Credit Reporting & Data Brokers

A recent Virginia Supreme Court decision, The Game Place, L.L.C. v. Fredericksburg 35, LLC, 813 S.E.2d 312 (Va. 2018), highlights the long-standing statutory requirement for using a deed of lease, affixing a corporate seal, or utilizing acceptable seal substitutes in long-term leases.  In Game Place, the Supreme Court of Virginia ruled that a fifteen-year lease was unenforceable under Virginia’s Statute of Conveyances, which requires that any freehold in land for a term of more than five years, including leases, be accomplished by deed or will.  The Court found that the subject lease was not in the form of a deed and the lessor-lessee relationship could therefore only be enforced as a month-tomonth tenancy against the tenant.  The tenant was current in their rent payments when they terminated the lease and vacated the premises; thus, the Court found the tenant had no ongoing payment obligations owed to the landlord. 

The Statute of Conveyances, Va. Code § 55-2, states: “No estate of inheritance or freehold or for a term of more than five years in lands shall be conveyed unless by deed or will.”  At common law, deeds in Virginia required a wax-imprinted seal or a scroll.  The Virginia legislature has statutorily recognized acceptable substitutes for a formal seal, contained in Va. Code § 11-3.  The substitutes include:  (1) a scroll; (2) an imprint or stamp of a corporate or official seal; (3) the use in the body of the documents of the words “this deed” or “this indenture” or other words importing a sealed instrument or recognizing a seal; and (4) a proper acknowledgement “by an officer authorized to take acknowledgements of deeds.” 

Virginia Practice Tip:  In light of this decision, it is clear under Virginia law that leases with a term of more than five years that do not comport with the Statute of Conveyances may be deemed unenforceable.  Commercial landlords and lenders with loans secured by lease agreements should confirm that the leases comprising or securing their transactions have a formal seal or one of the alternatives available under Va. Code § 11-3.  To the extent a lease for a period longer than five years lacks a seal or language importing a deed of lease as permitted by Va. Code § 11-3, the parties should consider requiring an amendment to the lease agreement, whereby landlord and tenant recognize formally that the lease is a sealed document and/or deed of lease from its effective date.

On June 21, the United States District Court in Oregon dismissed a plaintiff’s class action complaint alleging his potential employer violated the disclosure and pre-adverse action notification requirements of the Fair Credit Reporting Act (“FCRA”).            

Plaintiff Daniel Walker applied for employment with defendant Fred Meyer, Inc.  As part of the application process, Fred Meyer provided Walker with a disclosure form and an authorization form regarding its intent to procure a background report on Walker.  Thereafter, Fred Meyer obtained from a background screening company a report that contained negative information on Walker.  Fred Meyer provided a pre-adverse action notice to Walker, explaining that he could contact the background screening company about issues regarding the report.  

The Court’s well-reasoned opinion laid out Walker’s baseless arguments and then systematically dismantled them.  Walker claimed the consumer report disclosure language was overshadowed by information about investigative consumer reports, which differ from general consumer reports.  Fred Meyer’s disclosure mentioned both reports in the single initial disclosure without distinguishing between the two.  However, the disclosure then set out a consumer report disclosure and did not mention a potential investigative report until the final paragraph, which stated “If [the background screening company] obtains any information by interview, you have the right to obtain a complete and accurate disclosure of the scope and nature of the investigation performed.”  Contrary to Walker’s argument, the Court found this sentence in fact emphasized that the disclosure was not itself an investigative report disclosure.

Likewise, the Court rejected Walker’s claim that the authorization form was unlawful because it was “riddled with extraneous information.”  The Court differentiated the requirements for the authorization and the disclosure, noting that the statute does not require the authorization to consist solely of the authorization.  The Court also found presenting the disclosure as a separate document along with the authorization “did not destroy the stand-alone character of the disclosure.” 

Walker’s pre-adverse action notice claims did not fare any better.  Walker claimed Fred Meyer violated the statute by only directing him to discuss his report with the background screening company.  Although the Court found he had Article III standing to bring this claim, it rejected the argument on the merits.  The Court found no support suggesting that Fred Meyer’s notice violated the FCRA because it did not inform Walker he could contact the employer directly, or the date by which he must do so.

This opinion highlights the importance of carefully following the requirements of the FCRA when obtaining a background report on prospective employees.  Fred Meyer defeated Walker’s claim because it provided disclosure and authorization notices in separate documents, apart from a job application or employee manual.  

On June 6, the Consumer Advisory Board’s twenty-two members were informed that they would no longer serve on the CAB and could not reapply for their former positions.

Through June 5, the Consumer Financial Protection Bureau had four advisory bodies: the Academic Research Council, the Community Bank Advisory Council, the Credit Union Advisory Council, and the Consumer Advisory Board. By law, the CFPB must meet twice a year with the CAB to discuss trends in the financial industry, regulations, and the impact of financial products and practices on consumers. Tellingly, the CFPB’s acting director, Mick Mulvaney, has canceled several meetings between the CFPB and its advisory groups during his short tenure.

For the CAB’s former members, the coup de grace came on June 6 when, in an afternoon call, Anthony Welcher, the Bureau’s recently hired Policy Associate Director for External Affairs, informed them that they were terminated. This move came after several members criticized Mulvaney’s leadership and implored him to keep this week’s scheduled—and just cancelled—meeting on the books.

“We’re going to start the advisory groups with sort of a new membership, to bring in these new perspectives for these new dialogues,” Welcher said on the call. “We’re going to be using the current application cycle to populate these memberships in the new groups. So we’re going to be transitioning these current advisory groups over the next few months.”

In the memo announcing the members’ terminations, the CFPB defended this “[r]evamping” as necessary to “increase high quality feedback” and mentioned plans to hold more town halls and roundtable discussions and reduce the new CAB’s ranks. As a later released statement argued, “[b]y both right-sizing its advisory councils and ramping up outreach to external groups, the Bureau will enhance its ability to hear from consumer, civil rights, and industry groups on a more regular basis.” In response to press queries, a CFPB spokesman not only denied the members’ characterization of the agency’s action—“The Bureau has not fired anyone”—but also accused these “outspoken” officials of “seem[ing] more concerned about protecting their taxpayer funded junkets to Washington, D.C., and being wined and dined by the Bureau than protecting consumers.”

On May 22, Vermont passed the nation’s most expansive data broker legislation in an effort to provide consumers with more information about data brokers, their data collection practices, and consumers’ right to opt out.

The legislation, which in part takes effect on January 1, 2019, defines “data brokers” to mean “a business … that knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom the business does not have a direct relationship.” While this definition appears to be broad in scope, the controlling test to determine whether a business is a “data broker” is whether the sale or license of data is merely incidental to the business.  If the sale or license of data is merely incidental, the business would likely not be considered a data broker.

The legislation takes note of the fact that there are important differences between data brokers and businesses with whom consumers have a direct relationship.  Specifically, it finds that consumers who have a direct relationship with traditional and e-commerce businesses typically have some level of knowledge and control over the businesses’ data collection practices, including the choice to use the businesses’ products or services and the ability to opt out of certain data collection practices.  By contrast, however, consumers may not be aware that data brokers are collecting information about them or that they even exist.  As such, the new law aims to provide consumers with necessary information about data brokers, including information about their data collection activities, opt-out policies, purchaser credentialing practices, and security breaches.

Once the enacted legislation goes into effect, data brokers will be required to:

  1. Annually register with the Secretary of State and pay a registration fee of $100.00.  Notably, registration would only be required if, in the prior year, the data broker collected and licensed or sold to a third party the personal information of a Vermont consumer.
  2. Annually disclose the following information about its data collection practices:

a.  Whether the data broker permits a consumer to opt out of the data broker’s collection of brokered personal information, opt out of its databases, or opt out of certain sales of data;

b.  A statement specifying the data collection, databases, or sales activities from which a consumer may not opt out;

c.  A statement whether the data broker implements a purchaser credentialing process;

d.  The number of data security breaches experienced during the previous year, and if known, the total number of consumers affected by the breaches; and

e.  The data broker’s collection practices as it relates to minors.

  1. Develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards appropriate for the size, scope, and type of business of the data broker.  Notably, a violation of the legislation’s information security requirements will constitute an “unfair and deceptive act” for which the Attorney General is authorized to bring an enforcement action.

Attorney General T.J. Donovan applauded lawmakers for the passage of the law and stated that “the state has a strong public safety interest in transparency, data security, and consumer protection generally with respect to commercial interests that elect to engage in the business of buying and selling consumer data without the consumer’s knowledge.”  And while “transparency of information is great when it comes to government,” said Vermont Secretary of State Jim Condos, it is not “for individuals and their personal information.”

On June 7, the Federal Trade Commission issued a public notice regarding the Economic Growth, Regulatory Relief, and Consumer Protection Act, which goes into effect on September 21, 2018.  The new law mandates that the three major credit reporting agencies set up webpages to allow consumers to request one-year fraud alerts and credit freezes.  The FTC will post links to those webpages on IdentityTheft.gov.

The law requires any credit freeze to be free of charge – nationwide.  Currently, some credit freezes may involve fees under state law.  The new law also allows consumers to freeze a child’s credit file until the child is 16 years of age.

Further, consumers will be allowed to request one-year fraud alerts, which are currently set at 90 days. An initial fraud alert will still be free, and identity theft victims can still get an extended fraud alert for seven years. For military servicemembers, the new law provides more.  Within a year, credit reporting agencies must offer free electronic credit monitoring to all active duty military.

Troutman Sanders will continue to monitor these developments and provide any further updates as they are available.

 

On May 31, the Fourth Circuit Court of Appeals affirmed a $150,000 sanctions award against three consumer attorneys and their law firms for bad faith conduct and misrepresentations.

The opinion reads like a detective story and lays out, in the Court’s own words, “a mosaic of half-truths, inconsistencies, mischaracterizations, exaggerations, omissions, evasions, and failures to correct known misimpressions created by [consumer attorneys’] own conduct that, in their totality, evince lack of candor to the court and disrespect for the judicial process.”

The litigation arose from a payday loan that plaintiff James Dillon obtained from online lender Western Sky.  Later, Dillon engaged attorneys Stephen Six and Austin Moore of Stueve Siegel Hanson LLP and Darren Kaplan of Kaplan Law Firm, PC who filed a putative class action against several non-lender banks that processed loan-related transactions through the Automatic Clearing House network.  Defendant Generations Community Federal Credit Union promptly moved to dismiss Dillon’s lawsuit on the basis of the loan agreement’s arbitration clause.  In response, Dillon challenged authenticity of the loan agreement and a two-year-long dispute ensued during which the district court refused to send the case to arbitration based on Dillon’s authenticity challenge; Generations appealed the district court’s decision; and the Fourth Circuit vacated it and remanded the case for further proceedings on the arbitration issue.  Significantly, when questioned by both the district court and the Fourth Circuit, Six maintained authenticity challenge and represented that he had drafted the complaint without the loan agreement and that Dillon’s claims do not rely on the loan agreement.

Six’s representations regarding the contents of the complaint were problematic given the complaint specifically referenced the loan agreement and its terms.  Evidence uncovered during arbitration-related discovery showed that Dillon possessed the loan agreement all along and, crucially, that he supplied his counsel with a copy of the agreement a week before the complaint was filed.  The latter piece of evidence was discovered only as a result of forensic examination of Dillon’s computer.  Once this evidence came to light, Dillon responded to Generations’ requests for admissions that the loan agreement was authentic.

Generations moved for sanctions against Dillon’s attorneys.  Instead of admitting their wrongdoing, Kaplan argued that there was never any challenge to authenticity, and Six argued that he still doubted authenticity even though he signed Dillon’s admissions that the loan agreement was authentic.  Invoking its inherent authority to punish bad faith behavior, the district court sanctioned Six, Kaplan, and their law firms jointly, ordering them to pay the defendants $150,000 in attorneys’ fees.  Moore was held liable jointly for only $100,000 of the total amount due to his lesser role in the bad-faith conduct.  The lawyers appealed.

The Fourth Circuit summarily rejected their arguments that neither the rules of ethics nor the Federal Rules of Civil Procedure required them to disclose the copy of the loan agreement before discovery commenced.  “These arguments miss the point.  Counsel are not being sanctioned for their failure to disclose the Dillon copy of the Western Sky loan agreement.  Rather, counsel are being sanctioned for raising objections in bad faith—simultaneously questioning (and encouraging the district court to question) the authenticity of a loan agreement without disclosing that the Plaintiff provided them a copy of that loan agreement before the complaint was filed.”

Discovery in consumer litigation is often asymmetrical and focuses on defendants’ obligations.  This opinion is a good reminder that the rules apply to plaintiffs too and that the courts will not condone a “crusade to suppress the truth to gain a tactical advantage.”

Many employers use background checks when evaluating potential candidates for hire.  They do this for a variety of reasons, from basic due diligence to a desire to avoid negligent hiring claims in the future.  If an employer intends to use this employment background check – often referred to as a consumer report – to take adverse action against the candidate, it must generally comply with the Fair Credit Reporting Act (“FCRA”) when doing so.   

Specifically, when “using a consumer report for employment purposes, before taking any adverse action based in whole or in part on the report, the person intending to take such adverse action shall” provide the candidate with a copy of the report and a summary of rights.  Courts typically regard this disclosure requirement as the employer’s obligation, not the obligation of the consumer reporting agency providing the report.  Surprisingly, in Doe v. Trinity Logistics, the District Court for the District of Delaware reached a conflicting conclusion – at least at the pleadings stage. 

In Doe, the plaintiff applied for a job at Trinity Logistics in August 2016.  She claims that Trinity ordered a consumer report from Pinkerton Consulting and Investigations as part of the hiring process, which Pinkerton “flagged” as having adverse information before providing it to its client.  When Pinkerton failed to provide the plaintiff with a copy of her consumer report and summary of rights before Trinity took adverse action, the plaintiff claimed that Pinkerton violated the FCRA’s pre-adverse action obligations.  Pinkerton disagreed, arguing that the plaintiff’s position was contrary to the FCRA, which requires the person “using” the consumer report to provide the disclosures. 

The Court disagreed with Pinkerton at the pleadings stage.  According to the Court, the plaintiff adequately pled that Pinkerton and Trinity had “shared decision-making responsibility,” which could impart pre-adverse action obligations on Pinkerton.  As a result, it declined to dismiss the pre-adverse action claim against Pinkerton. 

The Court’s decision in Doe is contrary to the generally accepted principle that a consumer reporting agency does not become a “user” of a consumer report by simply providing the report to its customer.  The decision bears watching, though, as allegations of “joint use” could catch on if the Doe decision gains traction with other courts.

On May 29, the Ninth Circuit ruled that an end-user’s misuse of reported information does not render a credit reporting agency’s report inaccurate for purposes of liability under the Fair Credit Reporting Act.  The Court affirmed the district court’s grant of summary judgment in the putative class action case brought against a national credit reporting agency (“CRA”). 

The action centered on the CRA’s reporting of short sales and foreclosures.  In reporting a short sale, the CRA coded the account with a “9-68.”  The lead code of “9” indicated “Settled” and the “68” indicates “Acct legally paid in full for less than the full balance.”  In reporting a foreclosure, the CRA coded the account with an “8-94,” indicating “Creditor Grantor reclaimed collateral to settle defaulted mortgage.” 

Although the CRA reported the two types of accounts distinctly, Fannie Mae’s software, Desktop Underwriter, treated the codes the same.  Desktop Underwriter identified a mortgage account as a foreclosure if it included a lead code of either 8 or 9.  Fannie Mae “knew from the instructions [the CRA] had provided that code 9 did not represent a foreclosure, and that it was ‘necessarily capturing accounts there were not actually foreclosures.’”  Merging the two codes had significant adverse consequences, as consumers with a short sale were subject to a seven-year waiting period for another mortgage, rather than a two-year waiting period that normally applies to short sales. 

Despite Fannie Mae’s alleged misuse of the reported information, plaintiffs John Shaw, Kenneth Coke, and Raymond Rydman brought a putative class action against the CRA.  They alleged the CRA violated § 1681e(b) in failing to follow reasonable procedures to ensure maximum accuracy, § 1681i in failing to conduct a reasonable investigation, and § 1681g in failing to fully disclose their files. 

In a well-reasoned opinion, the Ninth Circuit refused to impose liability on the CRA for Fannie Mae’s supposed misuse of its report.  The Court first disposed of the §§ 1681e(b) and 1681i claims by concluding the reports were not inaccurate.  In doing so, the Court examined whether the report was “misleading in such a way and to such an extent it could be expected to adversely affect credit decisions.”  Noting the CRA’s technical manuals “unambiguously” stated the coding referred to a short sale, Fannie Mae’s treatment of the codes “does not render [the CRA’s] reporting misleading.”  Any inaccuracy was due to Fannie Mae’s mistreatment, not the CRA’s own inaccuracies. 

Likewise, the Court flatly rejected the plaintiffs’ argument that the CRA could be held liable because it knew Fannie Mae misused the data.  The Court found no support for the suggestion that a CRA “must amend its reporting system when a subscriber disregards its technical manuals in order to avoid liability.”   

The plaintiffs’ failuretodisclose claim under § 1681g met a similar fate.  The plaintiffs’ chief complaint with the CRA’s file disclosure to its consumers was that it displayed information differently than it did when reporting to customers.  However, as the Court found, the CRA fulfilled its duties under § 1681g to make a clear disclosure.  Use of its proprietary coding system would have run afoul of that requirement by confusing the consumer. 

This decision shows that even in the plaintiff-friendly Ninth Circuit, a CRA’s liability has bounds.  It also demonstrates the importance of a CRA clearly explaining its coding system to its customers.  The CRA’s clear explanations within its technical manuals allowed it to escape liability for its customer’s misinterpretation of the coding system.        

 

On Wednesday, May 23, from 3 – 4 pm ET, Troutman Sanders attorneys, Alan Wingfield, Wendy Sugg, and Meagan Mihalko presented a webinar discussing employment-purpose background screening laws. The federal Fair Credit Reporting Act imposes technical paperwork requirements on employers desiring to obtain background screenings, and many millions of dollars have been paid in individual and class actions based on alleged failures to comply. State analog laws to the FCRA impose their own procedural requirements. State and local “ban the box” laws regulate when and how an employer can request and use background reports on potential hires. The federal Equal Employment Opportunity Act has been used by regulators to attack employer screening policies that allegedly have a discriminatory effect against protected groups. Some states and localities regulate the type of background information, particularly criminal history, that can be collected and used. Meanwhile, tort law remains ready to impose large damages on an employer who is found, after the fact, to have not conducted an adequate background check on employees. Rather than digging deeply into a single legal aspect of background screening, this webinar is designed to give a holistic overview of the entire legal landscape affecting employment-purpose background screening. Companies and professionals who are charged with developing effective compliance strategies for their background screening activities need to have the entire legal context in mind, and our webinar is designed to survey that context and provide guidance for compliance.

To access the recording, click here.

 

On Wednesday, May 23, from 3 – 4 pm ET, Troutman Sanders attorneys, Alan Wingfield, Wendy Sugg, and Meagan Mihalko will present a webinar discussing employment-purpose background screening laws. The federal Fair Credit Reporting Act imposes technical paperwork requirements on employers desiring to obtain background screenings, and many millions of dollars have been paid in individual and class actions based on alleged failures to comply. State analog laws to the FCRA impose their own procedural requirements. State and local “ban the box” laws regulate when and how an employer can request and use background reports on potential hires. The federal Equal Employment Opportunity Act has been used by regulators to attack employer screening policies that allegedly have a discriminatory effect against protected groups. Some states and localities regulate the type of background information, particularly criminal history, that can be collected and used. Meanwhile, tort law remains ready to impose large damages on an employer who is found, after the fact, to have not conducted an adequate background check on employees. Rather than digging deeply into a single legal aspect of background screening, this webinar is designed to give a holistic overview of the entire legal landscape affecting employment-purpose background screening. Companies and professionals who are charged with developing effective compliance strategies for their background screening activities need to have the entire legal context in mind, and our webinar is designed to survey that context and provide guidance for compliance.

One hour of CLE credit is pending.

To register, click here.