Credit Reporting + Data Brokers

On December 15, the Consumer Financial Protection Bureau (CFPB) announced it had reached a settlement with medical debt collector Commonwealth Financial Systems, Inc. (Commonwealth) in its lawsuit over alleged illegal debt collection practices. Specifically, the CFPB alleged that Commonwealth failed to conduct reasonable investigations of disputes and violated the Fair Debt Collection Practices Act (FDCPA) by attempting to collect disputed debt without obtaining substantiating documentation. Under the settlement agreement, Commonwealth is banned from debt collection activities, must request CRAs to delete all consumer accounts to which it had previously furnished information, and must pay a $95,000 penalty to the CFPB’s victims relief fund.

On December 13, New York Governor Kathy Hochul signed into law S4907A, which prohibits hospitals, medical providers, or ambulance services from providing negative information about medical debt to consumer reporting agencies (CRAs). The law also requires that these entities include a provision in their contracts with collection agencies prohibiting the reporting of any portion of a medical debt to a CRA. Any debt that is reported to a CRA will be deemed void. The law became effective immediately after it was signed.

A U.S. District Court in the Southern District of California recently held that a Federal Rule of Civil Procedure 68 offer of judgment must clearly state that attorneys’ fees and costs are limited or waived, as Arvest Central Mortgage Company (Arvest) learned to its detriment. The plaintiff had a mortgage with Arvest, entered into a forbearance agreement, and made the payments on the property, but claimed Arvest inaccurately reported that he was late on his October 2020 payment. The plaintiff sued Arvest and nine other defendants for violations of the Fair Credit Reporting Act and California’s Consumer Credit Reporting Agencies Act, ultimately resolving his claims against all defendants except Arvest.

On November 9, a magistrate judge in the Northern District of Georgia issued a Report & Recommendation to grant a motion to dismiss because the plaintiff’s Fair Debt Collection Practices Act (FDCPA) claims were time-barred and the cause of action under the Fair Credit Reporting Act (FCRA) failed to state a claim.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

A U.S. District Court in the Western District of Wisconsin recently denied both the defendant and plaintiff’s summary judgment motions in a Fair Credit Reporting Act (FCRA) case, holding that the reasonableness of the defendant’s investigation of the plaintiff’s identity theft claim was a triable issue.

On October 19, the Consumer Financial Protection Bureau (CFPB) issued its highly anticipated notice of proposed rulemaking under Section 1033 of the Consumer Financial Protection Act of 2010 (CFPA). The proposed Personal Financial Data Rights Rule would require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ accounts, establish obligations for third parties accessing a consumer’s data, and provide basic standards for data access. Notably, the proposed rule only provides for narrow exceptions, such as community banks and credit unions that have no digital interface with their customers. The CFPB is currently accepting comments on the proposed rule until December 29, 2023.

On October 12, the U.S. District Court for the Northern District of Illinois denied certification of a putative class action asserting that TransUnion violated the Fair Credit Reporting Act (FCRA) and the Missouri Merchandising Practices Act (MMPA) by allegedly misleading consumers about the accuracy and popularity of VantageScore 1.0, TransUnion’s proprietary credit scoring model. The court held that the plaintiff was an inadequate class representative due to his lack of credibility, and the asserted class claims failed both the commonality and predominance prongs of Federal Rule of Civil Procedure (FRCP)23.

A new enforcement action provides more detail on the expectations of the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) for the content of tenant screening reports.

The Third Circuit Court of Appeals overruled a district court’s reading of an exception into §1681s-2(b) of the Fair Credit Reporting Act (FCRA) that would allow a furnisher discretion to refuse to investigate an indirect dispute it deems frivolous or irrelevant. Instead, the Third Circuit held that a furnisher must investigate even frivolous indirect disputes — disputes submitted by a consumer first to a consumer reporting agency (CRA) that are then transmitted by the CRA to the furnisher. A copy of the decision can be found here.