Photo of Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings are joined by Partners Cindy Hanson and Ron Raether to discuss recent CFPB advisory opinions on accuracy in background check reports and the inclusion of data sources in response to consumer file disclosure requests. They delve into the challenges companies face in obtaining accurate information from public record sources and the implications of the CFPB’s guidance for the industry. The conversation also highlights the importance of effective dispute processes and vendor relationships in ensuring compliance. Tune in for insightful commentary on these critical issues in the FCRA compliance environment.

On February 8, the U.S. Supreme Court issued a unanimous decision in Department of Agriculture Rural Development Rural Housing Service (USDA) v. Kirtz, holding that the Fair Credit Reporting Act’s (FCRA) clear statutory text indicates a government agency can be sued for a FCRA violation. The decision resolved a circuit split. The D.C., Third, and Seventh Circuits have allowed FCRA litigation against government agencies, but the Fourth and Ninth Circuits have found governmental immunity prevents such suits.

In Career Counseling, Inc. v. Amerifactors Financial Group, LLC, the U.S. Court of Appeals for the Fourth Circuit upheld a district court’s decision denying class certification in a Telephone Consumer Protection Act (TCPA) case on the basis that the plaintiff failed to satisfy Rule 23’s “implicit further requirement of ascertainability.” The Fourth Circuit also upheld summary judgment against the defendant as to the individual claim finding the defendant was indeed the “sender” of the fax at issue. Each finding is discussed more fully below.

Please join us for a special cross-over episode of FCRA Focus and The Consumer Finance Podcast, where Troutman Pepper Partners Chris Willis, Dave Gettings, Kim Phan, and Ron Raether look at the latest developments in the CFPB’s FCRA rulemaking process. Topics include:

On October 24, the Biden-Harris administration announced amendments to the regulations implementing title IV of the Higher Education Act of 1965 (HEA). According to the fact sheet, the amendments are intended to allow the Department of Education (ED) to better protect students from the negative effects of sudden college closures, restrict colleges from withholding course credits paid for with federal money from students’ transcripts, require colleges to clearly communicate how much financial aid students will receive, and provide a more streamlined process for states to approve postsecondary opportunities for students without a high school diploma or its equivalent. The amended regulations will take effect on July 1, 2024.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests through a central “deletion mechanism” managed by the California Privacy Protection Agency (CPPA). The law also empowers consumers to request deletion of their personal information from all registered data brokers with a single submission.

On October 12, the U.S. District Court for the Northern District of Illinois denied certification of a putative class action asserting that TransUnion violated the Fair Credit Reporting Act (FCRA) and the Missouri Merchandising Practices Act (MMPA) by allegedly misleading consumers about the accuracy and popularity of VantageScore 1.0, TransUnion’s proprietary credit scoring model. The court held that the plaintiff was an inadequate class representative due to his lack of credibility, and the asserted class claims failed both the commonality and predominance prongs of Federal Rule of Civil Procedure (FRCP)23.

A new enforcement action provides more detail on the expectations of the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) for the content of tenant screening reports.

As discussed here, on September 21 the Consumer Financial Protection Bureau (CFPB) released an outline of its plans for rulemaking under the Fair Credit Reporting Act (FCRA). The outline was supplied for initial comment to a panel of small business representatives convened under the Small Business Regulatory Enforcement Fairness Act (SBREFA).