Credit Reporting + Data Brokers

On January 11, the Consumer Financial Protection Bureau (CFPB or Bureau) issued two “advisory opinions” addressing the CFPB’s views of the obligations of consumer reporting agencies (CRAs) under the Fair Credit Reporting Act (FCRA). The advisory opinions are interpretive rules issued under the Bureau’s authority to interpret the FCRA pursuant to § 1022(b)(1) of the Consumer Financial Protection Act of 2010.

On December 8, the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) filed an amici curiae brief urging the U.S. Court of Appeals for the Fourth Circuit to reverse a district court’s decision finding that furnishers need not investigate indirect disputes involving purely legal questions under the Fair Credit Reporting Act (FCRA).

On December 15, the Consumer Financial Protection Bureau (CFPB) announced it had reached a settlement with medical debt collector Commonwealth Financial Systems, Inc. (Commonwealth) in its lawsuit over alleged illegal debt collection practices. Specifically, the CFPB alleged that Commonwealth failed to conduct reasonable investigations of disputes and violated the Fair Debt Collection Practices Act (FDCPA) by attempting to collect disputed debt without obtaining substantiating documentation. Under the settlement agreement, Commonwealth is banned from debt collection activities, must request CRAs to delete all consumer accounts to which it had previously furnished information, and must pay a $95,000 penalty to the CFPB’s victims relief fund.

On December 13, New York Governor Kathy Hochul signed into law S4907A, which prohibits hospitals, medical providers, or ambulance services from providing negative information about medical debt to consumer reporting agencies (CRAs). The law also requires that these entities include a provision in their contracts with collection agencies prohibiting the reporting of any portion of a medical debt to a CRA. Any debt that is reported to a CRA will be deemed void. The law became effective immediately after it was signed.

A U.S. District Court in the Southern District of California recently held that a Federal Rule of Civil Procedure 68 offer of judgment must clearly state that attorneys’ fees and costs are limited or waived, as Arvest Central Mortgage Company (Arvest) learned to its detriment. The plaintiff had a mortgage with Arvest, entered into a forbearance agreement, and made the payments on the property, but claimed Arvest inaccurately reported that he was late on his October 2020 payment. The plaintiff sued Arvest and nine other defendants for violations of the Fair Credit Reporting Act and California’s Consumer Credit Reporting Agencies Act, ultimately resolving his claims against all defendants except Arvest.

On November 9, a magistrate judge in the Northern District of Georgia issued a Report & Recommendation to grant a motion to dismiss because the plaintiff’s Fair Debt Collection Practices Act (FDCPA) claims were time-barred and the cause of action under the Fair Credit Reporting Act (FCRA) failed to state a claim.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

A U.S. District Court in the Western District of Wisconsin recently denied both the defendant and plaintiff’s summary judgment motions in a Fair Credit Reporting Act (FCRA) case, holding that the reasonableness of the defendant’s investigation of the plaintiff’s identity theft claim was a triable issue.

On October 19, the Consumer Financial Protection Bureau (CFPB) issued its highly anticipated notice of proposed rulemaking under Section 1033 of the Consumer Financial Protection Act of 2010 (CFPA). The proposed Personal Financial Data Rights Rule would require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ accounts, establish obligations for third parties accessing a consumer’s data, and provide basic standards for data access. Notably, the proposed rule only provides for narrow exceptions, such as community banks and credit unions that have no digital interface with their customers. The CFPB is currently accepting comments on the proposed rule until December 29, 2023.

On October 12, the U.S. District Court for the Northern District of Illinois denied certification of a putative class action asserting that TransUnion violated the Fair Credit Reporting Act (FCRA) and the Missouri Merchandising Practices Act (MMPA) by allegedly misleading consumers about the accuracy and popularity of VantageScore 1.0, TransUnion’s proprietary credit scoring model. The court held that the plaintiff was an inadequate class representative due to his lack of credibility, and the asserted class claims failed both the commonality and predominance prongs of Federal Rule of Civil Procedure (FRCP)23.