is not collecting data to give to future employers. Id. at *16. Since 1998 the FMCSA has collected MCMIS data for internal government purposes only. In 2005, the SAFE Transportation Act authorized “the Administration to release driver-safety records to prospective employers.” Id. Thus, because the FMCSA does not collect the MCMIS data solely for the benefit of prospective employers, the court concluded the FMCSA is not a CRA. The court also noted that since the SAFE ACT imposes four requirements for releasing MCMIS data to employers that parallel the FCRA, it suggests Congress put similar safeguards in place to those mentioned in the FCRA. Id. at *17. Thus, the court noted, applying the FCRA in addition to the SAFE Act requirements for regulating MCMIS data would be redundant. Id.
In a dissenting opinion, Judge Raymond Randolph disagreed with the majority’s decision to first address the question of sovereign immunity instead of examining the merits first. Randolph opines that “one may wonder how it can be that a statute waives the sovereign immunity of a federal agency when the statute does not even apply to the agency?” Id. at *45. Judge Randolph supports his stance that the court erred by deciding whether immunity was waived before assessing the merits of the case by pointing to what he saw as a muddled outcome reached by the court: The plaintiffs had the right to sue a government entity under the FCRA that, when judged on the merits, is not a CRA. Randolph said that other courts that evaluated the merits of a case prior to deciding whether waiver of immunity applied avoided an outcome that supported finding a government entity could be sued under the FCRA but still did not qualify as a CRA, and thus, no relief be accorded to the plaintiffs.
The D.C. Circuit’s opinion furthers the circuit split on the issue of whether the FCRA waives federal sovereign immunity. Additionally, Mowrer may serve as a guidepost for how courts may evaluate whether a government entity qualifies as CRAs. Mowrer suggests courts may look to whether the government entity is a CRA by looking to whether the entity is collecting consumer data solely for an internal rather than external purpose and whether the agency has safeguards in place that closely align with FCRA guidelines for protecting and verifying the accuracy of consumer data.