Last month’s post was about Bailey v. FNMA, and the question of whether a mortgage company can pull a credit report on a mortgage borrower, even after the borrower has discharged his mortgage in bankruptcy. Soon after I wrote it, I heard from a lawyer in California who pointed out an issue that I hadn’t mentioned, namely, the law on when and why a debt can keep being reported, even though it has been discharged in bankruptcy. With thanks to my correspondent for the inspiration (and for a couple of case cites that got me started), I will address that issue here.
The issue is: Can creditors and consumer reporting agencies report a consumer’s pre-bankruptcy debts, even after those debts have been discharged in bankruptcy? This is not a hypothetical question: I was recently involved in a case that presented this issue (i.e., the defendant reported that a judgment against plaintiff was open and unsatisfied, and plaintiff contended that the reporting was inaccurate because the judgment had been discharged in bankruptcy). What have the courts said about reporting debts that have been discharged?
My correspondent noted that in several bankruptcy cases, the bankruptcy courts have clarified that a bankruptcy discharge doesn’t wipe away the debt or reduce the balance to zero; the discharge merely enjoins the creditor from trying to make the discharged debtor pay it. These bankruptcy courts have held that when a creditor continues to report a discharged debt as due and owing, the creditor is NOT attempting to collect the debt and is therefore NOT violating the discharge injunction. See Small v. Univ. of KY, No. 08-52114, 2011 Bankr. LEXIS 1868, at *12 (E.D. Ky. Bankr. May 13, 2011); Vogt v. Dynamic Recovery Servs. (In re Vogt), 257 B.R. 65 (Bankr. D. Colo. 2000).
The Vogt court explained, helpfully, that:
It is apparent from the complaint in this case that the Plaintiffs believe that the effect of the order of discharge is to wipe away the debt. But that clearly is not the case … the discharge does not wipe away the debt. It only serves to eliminate the debtor’s personal responsibility to pay the debt.
The distinction is important, because the initial suggestion here is that the Defendant was somehow in error, or, perhaps, in violation of some provision of the Bankruptcy Code, when it continued to report that, in its records, the Dallas debt was still due and owing, notwithstanding the order of discharge in the Plaintiffs’ bankruptcy case. But the Court cannot fault the Defendant for taking this position.
In re Vogt, 257 B.R. at 70.
Federal district courts have recently made the same point. In Abeyta v. Bank of Am., N.A., No. 15-cv-02320, 2016 U.S. Dist. LEXIS 43602, (D. Nev. Mar. 30, 2016), a plaintiff alleged that because she filed for bankruptcy in 2010, and was discharged in 2014, a number of creditors and CRAs violated the FCRA by reporting that she had had a “major delinquency” on her debts back in 2010. The defendants moved to dismiss an amended complaint, and the court granted their motion, because: a) “Plaintiff did not allege that the fact of the previous delinquency was untrue”; b) “bankruptcy does not prevent the reporting of debt”; and c) “the Bankruptcy Code prevents certain collection activities, but it does not alter the fact of delinquency.” Id. at ** 5, 7-8; see also Riekki v. Bayview Fin. Loan Servicing, No. 2:15-CV-2427, 2016 U.S. Dist. LEXIS 99527 (D. Nev. July 28, 2016) (following Abeyta and granting motion to dismiss).
Long story short, “Bankruptcy does not prevent the reporting of a previous debt. If the fact of the previous delinquency in this case is true, the FCRA explicitly declines to prohibit its reporting for at least seven years. The Court is unaware of any statute or case providing that discharge in bankruptcy makes a debt unreportable (as opposed to uncollectable) so long as only the fact of the previous delinquency is reported.” Abeyta v. Bank of Am., N.A., No. 15-cv-02320, 2016 U.S. Dist. LEXIS 8918 (D. Nev. Jan. 25, 2016) (citation omitted) (granting motion to dismiss the original complaint; the motion to dismiss an amended complaint was discussed by the same court at 2016 U.S. Dist. LEXIS 43602, above).
A reporter recently contacted me to talk about a new FCRA class action which alleges that banks may not obtain credit reports on consumers, even after those consumers have discharged their debts to the banks in bankruptcy. The case is Bailey v. Federal National Mortgage Association, Case No. 1:16-cv-01155 (D.D.C). For this month’s blog entry, I’m going to post her questions and my answers:
It’s a FCRA case about a borrower filing a class-action suit against Fannie Mae for unauthorized credit inquiries post-bankruptcy. The borrower filed Chapter 7 and was discharged from his debt in 2013 but alleges 3 years after the discharge, Fannie made an unauthorized inquiry on to Equifax. [My note: the claim appears to be that Bailey obtained a mortgage from Bank of America that was transferred to Fannie Mae; that he filed for bankruptcy in April 2013; that he was discharged in July 2013; and that Fannie Mae pulled his report in July 2015. The claim would be that Fannie Mae lacked a permissible purpose to do this and thus violated the FCRA at 15 U.S.C. Sec. 1681b.].
Just talking to a couple of people to get their take on the issue. Do companies have a right to do so? Does the borrower have a strong case or no? Could this set off a trend for other borrowers to file a similar suit?
There are two big hurdles that this lawsuit will have to overcome, and I doubt that it will be able to do so.
First, the plaintiff will have to show that there are no circumstances under which a mortgage lender can check a credit report post-discharge. If there are some circumstances when that’s okay, and others where it isn’t, then you have to look at the details of each check, which would make a class action impossible. My impression is that after a consumer files for bankruptcy and gets his mortgage discharged, the lender still needs to service the mortgage for a period of time, and it may need to check the consumer’s credit as part of that process. Am I surprised that Fannie Mae checked this guy’s credit three years after his loan was discharged? Yes. But I think that some checks post-discharge may be permissible, and if that’s true, then a class action would not make sense.
Second, the plaintiff will have to show that Fannie Mae’s alleged FCRA violation caused him real harm. This is a big issue – the Supreme Court just stated in Robins v. Spokeo that sometimes an FCRA violation will not cause any harm, and when that happens, the plaintiff lacks standing, and any lawsuit should be dismissed. Here, the plaintiff seems to be alleging that when Fannie Mae checked his credit report, it: i) invaded his privacy; ii) lowered his credit score; and/or iii) made him scared about a possible data breach in the future. This is exactly the kind of intangible harm that the Spokeo decision talked about. It makes the lawsuit look like something that lawyers are doing to get money, as opposed to a call to stop truly problematic behavior.
It’ll be interesting to see how this case proceeds. Law360 says that “Joshua B. Swigart of Hyde & Swigart and by Abbas Kazerounian of Kazerouni Law Group APC.” I have dealt with Hyde & Swigart before, and they are good plaintiffs’ lawyers.
For the past few years, plaintiffs’ lawyers have been filing – and winning – class actions against employers who routinely obtain criminal background reports about potential employees. These suits allege that the employer violated the FCRA at 15 U.S.C. § 1681b(b)(2)(A), which states that employers can only obtain these reports if “a clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes.”
In the recent past, most companies gave potential employers a disclosure to sign before obtaining a background report about them. But these disclosures often contained waivers of liability, which essentially asked the applicant to agree that: i) the employer could pull a background report; and ii) the applicant could not sue the employer or the background reporter for anything that the report contained, or anything they did in obtaining it. In the late 1990s, the FTC suggested that waivers like this went too far; and in the past few years, plaintiffs’ lawyers have realized this and begun filing class actions against employers who included these waivers.
These class actions don’t allege that the employer “negligently” violated the FCRA, because then the plaintiffs would only be able to collect “actual damages,” and it is hard to say that a disclosure with a liability waiver that would likely never be enforced will actually damage anyone. Rather, the plaintiffs allege that the employer “willfully” violated the FCRA, as that entitles each member of the class to statutory damages of $100 to $1,000 – which can add up to millions of dollars in cases against national employers. Most companies named in these class actions have either settled outright, or else tried to dismiss the lawsuit, failed, and then settled.
A class action against Target – Just v. Target Corp., Case No. 0:15-cv-04117, slip. op. at ECF No. 23 (D. Minn. May 12, 2016) – has ended differently. Crucially, Target’s disclosure did not contain a liability waiver, so it didn’t contain the one thing that the FTC has said is inappropriate. Target’s disclosure did say things about the importance of trust and honesty among its employees, the fact that any job that it offered could be terminated at will, and how applicants could get a copy of the report that Target obtained, if they wanted one. Did these kinds of statements “willfully” violate the FCRA’s stand-alone disclosure provision?
Target argued that they didn’t, and a federal judge agreed: he dismissed the class action. (His decision is on appeal). Following Supreme Court precedent, he judge noted that to “willfully” violate the FCRA, a company must do something that is “objectively unreasonable”in light of the statutory text and of any opinions from the FTC or the federal courts of appeals about that text.
The judge then found that the statutory text isn’t as clear as it seems – while the provision at 15 U.S.C. § 1681b(b)(2)(A)(i) requires a stand-alone disclosure that the employer will pull a background report, the very next provision, at 15 U.S.C. § 1681b(b)(2)(A)(ii), allows the disclosure form to contain a place for the job applicant to consent to a background report. The courts of appeals haven’t said anything about whether adding other language to one of these disclosure forms is or isn’t appropriate, and the FTC has suggested that adding language that explains what the employer is doing and why is probably okay. For all these reasons, the judge found that Target had not “willfully” violated the FCRA and dismissed the claims that it violated 15 U.S.C. § 1681b(b)(2)(A)(i).
Will this decision stand up on appeal? It’s an interesting question. My initial instinct, like the judge’s, is that the language that Target included in its disclosure is appropriate: the FCRA’s obvious goal here is to put people on notice that an employer is going to look at their criminal record, and Target’s form did not detract from that notice.
Having said that, I would make one caveat. The objection to the liability waivers is that they don’t enhance or clarify a notice that a background report will be pulled, so the waivers are “objectively unreasonable” under the statute. But, while Target’s form didn’t contain a liability waiver, it did contain a statement that “You understand if you disagree with the accuracy of any information in the report, you must notify [the company that created the report for Target] within five business days of your receipt of the report.” This sentence seems to be a bit like the liability waivers in that: i) it does not help clarify that Target is planning to obtain a background report; and ii) it does not have any basis in the FCRA. [Under the FCRA, a person who gets an inaccurate consumer report can dispute it months or even years later – there is no time limit to dispute a report, per 15 U.S.C. Sec. 1681i].
I can see why Target included this sentence – if a job applicant doesn’t dispute an inaccurate report within a few days, Target will almost certainly have given the job to someone else. Maybe that’s enough to mean that this sentence is not “objectively unreasonable” either. But I think it presents a closer question than the other things in Target’s disclosure.
I don’t generally write blog posts about just one case, but I’m going to make an exception this month and discuss Arnold v. Bayview Loan Servicing, LLC, No. 14-cv-0543, 2016 U.S. Dist. LEXIS 10509 (S.D. Ala. Jan. 29, 2016).
In Arnold, the plaintiff alleged that Bayview violated the FDCPA by sending him two mortgage billing statements in December 2013, even though the plaintiff’s debt had been discharged in bankruptcy (September 2012), and even though Bayview foreclosed on plaintiff’s former home (November 2013). Bayview admitted sending the statements, but it argued that it had not violated the FDCPA because sending them was a “bona fide error,” which if true would be a complete defense to FDCPA liability under 15 U.S.C. § 1692k(c). Specifically, Bayview argued that when it began to service plaintiff’s mortgage loan, it had coded the loan file in its computer system so as not to send plaintiff any billing statements, but then, following the November 2013 foreclosure, an employee reviewed the file and inadvertently (i.e., she was not told or instructed to do this) changed the code to allow new billing statements to be sent.
I found Arnold to be interesting because it granted a defense motion for summary judgment (which doesn’t happen every day, and which is good news if you’re a defense lawyer like me), and because it made two points about the FDCPA’s bona fide error defense that I think are worth remembering. They are:
I. THE BONA FIDE ERROR DEFENSE MUST BE PLEADED WITH PARTICULARITY
To raise the bona fide error defense, the defendant must include it as an affirmative defense in its initial pleading, and the defendant must plead it with particularity. Bayview’s initial pleading was an answer that listed a number of affirmative defenses, none of which were pleaded with particularity. It raised the bona fide error defense by simply stating that “Plaintiff’s individual and class claims are barred by the bona fide error defense pursuant to the FDCPA, 15 U.S.C. § 1692, et seq.”
The court ruled that Bayview’s pleading was insufficient: it didn’t state the who/what/when/where/why of the bona fide error, so it wasn’t a pleading with particularity. However, the court held that Bayview’s mistake was a technical one, and it wasn’t willing to preclude Bayview from raising the defense unless plaintiff could show that either: a) he had challenged the pleading as insufficient within 21 days per Rule 12; or b) he had been deprived of an opportunity to take discovery related to the defense. Plaintiff could not show either of these things: he hadn’t moved to strike the pleading per Rule 12, and he had been given information about the defense in discovery (through interrogatory responses and depositions of Bayview personnel).
I think that this was the right result – cases should be won or lost on the merits, and not due to technical mistakes by counsel. That said, I am going to make a point of trying to plead the bona fide error defense with more particularity in the future.
II. THE BONA FIDE DEFENSE IS ABOUT PARTICULAR ERRORS, NOT GENERAL ONES
The Arnold court found that the plaintiff could not and did not challenge the facts of Bayview’s bona fide error defense: i.e., it was uncontested that Bayview had initially coded plaintiff’s loan in such a way as to prevent any billing statements from being mailed to him, but then an employee had inadvertently changed that code while reviewing his loan post-foreclosure. Rather, the plaintiff argued that Bayview’s error was that it sent mortgage bills to consumers even after they had their debts discharged through bankruptcy. In other words, plaintiff’s counsel contended that Bayview should have had a policy in place to never send a billing statement to anyone whose mortgage loan was discharged in bankruptcy. Because Bayview didn’t do that, counsel contended that its mistake was not a “bona fide error” but rather an intentional error due to a bad internal policy.
The court found for the defendant, and made two points which, again, are worth remembering. The first point is that “the bona fide error defense does not require a defendant to exhaust all possible means of preventing the specific error. Again, the legal standard is that the defendant “maintain procedures reasonably adapted to avoid readily discoverable errors.” The second point is that “plaintiff’s fixation on Bayview’s purported practice of billing borrowers whose debts have been discharged is unavailing because that general practice was not the specific error that caused Arnold to receive billing statements. It is undisputed that, during the first ten months that Bayview serviced the loan, Bayview never sent a single monthly billing statement to Arnold [until] a single
Bayview employee made a single processing error that changed the code on Arnold’s loan …. That is the “specific error” on which the bona fide error defense analysis appropriately centers.”
In short, when a defendant raises a bona fide error defense, defense counsel should focus on the precise mistake that caused the problem, and attempt to show that such mistakes are rare and against company practice.
Last month, I discussed two federal court cases that considered whether a criminal background report that Wells Fargo obtained from First Advantage was a “consumer report” that had to comply with the FCRA. One court found that the report wasn’t a consumer report; the other found that it was. In both cases, the question was whether Wells Fargo obtained it “in connection with an investigation of … compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.” 15 U.S.C. Sec. 1681a(y). Reports that fall within that definition are not “consumer reports” and are not subject to (most) other provisions in the FCRA.
As I pointed out last month, the Martin court in Minnesota held that because Wells Fargo obtained its reports to comply with its obligations under two federal laws (FIRREA and the SAFE Act), the report fell within the Sec. 1681a(y) exception to the FCRA. But the Manuel court in Virginia held that, to the contrary, reading Sec. 1681a(y) that way would essentially mean that Wells Fargo never had to comply with the FCRA – and the court was unwilling to take that position.
This month, I thought I would mention two other points that other courts have made about Sec. 1681a(y). Neither of them resolves the conflict between Martin and Manuel; if anything, they indicate that the issue is a complex one, which no one court has yet definitively considered or decided.
First, some courts have held (as the Martin court itself did) that if an employer or a background screening agency wants to argue that its reports are not regulated by the FCRA because they fall within the exception at Sec. 1681a(y), that’s fine, but it needs to be done on a factual record at the summary judgment stage, and not at the motion to dismiss stage. Simply saying that “I’m the kind of institution that has to comply with federal law, so my reports are exempt from FCRA” – which is essentially what a defendant would do at the motion to dismiss stage – is not good enough for these courts.
See Freckleton v. Target Corp., 81 F. Supp. 3d 473 (D. Md. 2015) (denying motion to dismiss, and stating that “Target was not running the check to be compliant with state or federal regulations. Cf. Martin … (if Wells Fargo ran background checks to be compliant with the SAFE Act then the exclusion would apply; however, this was a question of fact inappropriate for a motion to dismiss)”); Rawlings v. ADS Alliance Data Sys., 2015 U.S. Dist. LEXIS 81055 (W.D. Mo. June 23, 2015) (denying motion to dismiss and stating that “[If] background checks are excluded based on its need to comply with federal banking law, the record must be developed to so demonstrate … Martin is distinguishable inasmuch as Martin was resolved on a summary judgment record”).
From a defendant’s perspective, this is annoying – it should be obvious that some employers have to get criminal record reports under some laws (banks under federal law, or perhaps schools under state law), and the litigation cost of preparing a full factual record is not trivial. But I think defendants can live with this. Indeed, if the Manuel court had known the details of Wells Fargo’s compliance program, the result in that class action case might have been different.
Second, the Manuel court had stated that for Sec. 1681a(y) to apply, a report had to be obtained “in connection with” some larger investigation; a report that was pulled merely as a matter of routine compliance (and without any additional inquiry or investigation) did not fall within the Sec. 1681a(y) provision.
One court has followed up on that point by suggesting that one can tell whether a report is part of a larger investigation by asking whether the employer, before it pulled a background report, had some reason to believe that the employee or job applicant had violated the law – if yes, then there is a larger investigation and Sec. 1681a(y) applies; if no, then the report is subject to the FCRA. See Freckleton, 81 F. Supp. 3d at 481 n.11 (citing Mattiaccio v. DHA Grp., 21 F. Supp. 3d 15, 2014 WL 717780, at *3 (D.D.C. 2014) (whether employer gathered information “in connection with an investigation of . . . suspected misconduct” depended on whether the employer made the request after “receiv[ing] information indicating that [the] Plaintiff had previously been convicted of perjury” or in retaliation for a complaint); Russell v. Shelter Fin. Servs., 604 F. Supp. 201, 202-03 (W.D. Mo. 1984) (finding that report was not “in connection with” an employment decision under Sec. 1681a(h) if the subject of the report resigned before the report was pulled)).
I question whether the statutory phrase “in connection with an investigation” necessarily means “because of an investigation,” “as part of an investigation,” or “due to an investigation” – which is how the Manuel, Mattiaccio and Freckleton courts seem to read it. If I go to a restaurant to get some pizzas for a party, and I buy a hoagie as well, one could say that I bought the hoagie “in connection with” my purchase of the pizzas, even though I bought everything at the same time. Also, a review of “in connection with” at thesaurus.com suggests that the phrase means “about,” as opposed to “before.”
This month’s post will comment on the FCRA’s provision at 15 U.S.C. Sec. 1681a(y), which says that a report is not a “consumer report” (and thus not subject to FCRA liability) if it “is made to an employer in connection with an investigation of— (i) suspected misconduct relating to employment; or (ii) compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.”
Federal law requires banks to check the criminal backgrounds of their employees. Two separate statutes – FIRREA and the SAFE Act – both tell banks not to employ certain employees if they have been “involved” in a “dishonesty crime.” I put those words in quotes because the statutes provide fairly lengthy and convoluted definitions of what it means to be involved in a dishonesty crime. For present purposes, the important thing is that a person is “involved” in such a crime if he was either: a) convicted of it; or b) sentenced pursuant to a pretrial diversion program (e.g., pled guilty per a deal that there would be no jail time, and the charge would be dismissed if he completed probation without incident). This is important because normally, a consumer report cannot contain arrest records that are more than seven (7) years old. 15 U.S.C. Sec. 1681c(a)(5). But here, the banks have to look at arrest records, to assess whether a person went through a pretrial diversion program.
This background presents the following question: if a bank, in its effort to comply with FIRREA and the SAFE Act, contracts with a background screening company to obtain special reports that will contain any arrest records, even ones that normally could not be reported per Sec. 1681c(a)(5), are those reports “consumer reports?” Or are they excluded per the exception at Sec. 1681a(y)?
Two federal courts (at least) have answered this question in two different ways. The District of Minnesota held that such reports are NOT consumer reports in Martin v. First Advantage Background Servs. Corp., 2014 U.S. Dist. LEXIS 41098 (D. Minn. Mar. 26, 2014). The Eastern District of Virginia held that such reports ARE consumer reports in Manuel v. Wells Fargo Bank, 123 F. Supp. 3d 810 (E.D. Va. 2015). Full disclosure: I was the defense lawyer in Martin. Notably, both cases involved the reports that Wells Fargo (a bank) obtained from First Advantage (a background reporting company).
In Martin, First Advantage presented evidence that Wells Fargo asked it to create reports that were designed to comply with FIRREA and the SAFE Act (by including arrest records that would otherwise be precluded in a consumer report), and that these reports were not “consumer reports” because they were created and obtained “in connection with an investigation of … compliance with Federal, State, or local laws and regulations” under Sec. 1681a(y). The Court agreed.
In Manuel, Wells Fargo argued that it was not required to have job applicants sign special FCRA-compliant consent forms before it pulled reports on them from First Advantage, because the First Advantage reports were not “consumer reports” per Martin. The court disagreed on multiple grounds, two of which seem especially salient: a) the provision in Sec. 1681a(y) refers to a report “in connection with an investigation,” and Wells Fargo conducted no larger investigation (it just ordered the report); and b) “the exception would swallow the rule with respect to employment uses of background checks under the FCRA, because there are a number of federal, state, and local laws excluding certain individuals from certain types of employment” (i.e., every report that Wells Fargo pulled would be exempt from the FCRA).
Both courts wrote reasonable and thoughtful opinions: you can see the merits of each position when you read them. Ultimately, though, I wonder if the Manuel court considered – or if Wells Fargo’s lawyers asked it to consider – the flip side of its argument.
The Manuel court was obviously worried about the repercussions of saying that criminal background reports in the banking industry are not subject to the FCRA: the FCRA is a consumer-protection statute, and it would seem odd to exclude a huge group of consumers (people who want to work for banks) from its protections. I get that.
But consider the flip side. Under FIRREA and the SAFE Act, banks MUST obtain and review arrest records that normally cannot be reported under Sec. 1681c(a)(5). If the reports that the banks pull have arrest records in them, then those reports automatically violate the FCRA. That leaves the banks in an impossible position: if they don’t review arrest records, they violate FIRREA and the SAFE Act, but if they do review arrest records, they violate the FCRA. It seems reasonable to me to construe Sec. 1681a(y) as Congress’s answer to this difficulty: it allows banks to get the records they need under FIRREA and the SAFE Act, without having to worry that they will violate the FCRA in the process.
If Wells Fargo raised this issue to the Manuel court, there is no mention of it in the opinion. Lawyers in future cases might do well to make it.
This month’s post will be about a 2014 case that recently caught my eye: Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014). The gist of the case is that somebody stole plaintiff Greg Bickley’s social security number, called a Dish retailer, and tried to open a satellite TV contract, using the stolen SSN. (The identity thief cleverly identified herself on the phone as “Gregina Dickley”). The retailer pulled reports from Trans Union, Equifax, and Experian to find out whether the caller’s name (“Gregina Dickley”) matched the social security number that she provided. All three said that no, it didn’t, so the identity thief was foiled.
The lawsuit came about when Mr. Bickley saw (on a later credit report) that Dish had pulled a report about him. He didn’t remember allowing Dish to do that, so he filed suit, alleging that Dish violated the FCRA’s permissible purpose provision, at 15 U.S.C. Sec. 1681b. Dish ultimately prevailed: the district court held, and the Sixth Circuit affirmed, that it was okay, even laudable, for a business to try and thwart identity theft by pulling reports from the bureaus (as Dish’s retailer had done). Dish’s retailer had a permissible purpose to pull a report to thwart theft, so there was no FCRA violation.
That’s background; it’s not why I’m writing this post. I am writing this post because in getting to the final holding, the Sixth Circuit asked whether the kind of report that Dish’s retailer pulled was in fact a “consumer report.” If it was, then Bickley could claim that Dish violated the FCRA. If it wasn’t, he couldn’t. Here’s what the Sixth Circuit said:
The [Dish retailer] inputted Dickley’s name and social security number into an interface that connects to three credit reporting agencies: Equifax, Experian, and TransUnion. The agencies followed a “waterfall” process as they attempted to cross-verify that the information matched. The basic process was as follows: the first agency assessed whether the social security number corresponded to the consumer’s name. If a match was found, in this instance by Equifax, it would inform American Satellite that the person was “Approved;” but if the search revealed a “Declined No Hit” response, Equifax would send the consumer’s information to a second agency, Experian, to run the information through a similar cross-verification process. If this second search also returned a “Declined No Hit” response, Experian would forward the information to a third credit agency, TransUnion, which would run the information through its databases. If TransUnion also returned a “Declined No Hit” response, it would forward this final determination to the requesting company….
Bickley contests the district court’s determination that Dish did not receive a “consumer report”…..
[While] the credit inquiries resulting in a “Declined No Hit” response (1 & 2) and  the ambiguously termed “Header Information” (3) are not “consumer reports,” the Decision Detail Report (4) appears to be a consumer report. Both parties acknowledge that the Decision Detail Report contains an “Echostar Risk” number, which is “based on the number of consumer initiated inquiries in the past 12 months, length of time bank revolving accounts have been opened, length of time accounts have been opened, and the percent of accounts opened in the past 24 months versus total accounts reported in the past 12 months.” R. 42-2, Decision Detail Report, PageID # 471. The Echostar Risk number clearly has bearing on a consumer’s credit worthiness, and therefore is a “consumer report” as defined under 15 U.S.C. Sec. 1681a(d)(5).
Taken altogether, there is sufficient evidence for a rational trier of fact to find that there was a “consumer report” within the meaning of the statute, meaning that Bickley has satisfied the first element of his claim for improper use of a credit report.
Why is this interesting to me? Because it suggests that end users (like Dish’s retailer) and consumer reporting agencies (like the bureaus and others) could create a special “identity theft prevention report” that would not be a “consumer report” and would not subject the end user or the agencies to any potential FCRA liability. It appears that here, Dish’s retailer ordered a kind of “combined report”: it had an identity-theft component (the “waterfall” that checked to see whether a person’s name matched the social security number that he provided), and it also had a traditional credit component (the “Echostar Risk number” that provided some detail on the person’s credit history). The Sixth Circuit held that this “combined report” was subject to the FCRA, because of the credit history component.
However, there is no reason why an end user would need to order a combined report: it might well ask for (or be provided with) an opportunity to run the “identity theft prevention report” first, which, if and only if it came back showing no sign of identity theft, would be followed (perhaps automatically) by a full credit report.
Structuring the report in this way would require some work, and given the costs and the (low?) risk of FCRA liability, the companies that sell and use these reports might decide not to bother.
But how low is the risk of FCRA liability, really? Suppose that a consumer calls a creditor himself to try and open the account; the creditor pulls a combined report to assess identity theft, and the creditor turns the consumer down because the report says (incorrectly) that the consumer is not who he claims to be. In a situation like that, the consumer would have grounds to sue under the FCRA, because: a) the combined report is a consumer report and thus subject to the FCRA; and b) the consumer has arguably suffered some harm.
The hypothetical that I’ve just given is probably not uncommon, at least in a country that generates millions of credit inquiries each day. It might very well make sense for some agencies – especially agencies that are not Experian, Equifax, and Trans Union, but who do have the capacity to cross-check a name and/or date of birth against a social security number – to limit their reports to just that kind of cross-checking. Doing so would likely avoid any risk of FCRA liability, at least under the Sixth Circuit’s analysis in Bickley.