The Federal Trade Commission continues to aggressively enforce the Fair Credit Reporting Act (FCRA) against data brokers, as shown by its recent settlement with TeleCheck Services, Inc. The settlement requires TeleCheck to pay a $3.5 million civil penalty (matching the FTC’s second largest penalty in a FCRA case).
TeleCheck, a check authorization service company, is deemed a “data broker” by the FTC because it compiles, maintains, and sells sensitive consumer information. The FTC also deems the check authorization recommendations that TeleCheck provides to merchants to be “consumer reports,” making TeleCheck a “consumer reporting agency” (CRA) under the FCRA.
The FTC’s press release announcing the TeleCheck settlement describes the matter as “part of a broader initiative to target the practices of data brokers.” According to recent FTC testimony to Congress, that initiative includes ongoing examination of data broker privacy practices as well as aggressive enforcement. Recent FTC enforcement activity has included warning letters to providers of rental histories and an enforcement action against an employment background screening company. Like the TeleCheck settlement, all of these actions focus on data broker compliance with the FCRA.
The FCRA requires a merchant who rejects a consumer’s check based on TeleCheck’s recommendation to give the consumer an adverse action notice. In addition to other mandated disclosures, the notice must advise the consumer that the rejection was based on TeleCheck’s information and that the consumer has the right to dispute that information with TeleCheck.
The FTC’s complaint charged that TeleCheck violated the FCRA’s requirement for it to conduct, upon receiving a consumer’s dispute, a reasonable reinvestigation to determine the accuracy of the disputed information. Among TeleCheck’s alleged unlawful actions were:
- Incorrectly informing consumers that the FCRA only allows them to dispute the transaction amount or date and whether services were rendered
- Instructing consumers who stated that they did not authorize a transaction to, under certain circumstances, contact the merchant rather than initiating a reinvestigation by TeleCheck
- Under certain circumstances, refusing to reinvestigate and/or clear information disputed by a consumer alleging fraud unless the consumer provided a police report identifying the suspect and agreed to participate in the suspect’s prosecution
The complaint also alleges that TeleCheck failed to comply with various FCRA timing requirements for reinvestigations. These requirements include the 30- or 45-day periods for completing reinvestigations, as well as the five-business-day time period for notifying furnishers of disputed information and notifying consumers of the results of either a completed reinvestigation or when a reinvestigation was terminated because the dispute was determined to be frivolous or irrelevant. In addition, TeleCheck was alleged to have failed to promptly correct errors in its consumer files.
A debt collector affiliated with TeleCheck also was charged with violating the FCRA. The FTC alleged that the collector failed to comply with the FTC’s “Furnisher Rule,” which requires furnishers of consumer information to CRAs to establish and implement reasonable procedures regarding such information and consider the rule’s guidelines. The complaint alleges that the debt collector failed to consider the guidelines in its written policies and procedures regarding the accuracy of information it furnished to TeleCheck. In addition to payment of the $3.5 million civil penalty, the settlement includes injunctive relief that requires TeleCheck and the collector to comply with relevant FCRA and Furnisher Rule requirements.
Attorneys in Ballard Spahr’s Consumer Financial Services and Privacy and Data Security Groups regularly advise clients on FCRA compliance and defend clients in FCRA lawsuits.
The Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws, and its skill in litigation defense and avoidance (including pioneering work in pre-dispute arbitration programs).
The Privacy and Data Security Group includes experienced lawyers who help clients navigate the many laws designed to safeguard health, financial, and other private information; counsel clients on compliance, data mining, online marketing, and mobile privacy; and assist clients in responding to security breaches.
For more information, please contact CFS Practice Leader Alan S. Kaplinsky at 215.864.8544 or firstname.lastname@example.org, John L. Culhane, Jr., at 215.864.8535 or email@example.com, or Privacy and Data Security Group Leader Mercedes Kelley Tunstall at 202.661.2221 or firstname.lastname@example.org.
Copyright © 2014 by Ballard Spahr LLP.
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.