Skip to main content

Search

Fair Credit Reporting: 13.7.5 State Investigatory Powers

Nothing in the FCRA’s provision on state enforcement shall prevent the chief law enforcement officer of a state from exercising the powers to conduct investigations or to administer oaths or affirmations or to compel the attendance of witnesses or the production of documentary and other evidence in connection with any FCRA enforcement action brought by the state.260

Fair Credit Reporting: 13.7.6 Examples of State Enforcement Actions

States have worked together to obtain significant reforms in credit reporting practices on a few occasions. In the early 1990s, following widespread dissatisfaction with the accuracy of information in credit reports and apparent systematic FCRA compliance difficulties, several state attorneys general brought enforcement actions against Equifax, TRW Inc.

Fair Credit Reporting: 18.3.4 Tort of Intrusion

Like the tort of public disclosure of private facts, the tort of intrusion can also apply to the discovery of financial information.62 The tort, also sometimes called “intrusion into seclusion” or “unreasonable intrusion,” creates liability for the intentional intrusion upon another person’s solitude, seclusion, or private affairs in a manner that would be highly offensive to a reasonable person.63 Generally, the intrusion need not be physical; this tort can lead to liability for the unauthorized pr

Fair Credit Reporting: 18.4.1.1 Generally

Title V of the Gramm-Leach-Bliley Act (the GLBA)89 addresses financial institutions’ use of consumers’ “nonpublic personal information.”90 That term is defined to mean any personally identifiable financial information that is provided by the consumer to the financial institution;91 results from any transaction with the consumer or service performed for the consumer; or is otherwise obtained by the financial institution, but which is not “publicly availab

Fair Credit Reporting: 18.4.1.2 Implementation and Enforcement of the Gramm-Leach-Bliley Act: Changes from the Dodd-Frank Act

Prior to the Dodd-Frank Act amendments, the FTC and banking regulators had all issued GLBA regulations that were substantially similar to one another.95 The FTC’s authority to issue the regulations survived a challenge brought by TransUnion, one of the three major CRAs.96 As for agency enforcement actions, the FTC has publicly taken enforcement action under the GLBA,97 and the FRB has taken “formal” enforcement action.

Fair Credit Reporting: 18.4.1.3 “Financial Institutions”—Entities That Must Comply with the Gramm-Leach-Bliley Act

The GLBA applies to “financial institutions.” Whether an entity is a “financial institution” is determined by whether it engages in “financial activities” as that term is defined by the Bank Company Holding Act of 1956.112 That Act describes five different categories of financial activities that cover lending, insuring, financial advising, issuing or selling asset pool instruments, and underwriting securities.113 Under Regulation P, a more restricted definition applies to those entities subject

Fair Credit Reporting: 18.4.1.4 “Customers” and “Consumers”—Those Protected by the Gramm-Leach-Bliley Act

The GLBA protects both “customers” and “consumers.” All customers are consumers, but not all consumers are customers. Customers and consumers are equally protected by the opt-out and nondisclosure provisions of the GLBA and Regulation P.119 The difference is only relevant to whether the institution must provide an initial privacy notice and annual privacy notices to the individual, and turns on the individual’s particular relationship with the financial institution.

Fair Credit Reporting: 18.4.1.5 “Nonpublic Personal Information”—Information Covered by the Gramm-Leach-Bliley Act

The GLBA does not prevent financial institutions from revealing any information that they get from consumers; the only information restricted by the Act is “nonpublic personal information.” Nonpublic personal information is deemed to be personally identifiable financial information that is not publicly available.126 The Act does not define “personally identifiable financial information”; nonetheless, the FTC’s authority to define the term, and to define the term broadly, has been upheld.127 Pres

Fair Credit Reporting: 18.4.1.6.2 Disclosures to affiliates

Though not expressly labeled as an exception, a key feature of the GLBA is that disclosures to an institution’s own affiliate are completely unrestricted by the Act and Regulation P.141 An affiliate is “any company that controls, is controlled by, or is under common control with another company.”142 Thus, private consumer information may flow freely throughout a company’s extended family.

Fair Credit Reporting: 18.4.1.9 Limits on Sharing Account Number Information for Marketing Purposes

The only category of information that the GLBA protects from disclosure outright, without any action on the consumer’s part, is the highly potent information of account numbers and similar forms of access codes. Financial institutions are prohibited from disclosing these numbers or codes to any nonaffiliated third party for marketing use other than to a consumer reporting agency, even if the financial institution has given the consumer a conforming opt-out notice.218

Fair Credit Reporting: 18.4.1.10 The Gramm-Leach-Bliley Act’s Data Safeguard Requirements

The GLBA requires agencies subject to the Act to establish standards “relating to administrative, technical, and physical safeguards” to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to those records, and protect against unauthorized access to those records.224 The banking regulators have issued Interagency Guidelines Establishing Information Security Standards.225

Fair Credit Reporting: 18.4.1.11 Impact on Fair Credit Reporting Act

The GLBA specifically provides that it does not “modify, limit, or supersede the operation of the Fair Credit Reporting Act.”230 The CFPB has issued regulations that recognize that financial institutions will design information-sharing policies to simultaneously comply with the GLBA and the FCRA.231 As is discussed above,232 the GLBA specifically exempts disclosures made to a CRA in accordance with the FCRA, and from a consumer report issued by a C

Fair Credit Reporting: 18.4.1.13 Limited Preemption of State Law

The GLBA expressly preserves the right of states to protect the privacy of consumers’ financial information. The Act provides that it supersedes state laws only to the extent that such laws are inconsistent with the Act,242 and specifically grants states permission to enact greater protections.243

Fair Credit Reporting: 18.4.1.14 Weaknesses of the Gramm-Leach-Bliley Act

While any privacy protection is welcome, the GLBA blocks only a very few of the many channels through which financial institutions distribute consumers’ financial information. This becomes apparent if the focus shifts from what the GLBA prohibits to what it permits. A financial institution can always disclose any consumer financial information to any of its affiliates.

Fair Credit Reporting: 18.4.2.1 Protections Related to Computers and the Internet

The federal Computer Fraud and Abuse Act criminalizes various forms of unauthorized use of federal government and financial institution computers.248 Although the Act prohibits the unauthorized, intentional access of a computer to obtain the records of a financial institution, a card issuer, or a CRA, the Act’s limited private right of action provision provides relief for a violation only in unusual circumstances.249 As a practical matter, such a plaintiff will likely have to show that the acces

Fair Credit Reporting: 18.4.2.2 The Financial Information Privacy Act

The Financial Information Privacy Act imposes criminal penalties on those who obtain customer information from a financial institution by pretext or through the use of an illegitimate document.259 The statute covers both communications with a financial institution’s agents and employees and with a customer of the institution, and further prohibits the solicitation of someone to obtain such information—attempting to reach those who hire the information brokers.260 The statute exempts information

Fair Credit Reporting: 18.4.2.4 The Driver’s Privacy Protection Act

The Driver’s Privacy Protection Act (the “DPPA”)269 restricts state departments of motor vehicles from freely trading the information they gather for motor vehicle licensing purposes. This data often includes name, address, Social Security number, certain medical information, height, weight, date of birth, gender, and photograph.

Fair Credit Reporting: 17.1.1 Nature of Credit Repair Organizations

Financially-troubled consumers are attracted to solicitations from credit repair organizations. These organizations, calling themselves “credit repair” or “credit service” agencies, “credit clinics,” or similar titles, promise consumers that for a fee,1 negative items will be eliminated from a credit history.

Fair Credit Reporting: 17.1.2 Overview of Credit Repair Laws

The federal Credit Repair Organization Act (CROA) was adopted in 1996.14 CROA’s broad definitions and prohibitions make it applicable not just to traditional credit repair organizations, but probably to a wide range of other entities as well.15 It offers a private cause of action with powerful remedies.