A reporter recently contacted me to talk about a new FCRA class action which alleges that banks may not obtain credit reports on consumers, even after those consumers have discharged their debts to the banks in bankruptcy. The case is Bailey v. Federal National Mortgage Association, Case No. 1:16-cv-01155 (D.D.C). For this month’s blog entry, I’m going to post her questions and my answers:
It’s a FCRA case about a borrower filing a class-action suit against Fannie Mae for unauthorized credit inquiries post-bankruptcy. The borrower filed Chapter 7 and was discharged from his debt in 2013 but alleges 3 years after the discharge, Fannie made an unauthorized inquiry on to Equifax. [My note: the claim appears to be that Bailey obtained a mortgage from Bank of America that was transferred to Fannie Mae; that he filed for bankruptcy in April 2013; that he was discharged in July 2013; and that Fannie Mae pulled his report in July 2015. The claim would be that Fannie Mae lacked a permissible purpose to do this and thus violated the FCRA at 15 U.S.C. Sec. 1681b.].
Just talking to a couple of people to get their take on the issue. Do companies have a right to do so? Does the borrower have a strong case or no? Could this set off a trend for other borrowers to file a similar suit?
There are two big hurdles that this lawsuit will have to overcome, and I doubt that it will be able to do so.
First, the plaintiff will have to show that there are no circumstances under which a mortgage lender can check a credit report post-discharge. If there are some circumstances when that’s okay, and others where it isn’t, then you have to look at the details of each check, which would make a class action impossible. My impression is that after a consumer files for bankruptcy and gets his mortgage discharged, the lender still needs to service the mortgage for a period of time, and it may need to check the consumer’s credit as part of that process. Am I surprised that Fannie Mae checked this guy’s credit three years after his loan was discharged? Yes. But I think that some checks post-discharge may be permissible, and if that’s true, then a class action would not make sense.
Second, the plaintiff will have to show that Fannie Mae’s alleged FCRA violation caused him real harm. This is a big issue – the Supreme Court just stated in Robins v. Spokeo that sometimes an FCRA violation will not cause any harm, and when that happens, the plaintiff lacks standing, and any lawsuit should be dismissed. Here, the plaintiff seems to be alleging that when Fannie Mae checked his credit report, it: i) invaded his privacy; ii) lowered his credit score; and/or iii) made him scared about a possible data breach in the future. This is exactly the kind of intangible harm that the Spokeo decision talked about. It makes the lawsuit look like something that lawyers are doing to get money, as opposed to a call to stop truly problematic behavior.
It’ll be interesting to see how this case proceeds. Law360 says that “Joshua B. Swigart of Hyde & Swigart and by Abbas Kazerounian of Kazerouni Law Group APC.” I have dealt with Hyde & Swigart before, and they are good plaintiffs’ lawyers.
For the past few years, plaintiffs’ lawyers have been filing – and winning – class actions against employers who routinely obtain criminal background reports about potential employees. These suits allege that the employer violated the FCRA at 15 U.S.C. § 1681b(b)(2)(A), which states that employers can only obtain these reports if “a clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes.”
In the recent past, most companies gave potential employers a disclosure to sign before obtaining a background report about them. But these disclosures often contained waivers of liability, which essentially asked the applicant to agree that: i) the employer could pull a background report; and ii) the applicant could not sue the employer or the background reporter for anything that the report contained, or anything they did in obtaining it. In the late 1990s, the FTC suggested that waivers like this went too far; and in the past few years, plaintiffs’ lawyers have realized this and begun filing class actions against employers who included these waivers.
These class actions don’t allege that the employer “negligently” violated the FCRA, because then the plaintiffs would only be able to collect “actual damages,” and it is hard to say that a disclosure with a liability waiver that would likely never be enforced will actually damage anyone. Rather, the plaintiffs allege that the employer “willfully” violated the FCRA, as that entitles each member of the class to statutory damages of $100 to $1,000 – which can add up to millions of dollars in cases against national employers. Most companies named in these class actions have either settled outright, or else tried to dismiss the lawsuit, failed, and then settled.
A class action against Target – Just v. Target Corp., Case No. 0:15-cv-04117, slip. op. at ECF No. 23 (D. Minn. May 12, 2016) – has ended differently. Crucially, Target’s disclosure did not contain a liability waiver, so it didn’t contain the one thing that the FTC has said is inappropriate. Target’s disclosure did say things about the importance of trust and honesty among its employees, the fact that any job that it offered could be terminated at will, and how applicants could get a copy of the report that Target obtained, if they wanted one. Did these kinds of statements “willfully” violate the FCRA’s stand-alone disclosure provision?
Target argued that they didn’t, and a federal judge agreed: he dismissed the class action. (His decision is on appeal). Following Supreme Court precedent, he judge noted that to “willfully” violate the FCRA, a company must do something that is “objectively unreasonable”in light of the statutory text and of any opinions from the FTC or the federal courts of appeals about that text.
The judge then found that the statutory text isn’t as clear as it seems – while the provision at 15 U.S.C. § 1681b(b)(2)(A)(i) requires a stand-alone disclosure that the employer will pull a background report, the very next provision, at 15 U.S.C. § 1681b(b)(2)(A)(ii), allows the disclosure form to contain a place for the job applicant to consent to a background report. The courts of appeals haven’t said anything about whether adding other language to one of these disclosure forms is or isn’t appropriate, and the FTC has suggested that adding language that explains what the employer is doing and why is probably okay. For all these reasons, the judge found that Target had not “willfully” violated the FCRA and dismissed the claims that it violated 15 U.S.C. § 1681b(b)(2)(A)(i).
Will this decision stand up on appeal? It’s an interesting question. My initial instinct, like the judge’s, is that the language that Target included in its disclosure is appropriate: the FCRA’s obvious goal here is to put people on notice that an employer is going to look at their criminal record, and Target’s form did not detract from that notice.
Having said that, I would make one caveat. The objection to the liability waivers is that they don’t enhance or clarify a notice that a background report will be pulled, so the waivers are “objectively unreasonable” under the statute. But, while Target’s form didn’t contain a liability waiver, it did contain a statement that “You understand if you disagree with the accuracy of any information in the report, you must notify [the company that created the report for Target] within five business days of your receipt of the report.” This sentence seems to be a bit like the liability waivers in that: i) it does not help clarify that Target is planning to obtain a background report; and ii) it does not have any basis in the FCRA. [Under the FCRA, a person who gets an inaccurate consumer report can dispute it months or even years later – there is no time limit to dispute a report, per 15 U.S.C. Sec. 1681i].
I can see why Target included this sentence – if a job applicant doesn’t dispute an inaccurate report within a few days, Target will almost certainly have given the job to someone else. Maybe that’s enough to mean that this sentence is not “objectively unreasonable” either. But I think it presents a closer question than the other things in Target’s disclosure.
Last month, I discussed two federal court cases that considered whether a criminal background report that Wells Fargo obtained from First Advantage was a “consumer report” that had to comply with the FCRA. One court found that the report wasn’t a consumer report; the other found that it was. In both cases, the question was whether Wells Fargo obtained it “in connection with an investigation of … compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.” 15 U.S.C. Sec. 1681a(y). Reports that fall within that definition are not “consumer reports” and are not subject to (most) other provisions in the FCRA.
As I pointed out last month, the Martin court in Minnesota held that because Wells Fargo obtained its reports to comply with its obligations under two federal laws (FIRREA and the SAFE Act), the report fell within the Sec. 1681a(y) exception to the FCRA. But the Manuel court in Virginia held that, to the contrary, reading Sec. 1681a(y) that way would essentially mean that Wells Fargo never had to comply with the FCRA – and the court was unwilling to take that position.
This month, I thought I would mention two other points that other courts have made about Sec. 1681a(y). Neither of them resolves the conflict between Martin and Manuel; if anything, they indicate that the issue is a complex one, which no one court has yet definitively considered or decided.
First, some courts have held (as the Martin court itself did) that if an employer or a background screening agency wants to argue that its reports are not regulated by the FCRA because they fall within the exception at Sec. 1681a(y), that’s fine, but it needs to be done on a factual record at the summary judgment stage, and not at the motion to dismiss stage. Simply saying that “I’m the kind of institution that has to comply with federal law, so my reports are exempt from FCRA” – which is essentially what a defendant would do at the motion to dismiss stage – is not good enough for these courts.
See Freckleton v. Target Corp., 81 F. Supp. 3d 473 (D. Md. 2015) (denying motion to dismiss, and stating that “Target was not running the check to be compliant with state or federal regulations. Cf. Martin … (if Wells Fargo ran background checks to be compliant with the SAFE Act then the exclusion would apply; however, this was a question of fact inappropriate for a motion to dismiss)”); Rawlings v. ADS Alliance Data Sys., 2015 U.S. Dist. LEXIS 81055 (W.D. Mo. June 23, 2015) (denying motion to dismiss and stating that “[If] background checks are excluded based on its need to comply with federal banking law, the record must be developed to so demonstrate … Martin is distinguishable inasmuch as Martin was resolved on a summary judgment record”).
From a defendant’s perspective, this is annoying – it should be obvious that some employers have to get criminal record reports under some laws (banks under federal law, or perhaps schools under state law), and the litigation cost of preparing a full factual record is not trivial. But I think defendants can live with this. Indeed, if the Manuel court had known the details of Wells Fargo’s compliance program, the result in that class action case might have been different.
Second, the Manuel court had stated that for Sec. 1681a(y) to apply, a report had to be obtained “in connection with” some larger investigation; a report that was pulled merely as a matter of routine compliance (and without any additional inquiry or investigation) did not fall within the Sec. 1681a(y) provision.
One court has followed up on that point by suggesting that one can tell whether a report is part of a larger investigation by asking whether the employer, before it pulled a background report, had some reason to believe that the employee or job applicant had violated the law – if yes, then there is a larger investigation and Sec. 1681a(y) applies; if no, then the report is subject to the FCRA. See Freckleton, 81 F. Supp. 3d at 481 n.11 (citing Mattiaccio v. DHA Grp., 21 F. Supp. 3d 15, 2014 WL 717780, at *3 (D.D.C. 2014) (whether employer gathered information “in connection with an investigation of . . . suspected misconduct” depended on whether the employer made the request after “receiv[ing] information indicating that [the] Plaintiff had previously been convicted of perjury” or in retaliation for a complaint); Russell v. Shelter Fin. Servs., 604 F. Supp. 201, 202-03 (W.D. Mo. 1984) (finding that report was not “in connection with” an employment decision under Sec. 1681a(h) if the subject of the report resigned before the report was pulled)).
I question whether the statutory phrase “in connection with an investigation” necessarily means “because of an investigation,” “as part of an investigation,” or “due to an investigation” – which is how the Manuel, Mattiaccio and Freckleton courts seem to read it. If I go to a restaurant to get some pizzas for a party, and I buy a hoagie as well, one could say that I bought the hoagie “in connection with” my purchase of the pizzas, even though I bought everything at the same time. Also, a review of “in connection with” at thesaurus.com suggests that the phrase means “about,” as opposed to “before.”
This month’s post will comment on the FCRA’s provision at 15 U.S.C. Sec. 1681a(y), which says that a report is not a “consumer report” (and thus not subject to FCRA liability) if it “is made to an employer in connection with an investigation of— (i) suspected misconduct relating to employment; or (ii) compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.”
Federal law requires banks to check the criminal backgrounds of their employees. Two separate statutes – FIRREA and the SAFE Act – both tell banks not to employ certain employees if they have been “involved” in a “dishonesty crime.” I put those words in quotes because the statutes provide fairly lengthy and convoluted definitions of what it means to be involved in a dishonesty crime. For present purposes, the important thing is that a person is “involved” in such a crime if he was either: a) convicted of it; or b) sentenced pursuant to a pretrial diversion program (e.g., pled guilty per a deal that there would be no jail time, and the charge would be dismissed if he completed probation without incident). This is important because normally, a consumer report cannot contain arrest records that are more than seven (7) years old. 15 U.S.C. Sec. 1681c(a)(5). But here, the banks have to look at arrest records, to assess whether a person went through a pretrial diversion program.
This background presents the following question: if a bank, in its effort to comply with FIRREA and the SAFE Act, contracts with a background screening company to obtain special reports that will contain any arrest records, even ones that normally could not be reported per Sec. 1681c(a)(5), are those reports “consumer reports?” Or are they excluded per the exception at Sec. 1681a(y)?
Two federal courts (at least) have answered this question in two different ways. The District of Minnesota held that such reports are NOT consumer reports in Martin v. First Advantage Background Servs. Corp., 2014 U.S. Dist. LEXIS 41098 (D. Minn. Mar. 26, 2014). The Eastern District of Virginia held that such reports ARE consumer reports in Manuel v. Wells Fargo Bank, 123 F. Supp. 3d 810 (E.D. Va. 2015). Full disclosure: I was the defense lawyer in Martin. Notably, both cases involved the reports that Wells Fargo (a bank) obtained from First Advantage (a background reporting company).
In Martin, First Advantage presented evidence that Wells Fargo asked it to create reports that were designed to comply with FIRREA and the SAFE Act (by including arrest records that would otherwise be precluded in a consumer report), and that these reports were not “consumer reports” because they were created and obtained “in connection with an investigation of … compliance with Federal, State, or local laws and regulations” under Sec. 1681a(y). The Court agreed.
In Manuel, Wells Fargo argued that it was not required to have job applicants sign special FCRA-compliant consent forms before it pulled reports on them from First Advantage, because the First Advantage reports were not “consumer reports” per Martin. The court disagreed on multiple grounds, two of which seem especially salient: a) the provision in Sec. 1681a(y) refers to a report “in connection with an investigation,” and Wells Fargo conducted no larger investigation (it just ordered the report); and b) “the exception would swallow the rule with respect to employment uses of background checks under the FCRA, because there are a number of federal, state, and local laws excluding certain individuals from certain types of employment” (i.e., every report that Wells Fargo pulled would be exempt from the FCRA).
Both courts wrote reasonable and thoughtful opinions: you can see the merits of each position when you read them. Ultimately, though, I wonder if the Manuel court considered – or if Wells Fargo’s lawyers asked it to consider – the flip side of its argument.
The Manuel court was obviously worried about the repercussions of saying that criminal background reports in the banking industry are not subject to the FCRA: the FCRA is a consumer-protection statute, and it would seem odd to exclude a huge group of consumers (people who want to work for banks) from its protections. I get that.
But consider the flip side. Under FIRREA and the SAFE Act, banks MUST obtain and review arrest records that normally cannot be reported under Sec. 1681c(a)(5). If the reports that the banks pull have arrest records in them, then those reports automatically violate the FCRA. That leaves the banks in an impossible position: if they don’t review arrest records, they violate FIRREA and the SAFE Act, but if they do review arrest records, they violate the FCRA. It seems reasonable to me to construe Sec. 1681a(y) as Congress’s answer to this difficulty: it allows banks to get the records they need under FIRREA and the SAFE Act, without having to worry that they will violate the FCRA in the process.
If Wells Fargo raised this issue to the Manuel court, there is no mention of it in the opinion. Lawyers in future cases might do well to make it.
This month’s post will be about a 2014 case that recently caught my eye: Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014). The gist of the case is that somebody stole plaintiff Greg Bickley’s social security number, called a Dish retailer, and tried to open a satellite TV contract, using the stolen SSN. (The identity thief cleverly identified herself on the phone as “Gregina Dickley”). The retailer pulled reports from Trans Union, Equifax, and Experian to find out whether the caller’s name (“Gregina Dickley”) matched the social security number that she provided. All three said that no, it didn’t, so the identity thief was foiled.
The lawsuit came about when Mr. Bickley saw (on a later credit report) that Dish had pulled a report about him. He didn’t remember allowing Dish to do that, so he filed suit, alleging that Dish violated the FCRA’s permissible purpose provision, at 15 U.S.C. Sec. 1681b. Dish ultimately prevailed: the district court held, and the Sixth Circuit affirmed, that it was okay, even laudable, for a business to try and thwart identity theft by pulling reports from the bureaus (as Dish’s retailer had done). Dish’s retailer had a permissible purpose to pull a report to thwart theft, so there was no FCRA violation.
That’s background; it’s not why I’m writing this post. I am writing this post because in getting to the final holding, the Sixth Circuit asked whether the kind of report that Dish’s retailer pulled was in fact a “consumer report.” If it was, then Bickley could claim that Dish violated the FCRA. If it wasn’t, he couldn’t. Here’s what the Sixth Circuit said:
The [Dish retailer] inputted Dickley’s name and social security number into an interface that connects to three credit reporting agencies: Equifax, Experian, and TransUnion. The agencies followed a “waterfall” process as they attempted to cross-verify that the information matched. The basic process was as follows: the first agency assessed whether the social security number corresponded to the consumer’s name. If a match was found, in this instance by Equifax, it would inform American Satellite that the person was “Approved;” but if the search revealed a “Declined No Hit” response, Equifax would send the consumer’s information to a second agency, Experian, to run the information through a similar cross-verification process. If this second search also returned a “Declined No Hit” response, Experian would forward the information to a third credit agency, TransUnion, which would run the information through its databases. If TransUnion also returned a “Declined No Hit” response, it would forward this final determination to the requesting company….
Bickley contests the district court’s determination that Dish did not receive a “consumer report”…..
[While] the credit inquiries resulting in a “Declined No Hit” response (1 & 2) and  the ambiguously termed “Header Information” (3) are not “consumer reports,” the Decision Detail Report (4) appears to be a consumer report. Both parties acknowledge that the Decision Detail Report contains an “Echostar Risk” number, which is “based on the number of consumer initiated inquiries in the past 12 months, length of time bank revolving accounts have been opened, length of time accounts have been opened, and the percent of accounts opened in the past 24 months versus total accounts reported in the past 12 months.” R. 42-2, Decision Detail Report, PageID # 471. The Echostar Risk number clearly has bearing on a consumer’s credit worthiness, and therefore is a “consumer report” as defined under 15 U.S.C. Sec. 1681a(d)(5).
Taken altogether, there is sufficient evidence for a rational trier of fact to find that there was a “consumer report” within the meaning of the statute, meaning that Bickley has satisfied the first element of his claim for improper use of a credit report.
Why is this interesting to me? Because it suggests that end users (like Dish’s retailer) and consumer reporting agencies (like the bureaus and others) could create a special “identity theft prevention report” that would not be a “consumer report” and would not subject the end user or the agencies to any potential FCRA liability. It appears that here, Dish’s retailer ordered a kind of “combined report”: it had an identity-theft component (the “waterfall” that checked to see whether a person’s name matched the social security number that he provided), and it also had a traditional credit component (the “Echostar Risk number” that provided some detail on the person’s credit history). The Sixth Circuit held that this “combined report” was subject to the FCRA, because of the credit history component.
However, there is no reason why an end user would need to order a combined report: it might well ask for (or be provided with) an opportunity to run the “identity theft prevention report” first, which, if and only if it came back showing no sign of identity theft, would be followed (perhaps automatically) by a full credit report.
Structuring the report in this way would require some work, and given the costs and the (low?) risk of FCRA liability, the companies that sell and use these reports might decide not to bother.
But how low is the risk of FCRA liability, really? Suppose that a consumer calls a creditor himself to try and open the account; the creditor pulls a combined report to assess identity theft, and the creditor turns the consumer down because the report says (incorrectly) that the consumer is not who he claims to be. In a situation like that, the consumer would have grounds to sue under the FCRA, because: a) the combined report is a consumer report and thus subject to the FCRA; and b) the consumer has arguably suffered some harm.
The hypothetical that I’ve just given is probably not uncommon, at least in a country that generates millions of credit inquiries each day. It might very well make sense for some agencies – especially agencies that are not Experian, Equifax, and Trans Union, but who do have the capacity to cross-check a name and/or date of birth against a social security number – to limit their reports to just that kind of cross-checking. Doing so would likely avoid any risk of FCRA liability, at least under the Sixth Circuit’s analysis in Bickley.
A few years back, I wrote a post which stated that district courts in the Ninth Circuit were interpreting the FCRA’s “new” statute of limitations in a plaintiff-friendly way.
Since then, courts in other jurisdictions have interpreted the FCRA’s statute of limitations differently, which suggests that it is time for my prior post to be updated. I’m doing the update in three parts: 1) how the old FCRA statute of limitations worked; 2) how it was revised in 2003, and how these revisions led at least some courts to read the statute in a plaintiff-friendly way in 2009 and 2010; and 3) how decisions since then interpreted the “new” (amended in 2003) statute.
Part 3: How recent decisions have interpreted the FCRA’s “new” (amended in 2003) statute of limitations
In parts one and two of this exciting three-part series, I tried to establish that: 1) in 2001, the Supreme Court ruled that the FCRA’s then-current statute of limitations began to run when a defendant violated the FCRA and not when the plaintiff discovered the violation; and 2a) Congress appeared to “un-do” that ruling by making amendments in 2003, which 2b) meant, according to several courts, that it started to run not when the plaintiff knew that the defendant was doing something the plaintiff didn’t like, but when the plaintiff knew that the defendant was violating the FCRA.
Things began to change in 2010 and kept going from there. Let me explain.
First, in 2010 the Supreme Court decided a case that involved the statute of limitations for securities fraud. Merck & Co. v. Reynolds, 559 U.S. 633 (2010). The text of that statute of limitations – 28 U.S.C. Sec. 16858(b) – is identical to the FCRA’s statute of limitations at 15 U.S.C. Sec. 1681p. The Supreme Court held that “‘discovery’ as used in this statute encompasses not only those facts the plaintiff actually knew, but also those facts a reasonably diligent plaintiff would have known. And we evaluate Merck’s claims accordingly.” Id. at 648.
Next, in 2014 the Fifth Circuit applied the Supreme Court’s reasoning in Merck to an FCRA case. Mack v. Equable Ascent Fin., L.L.C., 748 F.3d 663 (5th Cir. 2014). In Mack, the plaintiff claimed that the FCRA’s statute of limitations did not begin to run until he had “become aware of the actual violation of the statutory provision,” which only happened when “he engaged in substantial study and research” of the [FCRA], several months after the plaintiff knew that the defendant had obtained a credit report about him, allegedly without his consent. Id, at 664. The Fifth Circuit rejected that position and cited Merck for the proposition that “a limitations period begins to run when a claimant discovers the facts that give rise to a claim and not when a claimant discovers that those facts constitute a legal violation.” Id. at 665-666.
Finally, a number of courts have followed the Fifth Circuit’s decision in Mack. See, e.g., Rocheleau v. Elder Living Constr., No. 15-1588, 2016 U.S. App. LEXIS 2732, **6-8 (6th Cir. Feb. 18, 2016); Wirt v. Bon-Ton Stores, Inc., No. 1:14-cv-1755, 2015 U.S. Dist. LEXIS 135694, *13 (M.D. Pa. Oct. 1, 2015); Moore v. Rite Aid Hdqtrs Corp., 2015 U.S. Dist. LEXIS 69747, *25 (E.D. Pa. May 29, 2015).
FCRA plaintiffs, and their counsel, may find it hard to square the Supreme Court’s decision in Merck (that the FCRA’s limitations provision begins to run when the plaintiff discovers facts, not law) with the recent history of the FCRA’s limitations period (a prior Supreme Court decision held the same thing, and Congress thereafter amended the FCRA, perhaps to change it). However, unless and until the Supreme Court reverses or changes the decision in Merck (which had no dissents), its holding appears to be binding.
A few years back, I wrote a post which stated that district courts in the Ninth Circuit were interpreting the FCRA’s “new” statute of limitations in a plaintiff-friendly way.
Since then, courts in other jurisdictions have interpreted the FCRA’s statute of limitations differently, which suggests that it is time for my prior post to be updated. I’m going to do the update in three parts: 1) how the old FCRA statute of limitations worked; 2) how it was revised in 2003, and how these revisions led at least some courts to read the statute in a plaintiff-friendly way in 2009 and 2010; and 3) how decisions since then interpreted the “new” (amended in 2003) statute.
Part 2: How the FCRA’s statute of limitations was revised in 2003, and how these revisions led some courts to read the statute in a plaintiff-friendly way in 2009 and 2010
In our last post, we reviewed the Supreme Court’s 2001 reading of the “old” or pre-2003 version of the FCRA’s limitations provision (15 U.S.C. Sec. 1681p). That reading was that, absent special cases involving a defendant’s misrepresentations, the FCRA’s two-year limitations period began to run on the date that the defendant engaged in the act that (allegedly) violated the FCRA, and not when the plaintiff discovered those alleged violations.
In 2003, Congress amended the FCRA’s limitations provision and adopted its current form, which states that FCRA claims must be brought:
(1) 2 years after the date of discovery by the plaintiff of the violation that is the basis for such liability; or(2) 5 years after the date on which the violation that is the basis for such liability occurs.
Equifax does not not explain how, from the information it sent, Plaintiff could discern whether the company’s procedures in ensuring accuracy or reinvestigating her dispute were reasonable, indicating a violation of Secs. 1681e(b) or 1681i.
The Court thus finds the conclusion inescapable that there is a material dispute of fact as to when Plaintiff discovered the alleged violations at issue here.
Id. at 1279.
In my post, I didn’t agree that the Andrews court’s conclusion was “inescapable.” But I did find that if its reasoning were adopted by other courts, then the two-year limitations period would be worthless to defendants, because they would never be able to prove, at summary judgment, that a plaintiff had discovered an alleged FCRA violation.
As it turns out, the Andrews court’s reasoning was not adopted by other courts. More on that in Part 3 of 3.