Pleading and proving the FDCPA’s bona fide error defense

May 6, 2016 Leave a comment

I don’t generally write blog posts about just one case, but I’m going to make an exception this month and discuss Arnold v. Bayview Loan Servicing, LLC, No. 14-cv-0543, 2016 U.S. Dist. LEXIS 10509 (S.D. Ala. Jan. 29, 2016).

In Arnold, the plaintiff alleged that Bayview violated the FDCPA by sending him two mortgage billing statements in December 2013, even though the plaintiff’s debt had been discharged in bankruptcy (September 2012), and even though Bayview foreclosed on plaintiff’s former home (November 2013).  Bayview admitted sending the statements, but it argued that it had not violated the FDCPA because sending them was a “bona fide error,” which if true would be a complete defense to FDCPA liability under 15 U.S.C. § 1692k(c).  Specifically, Bayview argued that when it began to service plaintiff’s mortgage loan, it had coded the loan file in its computer system so as not to send plaintiff any billing statements, but then, following the November 2013 foreclosure, an employee reviewed the file and inadvertently (i.e., she was not told or instructed to do this) changed the code to allow new billing statements to be sent.

I found Arnold to be interesting because it granted a defense motion for summary judgment (which doesn’t happen every day, and which is good news if you’re a defense lawyer like me), and because it made two points about the FDCPA’s bona fide error defense that I think are worth remembering.  They are:


To raise the bona fide error defense, the defendant must include it as an affirmative defense in its initial pleading, and the defendant must plead it with particularity.  Bayview’s initial pleading was an answer that listed a number of affirmative defenses, none of which were pleaded with particularity.  It raised the bona fide error defense by simply stating that “Plaintiff’s individual and class claims are barred by the bona fide error defense pursuant to the FDCPA, 15 U.S.C. § 1692, et seq.”

The court ruled that Bayview’s pleading was insufficient:  it didn’t state the who/what/when/where/why of the bona fide error, so it wasn’t a pleading with particularity.  However, the court held that Bayview’s mistake was a technical one, and it wasn’t willing to preclude Bayview from raising the defense unless plaintiff could show that either:  a) he had challenged the pleading as insufficient within 21 days per Rule 12; or b) he had been deprived of an opportunity to take discovery related to the defense.  Plaintiff could not show either of these things:  he hadn’t moved to strike the pleading per Rule 12, and he had been given information about the defense in discovery (through interrogatory responses and depositions of Bayview personnel).

I think that this was the right result – cases should be won or lost on the merits, and not due to technical mistakes by counsel.  That said, I am going to make a point of trying to plead the bona fide error defense with more particularity in the future.


The Arnold court found that the plaintiff could not and did not challenge the facts of Bayview’s bona fide error defense:  i.e., it was uncontested that Bayview had initially coded plaintiff’s loan in such a way as to prevent any billing statements from being mailed to him, but then an employee had inadvertently changed that code while reviewing his loan post-foreclosure.  Rather, the plaintiff argued that Bayview’s error was that it sent mortgage bills to consumers even after they had their debts discharged through bankruptcy.  In other words, plaintiff’s counsel contended that Bayview should have had a policy in place to never send a billing statement to anyone whose mortgage loan was discharged in bankruptcy.  Because Bayview didn’t do that, counsel contended that its mistake was not a “bona fide error” but rather an intentional error due to a bad internal policy.

The court found for the defendant, and made two points which, again, are worth remembering.  The first point is that “the bona fide error defense does not require a defendant to exhaust all possible means of preventing the specific error. Again, the legal standard is that the defendant “maintain procedures reasonably adapted to avoid readily discoverable errors.”  The second point is that “plaintiff’s fixation on Bayview’s purported practice of billing borrowers whose debts have been discharged is unavailing because that general practice was not the specific error that caused Arnold to receive billing statements. It is undisputed that, during the first ten months that Bayview serviced the loan, Bayview never sent a single monthly billing statement to Arnold [until] a single
Bayview employee made a single processing error that changed the code on Arnold’s loan ….  That is the “specific error” on which the bona fide error defense analysis appropriately centers.”

In short, when a defendant raises a bona fide error defense, defense counsel should focus on the precise mistake that caused the problem, and attempt to show that such mistakes are rare and against company practice.

Categories: Uncategorized

When is a report “in connection with an investigation?”

April 1, 2016 Leave a comment

Last month, I discussed two federal court cases that considered whether a criminal background report that Wells Fargo obtained from First Advantage was a “consumer report” that had to comply with the FCRA.  One court found that the report wasn’t a consumer report; the other found that it was.  In both cases, the question was whether Wells Fargo obtained it “in connection with an investigation of … compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.”  15 U.S.C. Sec. 1681a(y).  Reports that fall within that definition are not “consumer reports” and are not subject to (most) other provisions in the FCRA.

As I pointed out last month, the Martin court in Minnesota held that because Wells Fargo obtained its reports to comply with its obligations under two federal laws (FIRREA and the SAFE Act), the report fell within the Sec. 1681a(y) exception to the FCRA. But the Manuel court in Virginia held that, to the contrary, reading Sec. 1681a(y) that way would essentially mean that Wells Fargo never had to comply with the FCRA – and the court was unwilling  to take that position.

This month, I thought I would mention two other points that other courts have made about Sec. 1681a(y).  Neither of them resolves the conflict between Martin and Manuel; if anything, they indicate that the issue is a complex one, which no one court has yet definitively considered or decided.

First, some courts have held (as the Martin court itself did) that if an employer or a background screening agency wants to argue that its reports are not regulated by the FCRA because they fall within the exception at Sec. 1681a(y), that’s fine, but it needs to be done on a factual record at the summary judgment stage, and not at the motion to dismiss stage.  Simply saying that “I’m the kind of institution that has to comply with federal law, so my reports are exempt from FCRA” – which is essentially what a defendant would do at the motion to dismiss stage – is not good enough for these courts.

See Freckleton v. Target Corp., 81 F. Supp. 3d 473 (D. Md. 2015) (denying motion to dismiss, and stating that “Target was not running the check to be compliant with state or federal regulations. Cf. Martin … (if Wells Fargo ran background checks to be compliant with the SAFE Act then the exclusion would apply; however, this was a question of fact inappropriate for a motion to dismiss)”); Rawlings v. ADS Alliance Data Sys., 2015 U.S. Dist. LEXIS 81055 (W.D. Mo. June 23, 2015) (denying motion to dismiss and stating that “[If] background checks are excluded based on its need to comply with federal banking law, the record must be developed to so demonstrate … Martin is distinguishable inasmuch as Martin was resolved on a summary judgment record”).

From a defendant’s perspective, this is annoying – it should be obvious that some employers have to get criminal record reports under some laws (banks under federal law, or perhaps schools under state law), and the litigation cost of preparing a full factual record is not trivial.  But I think defendants can live with this.  Indeed, if the Manuel court had known the details of Wells Fargo’s compliance program, the result in that class action case might have been different.

Second, the Manuel court had stated that for Sec. 1681a(y) to apply, a report had to be obtained “in connection with” some larger investigation; a report that was pulled merely as a matter of routine compliance (and without any additional inquiry or investigation) did not fall within the Sec. 1681a(y) provision.

One court has followed up on that point by suggesting that one can tell whether a report is part of a larger investigation by asking whether the employer, before it pulled a background report, had some reason to believe that the employee or job applicant had violated the law – if yes, then there is a larger investigation and Sec. 1681a(y) applies; if no, then the report is subject to the FCRA.  See Freckleton, 81 F. Supp. 3d at 481 n.11 (citing Mattiaccio v. DHA Grp., 21 F. Supp. 3d 15, 2014 WL 717780, at *3 (D.D.C. 2014) (whether employer gathered information “in connection with an investigation of . . . suspected misconduct” depended on whether the employer made the request after “receiv[ing] information indicating that [the] Plaintiff had previously been convicted of perjury” or in retaliation for a complaint); Russell v. Shelter Fin. Servs., 604 F. Supp. 201, 202-03 (W.D. Mo. 1984) (finding that report was not “in connection with” an employment decision under Sec. 1681a(h) if the subject of the report resigned before the report was pulled)).

I question whether the statutory phrase “in connection with an investigation” necessarily means “because of an investigation,” “as part of an investigation,” or “due to an investigation” – which is how the Manuel, Mattiaccio and Freckleton courts seem to read it.  If I go to a restaurant to get some pizzas for a party, and I buy a hoagie as well, one  could say that I bought the hoagie “in connection with” my purchase of the pizzas, even though I bought everything at the same time.  Also, a review of “in connection with” at suggests that the phrase means “about,” as opposed to “before.”


Categories: Uncategorized

When is a report not a “consumer report?” When it’s for the banking industry. Maybe.

March 4, 2016 Leave a comment

This month’s post will comment on the FCRA’s provision at 15 U.S.C. Sec. 1681a(y), which says that a report is not a “consumer report” (and thus not subject to FCRA liability) if it “is made to an employer in connection with an investigation of— (i) suspected misconduct relating to employment; or (ii) compliance with Federal, State, or local laws and regulations, the rules of a self-regulatory organization, or any preexisting written policies of the employer.”

Federal law requires banks to check the criminal backgrounds of their employees.  Two separate statutes – FIRREA and the SAFE Act – both tell banks not to employ certain employees if they have been “involved” in a “dishonesty crime.”  I put those words in quotes because the statutes provide fairly lengthy and convoluted definitions of what it means to be involved in a dishonesty crime.  For present purposes, the important thing is that a person is “involved” in such a crime if he was either:  a) convicted of it; or b) sentenced pursuant to a pretrial diversion program (e.g., pled guilty per a deal that there would be no jail time, and the charge would be dismissed if he completed probation without incident).  This is important because normally, a consumer report cannot contain arrest records that are more than seven (7) years old.  15 U.S.C. Sec. 1681c(a)(5).  But here, the banks have to look at arrest records, to assess whether a person went through a pretrial diversion program.

This background presents the following question:  if a bank, in its effort to comply with FIRREA and the SAFE Act, contracts with a background screening company to obtain special reports that will contain any arrest records, even ones that normally could not be reported per Sec. 1681c(a)(5), are those reports “consumer reports?”  Or are they excluded per the exception at Sec. 1681a(y)?

Two federal courts (at least) have answered this question in two different ways.  The District of Minnesota held that such reports are NOT consumer reports in Martin v. First Advantage Background Servs. Corp., 2014 U.S. Dist. LEXIS 41098 (D. Minn. Mar. 26, 2014).  The Eastern District of Virginia held that such reports ARE consumer reports in Manuel v. Wells Fargo Bank, 123 F. Supp. 3d 810 (E.D. Va. 2015).  Full disclosure:  I was the defense lawyer in Martin.  Notably, both cases involved the reports that Wells Fargo (a bank) obtained from First Advantage (a background reporting company).

In Martin, First Advantage presented evidence that Wells Fargo asked it to create reports that were designed to comply with FIRREA and the SAFE Act (by including arrest records that would otherwise be precluded in a consumer report), and that these reports were not “consumer reports” because they were created and obtained “in connection with an investigation of … compliance with Federal, State, or local laws and regulations” under Sec. 1681a(y).  The Court agreed.

In Manuel, Wells Fargo argued that it was not required to have job applicants sign special FCRA-compliant consent forms before it pulled reports on them from First Advantage, because the First Advantage reports were not “consumer reports” per Martin.  The court disagreed on multiple grounds, two of which seem especially salient:  a) the provision in Sec. 1681a(y) refers to a report “in connection with an investigation,” and Wells Fargo conducted no larger investigation (it just ordered the report); and b) “the exception would swallow the rule with respect to employment uses of background checks under the FCRA, because there are a number of federal, state, and local laws excluding certain individuals from certain types of employment” (i.e., every report that Wells Fargo pulled would be exempt from the FCRA).

Both courts wrote reasonable and thoughtful opinions:  you can see the merits of each position when you read them.  Ultimately, though, I wonder if the Manuel court considered – or if Wells Fargo’s lawyers asked it to consider – the flip side of its argument.

The Manuel court was obviously worried about the repercussions of saying that criminal background reports in the banking industry are not subject to the FCRA:  the FCRA is a consumer-protection statute, and it would seem odd to exclude a huge group of consumers (people who want to work for banks) from its protections.  I get that.

But consider the flip side.  Under FIRREA and the SAFE Act, banks MUST obtain and review arrest records that normally cannot be reported under Sec.  1681c(a)(5).  If the reports that the banks pull have arrest records in them, then those reports automatically violate the FCRA.  That leaves the banks in an impossible position:  if they don’t review arrest records, they violate FIRREA and the SAFE Act, but if they do review arrest records, they violate the FCRA.  It seems reasonable to me to construe Sec. 1681a(y) as Congress’s answer to this difficulty:  it allows banks to get the records they need under FIRREA and the SAFE Act, without having to worry that they will violate the FCRA in the process.

If Wells Fargo raised this issue to the Manuel court, there is no mention of it in the opinion.  Lawyers in future cases might do well to make it.



Categories: Uncategorized

When is a report not a “consumer report?” When it’s only used to prevent identity theft.

February 5, 2016 Leave a comment

This month’s post will be about a 2014 case that recently caught my eye:  Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014).  The gist of the case is that somebody stole plaintiff Greg Bickley’s social security number, called a Dish retailer, and tried to open a satellite TV contract, using the stolen SSN.  (The identity thief cleverly identified herself on the phone as “Gregina Dickley”).  The retailer pulled reports from Trans Union, Equifax, and Experian to find out whether the caller’s name (“Gregina Dickley”) matched the social security number that she provided.  All three said that no, it didn’t, so the identity thief was foiled.  

The lawsuit came about when Mr. Bickley saw (on a later credit report) that Dish had pulled a report about him.  He didn’t remember allowing Dish to do that, so he filed suit, alleging that Dish violated the FCRA’s permissible purpose provision, at 15 U.S.C. Sec. 1681b.  Dish ultimately prevailed:  the district court held, and the Sixth Circuit affirmed, that it was okay, even laudable, for a business to try and thwart identity theft by pulling reports from the bureaus (as Dish’s retailer had done).  Dish’s retailer had a permissible purpose to pull a report to thwart theft, so there was no FCRA violation.

That’s background; it’s not why I’m writing this post.  I am writing this post because in getting to the final holding, the Sixth Circuit asked whether the kind of report that Dish’s retailer pulled was in fact a “consumer report.” If it was, then Bickley could claim that Dish violated the FCRA.  If it wasn’t, he couldn’t.  Here’s what the Sixth Circuit said:

The [Dish retailer] inputted Dickley’s name and social security number into an interface that connects to three credit reporting agencies: Equifax,  Click for Enhanced Coverage Linking SearchesExperian, and TransUnion.  The agencies followed a “waterfall” process as they attempted to cross-verify that the information matched. The basic process was as follows: the first agency assessed whether the social security number corresponded to the consumer’s name. If a match was found, in this instance by Equifax,  it would inform American Satellite that the person was “Approved;” but if the search revealed a “Declined No Hit” response, Equifax  Click for Enhanced Coverage Linking Searcheswould send the consumer’s information to a second agency, Experian, to run the information through a similar cross-verification process. If this second search also returned a “Declined No Hit” response, Experian would forward the information to a third credit agency, TransUnion,  Click for Enhanced Coverage Linking Searcheswhich would run the information through its databases. If TransUnion  Click for Enhanced Coverage Linking Searchesalso returned a “Declined No Hit” response, it would forward this final determination to the requesting company….

Bickley contests the district court’s determination that Dish did not receive a “consumer report”…..

[While] the credit inquiries resulting in a “Declined No Hit” response (1 & 2) and [] the ambiguously termed “Header Information” (3) are not “consumer reports,” the Decision Detail Report (4) appears to be a consumer report. Both parties acknowledge that the Decision Detail Report contains an “Echostar Risk” number, which is “based on the number of consumer initiated inquiries in the past 12 months, length of time bank revolving accounts have been opened, length of time accounts have been opened, and the percent of accounts opened in the past 24 months versus total accounts reported in the past 12 months.” R. 42-2, Decision Detail Report, PageID # 471. The Echostar Risk number clearly has bearing on a consumer’s credit worthiness, and therefore is a “consumer report” as defined under 15 U.S.C. Sec. 1681a(d)(5).

Taken altogether, there is sufficient evidence for a rational trier of fact to find that there was a “consumer report” within the meaning of the statute, meaning that Bickley has satisfied the first element of his claim for improper use of a credit report.

Why is this interesting to me?  Because it suggests that end users (like Dish’s retailer) and consumer reporting agencies (like the bureaus and others) could create a special “identity theft prevention report” that would not be a “consumer report” and would not subject the end user or the agencies to any potential FCRA liability.  It appears that here, Dish’s retailer ordered a kind of “combined report”: it had an identity-theft component (the “waterfall” that checked to see whether a person’s name matched the social security number that he provided), and it also had a traditional credit component (the “Echostar Risk number” that provided some detail on the person’s credit history).  The Sixth Circuit held that this “combined report” was subject to the FCRA, because of the credit history component.

However, there is no reason why an end user would need to order a combined report:  it might well ask for (or be provided with) an opportunity to run the “identity theft prevention report” first, which, if and only if it came back showing no sign of identity theft, would be followed (perhaps automatically) by a full credit report.

Structuring the report in this way would require some work, and given the costs and the (low?) risk of FCRA liability, the companies that sell and use these reports might decide not to bother.

But how low is the risk of FCRA liability, really?  Suppose that a consumer calls a creditor himself to try and open the account; the creditor pulls a combined report to assess identity theft, and the creditor turns the consumer down because the report says (incorrectly) that the consumer is not who he claims to be.  In a situation like that, the consumer would have grounds to sue under the FCRA, because:  a) the combined report is a consumer report and thus subject to the FCRA; and b) the consumer has arguably suffered some harm.

The hypothetical that I’ve just given is probably not uncommon, at least in a country that generates millions of credit inquiries each day.  It might very well make sense for some agencies – especially agencies that are not Experian, Equifax, and Trans Union, but who do have the capacity to cross-check a name and/or date of birth against a social security number – to limit their reports to just that kind of cross-checking.  Doing so would likely avoid any risk of FCRA liability, at least under the Sixth Circuit’s analysis in Bickley.


Categories: Uncategorized

The FCRA’s statute of limitations: an update (Part 3 of 3)

January 8, 2016 1 comment

A few years back, I wrote a post which stated that district courts in the Ninth Circuit were interpreting the FCRA’s “new” statute of limitations in a plaintiff-friendly way.

Since then, courts in other jurisdictions have interpreted the FCRA’s statute of limitations differently, which suggests that it is time for my prior post to be updated.  I’m doing the update in three parts:  1) how the old FCRA statute of limitations worked; 2) how it was revised in 2003, and how these revisions led at least some courts to read the statute in a plaintiff-friendly way in 2009 and 2010; and 3) how decisions since then interpreted the “new” (amended in 2003) statute.

Part 3:  How recent decisions have interpreted the FCRA’s “new” (amended in 2003) statute of limitations

In parts one and two of this exciting three-part series, I tried to establish that: 1) in 2001, the Supreme Court ruled that the FCRA’s then-current statute of limitations began to run when a defendant violated the FCRA and not when the plaintiff discovered the violation; and 2a) Congress appeared to “un-do” that ruling by making amendments in 2003, which 2b) meant, according to several courts, that it started to run not when the plaintiff knew that the defendant was doing something the plaintiff didn’t like, but when the plaintiff knew that the defendant was violating the FCRA.

Things began to change in 2010 and kept going from there.  Let me explain.

First, in 2010 the Supreme Court decided a case that involved the statute of limitations for securities fraud.  Merck & Co. v. Reynolds, 559 U.S. 633 (2010).  The text of that statute of limitations – 28 U.S.C. Sec. 16858(b) – is identical to the FCRA’s statute of limitations at 15 U.S.C. Sec. 1681p.  The Supreme Court held that “‘discovery’ as used in this statute encompasses not only those facts the plaintiff actually knew, but also those facts a reasonably diligent plaintiff would have known. And we evaluate Merck’s claims accordingly.”  Id. at 648.

Next, in 2014 the Fifth Circuit applied the Supreme Court’s reasoning in Merck to an FCRA case.  Mack v. Equable Ascent Fin., L.L.C., 748 F.3d 663 (5th Cir. 2014).  In Mack, the plaintiff claimed that the FCRA’s statute of limitations did not begin to run until he had “become aware of the actual violation of the statutory provision,” which only happened when “he engaged in substantial study and research” of the [FCRA], several months after the plaintiff knew that the defendant had obtained a credit report about him, allegedly without his consent.  Id, at 664.  The Fifth Circuit rejected that position and cited Merck for the proposition that “a limitations period begins to run when a claimant discovers the facts that give rise to a claim and not when a claimant discovers that those facts constitute a legal violation.”  Id. at 665-666.

Finally, a number of courts have followed the Fifth Circuit’s decision in Mack.  See, e.g.Rocheleau v. Elder Living Constr., No. 15-1588, 2016 U.S. App. LEXIS 2732, **6-8 (6th Cir. Feb. 18, 2016); Wirt v. Bon-Ton Stores, Inc., No. 1:14-cv-1755, 2015 U.S. Dist. LEXIS 135694, *13 (M.D. Pa. Oct. 1, 2015); Moore v. Rite Aid Hdqtrs Corp., 2015 U.S. Dist. LEXIS 69747, *25 (E.D. Pa. May 29, 2015).

FCRA plaintiffs, and their counsel, may find it hard to square the Supreme Court’s decision in Merck (that the FCRA’s limitations provision begins to run when the plaintiff discovers facts, not law) with the recent history of the FCRA’s limitations period (a prior Supreme Court decision held the same thing, and Congress thereafter amended the FCRA, perhaps to change it).  However, unless and until the Supreme Court reverses or changes the decision in Merck (which had no dissents), its holding appears to be binding.


Categories: Uncategorized

The FCRA’s statute of limitations: an update (Part 2 of 3)

December 4, 2015 1 comment

A few years back, I wrote a post which stated that district courts in the Ninth Circuit were interpreting the FCRA’s “new” statute of limitations in a plaintiff-friendly way.

Since then, courts in other jurisdictions have interpreted the FCRA’s statute of limitations differently, which suggests that it is time for my prior post to be updated.  I’m going to do the update in three parts:  1) how the old FCRA statute of limitations worked; 2) how it was revised in 2003, and how these revisions led at least some courts to read the statute in a plaintiff-friendly way in 2009 and 2010; and 3) how decisions since then interpreted the “new” (amended in 2003) statute.

Part 2:  How the FCRA’s statute of limitations was revised in 2003, and how these revisions led some courts to read the statute in a plaintiff-friendly way in 2009 and 2010

In our last post, we reviewed the Supreme Court’s 2001 reading of the “old” or pre-2003 version of the FCRA’s limitations provision (15 U.S.C. Sec. 1681p).  That reading was that, absent special cases involving a defendant’s misrepresentations, the FCRA’s two-year limitations period began to run on the date that the defendant engaged in the act that (allegedly) violated the FCRA, and not when the plaintiff discovered those alleged violations.

In 2003, Congress amended the FCRA’s limitations provision and adopted its current form, which states that FCRA claims must be brought:

(1)  2 years after the date of discovery by the plaintiff of the violation that is the basis for such liability; or
(2) 5 years after the date on which the violation that is the basis for such liability occurs.
On first glance, and knowing the history, you might read this and think that Congress’s 2003 amendment was intended to un-do the Supreme Court’s 2001 interpretation of the FCRA’s limitations provision.
One court, in a decision that inspired the prior blog post that I am updating here, stated that “Indisputably, the plain language of the statute now turns upon the date that a plaintiff acquires knowledge of the alleged violation–not the date of the alleged violation itself.”  Andrews v. Equifax Info. Servs. LLC, 700 F. Supp. 2d 1276, 1278 (W.D. Wash. 2010).
The Andrews court surveyed the limited precedent discussing the “new” version of 1681p and tried to apply it to a case where:  i) the plaintiff disputed information with Equifax in 2004 and 2005; ii) was denied credit in 2006; but iii) did not file suit until 2008.  Equifax contended that the events of 2004-2006 all triggered the statute to start running; plaintiff contended otherwise.  The court found that:
Equifax does not not explain how, from the information it sent, Plaintiff could discern whether the company’s procedures in ensuring accuracy or reinvestigating her dispute were reasonable, indicating a violation of Secs. 1681e(b) or 1681i.
such that
The Court thus finds the conclusion inescapable that there is a material dispute of fact as to when Plaintiff discovered the alleged violations at issue here.

Id. at 1279.

In my post, I didn’t agree that the Andrews court’s conclusion was “inescapable.”  But I did find that if its reasoning were adopted by other courts, then the two-year limitations period would be worthless to defendants, because they would never be able to prove, at summary judgment, that a plaintiff had discovered an alleged FCRA violation.

As it turns out, the Andrews court’s reasoning was not adopted by other courts.  More on that in Part 3 of 3.


Categories: Uncategorized

The FCRA’s statute of limitations: an update (Part 1 of 3)

November 6, 2015 1 comment

A few years back, I wrote a post which stated that district courts in the Ninth Circuit were interpreting the FCRA’s “new” statute of limitations in a plaintiff-friendly way.

Since then, courts in other jurisdictions have interpreted the FCRA’s statute of limitations differently, which suggests that it is time for my prior post to be updated.  I’m going to do the update in three parts:  1) how the old FCRA statute of limitations worked; 2) how it was revised in 2003, and how these revisions led at least some courts to read the statute in a plaintiff-friendly way in 2009 and 2010; and 3) how decisions since then interpreted the “new” (amended in 2003) statute.

Part I:  How the old FCRA statute of limitations worked.

Prior to 2003, the FCRA’s statute of limitations provision at 15 U.S.C. Sec. 1681p stated that:

An action to enforce any liability created under [the Act] may be brought . . . within two years from the date on which the liability arises, except that where a defendant has materially and willfully misrepresented any information required under [the Act] to be disclosed to an individual and the information so misrepresented is material to the establishment of the defendant’s liability to that individual under [the Act], the action may be brought at any time within two years after discovery by the individual of the misrepresentation.

That version of the statute said that plaintiffs typically had to file an FCRA lawsuit “within two years from the date on which the liability arises.”  The Supreme Court addressed that version of the statute in TRW Inc. v. Andrews, 534 U.S. 19 (2001).

In Andrews, the plaintiff contended that Experian (then known as TRW) provided credit reports about her to four lenders; that Experian did this when it knew or should have known that an impostor was using her social security number, last name, and first initial to apply for credit from those lenders; and that Experian thus violated the FCRA’s anti-identity theft provision at Sec. 1681e(a).  Experian’s reports were created on four separate occasions (July 25, 1994; September 27, 1994; October 28, 1994; January 3, 1995); the plaintiff discovered this on May 31, 1995; and she filed suit on “October 21, 1996, almost 17 months after she discovered the Impostor’s fraudulent conduct and more than two years after TRW’s first two disclosures.”  Id. at 24-25.

The question presented was whether the FCRA’s two-year statute of limitations began to run on the date of each report (in which case her claims as to the first two reports were time-barred) or on the date that she discovered what had happened (in which case her claims were timely as to all four reports).

The Supreme Court took the case because the Ninth Circuit had answered the question one way, and the Third, Seventh, Tenth, and Eleventh Circuits had answered it another way.  Predictably, the Supreme Court found that the Ninth Circuit’s interpretation was wrong.

The Ninth Circuit “appl[ied] what it considered to be the ‘general federal rule . . . that a federal statute of limitations begins to run when a party knows or has reason to know that she was injured.'”  Id. at 26.  The Supreme Court disagreed that any such rule applied to the FCRA, because “The most natural reading of Sec. 1681p is that Congress implicitly excluded a general discovery rule by explicitly including a more limited one.”  Id. at 28.  Specifically:

[I]ncorporating a general discovery rule into Sec. 1681p would not merely supplement the explicit exception contrary to Congress’ apparent intent; it would in practical effect render that exception entirely superfluous in all but the most unusual circumstances. A consumer will generally not discover the tortious conduct alleged here — the improper disclosure of her credit history to a potential user — until she requests her file from a credit reporting agency. If the agency responds by concealing the offending disclosure, both a generally applicable discovery rule and the misrepresentation exception would operate to toll the statute of limitations until the concealment is revealed. Once triggered, the statute of limitations would run under either for two years from the discovery date. In this paradigmatic setting, then, the misrepresentation exception would have no work to do.

Id. at 29.

In summary, under the “old” or pre-2003 version of the FCRA’s statute of limitations, the two-year period for FCRA claims began to run on the date that a defendant engaged in some conduct that violated the FCRA.  The only exception to this was when a defendant “materially and willfully misrepresented” information that:  1) it was obligated to provide to plaintiff; and 2) would have put plaintiff on notice that the defendant had violated the FCRA.


Categories: Uncategorized