Skip to main content

Search

Fair Credit Reporting: 9.4.1 Criminal Identity Theft Statutes

Nearly every state has explicitly criminalized identity theft, enacting a special statute to combat this particular violation that does not fit neatly into classic common law categories of offenses.343 A typical statute prohibits a person from obtaining identification information of another person and using it to obtain credit, property, or services without that person’s authorization.

Fair Credit Reporting: 9.4.2 State Civil Laws

While a right of restitution and a private cause of action against the thief satisfy a sense of justice, in all likelihood the thief will be as judgment proof as a stone, and a victim will be able to realize little real reimbursement from that source. Yet where a state statute is primarily designed to impose civil liability on the original identity thief, consumers have not succeeded in extending liability to third-party lenders or similar parties, because they have failed to meet the statutes’ scienter requirements.362

Fair Credit Reporting: 9.4.3.1 Generally

All fifty states have security freeze statutes, which were the single most effective tool to minimize the risk of identity theft.384 In 2018, Congress amended the FCRA to provide for a federal right to a security freeze.385 In doing so, Congress preempted state security freeze provisions, at least to the extent that those state provisions apply to nationwide CRAs.386 What follows is a discussion of state security laws as they applied before Septemb

Fair Credit Reporting: 9.4.3.2 Scope

A typical procedure for a state security freeze requires the consumer to submit a request by certified mail to a CRA, who then has to place the freeze within a specific time of receiving the request, often five business days.390 The agency then has a period, typically five to ten business days, in which to confirm the freeze with the consumer and to provide the consumer with some sort of personal identification number or password that the consumer can use to lift the freeze later.391

Fair Credit Reporting: 9.4.3.3 Cost of a Security Freeze

The state security freeze statutes generally regulate the fees an agency may charge. Many states that formerly charged fees lifted them in the wake of the Equifax data breach.392 Of course, the federal security freeze provision requires that they be free, and preempts any charges imposed by the nationwide CRAs.393

Fair Credit Reporting: 9.4.3.4 Exemptions; Thaws

While the freeze will generally prevent new creditors from viewing the file of the consumer who applies for the freeze, existing creditors are usually exempted from the freeze laws so that they can continue to review a customer’s file for information.400 Government agencies are also typically exempt401 but, since they are less likely to offer quick credit, they may be of less concern.

Fair Credit Reporting: 9.4.4 Child and Foster Youth Identity Theft

Children are uniquely vulnerable to identity theft. Children are attractive targets because they have no credit history, they infrequently (if ever) check their credit reports so chances of detection are low, and the impact to the victim is delayed. One study found that, out of a group of over 40,000 children, more than ten percent had someone else using their Social Security number.414

Fair Credit Reporting: 9.5.1 Overview of FCRA and State Law Claims

A hard fact of life is that many consumers find CRAs and creditors less than helpful when dealing with identity theft, and legal action or the threat of legal action is often needed. Identity theft is one of the leading reasons consumers with bad consumer reports turn to attorneys for assistance. There are many claims that should be considered in an identity theft case.

First, a number of the FACTA amendments’ identity theft provisions are privately enforceable and should be considered, including the following:

Fair Credit Reporting: 9.5.2 Claims Against the Creditor for Violation of a Duty of Care

A creditor who posts a thief’s delinquencies to the victim’s credit record may be liable for failing to use due care in opening the account. By extending credit or providing goods or services to the thief without properly verifying the thief’s identity, the creditor facilitates the conduct that leads to catastrophic consequences to the victim’s credit record.

Fair Credit Reporting: 9.6 Claims to Address When a Data Security Breach Has Put the Consumer at Risk of Identity Theft

The vast majority of states have enacted legislation to require those entities that store personal data about consumers to notify those consumers when the security of the storage system has been breached.456 These statutes may provide a cause of action for a consumer whose data have been stolen.457 Some states regulate the manner in which entities store such data; for example, New Jersey requires health insurance carriers to encrypt their computerized records that contain personal information, o

Fair Credit Reporting: 13.2.1 Overview

A number of different federal agencies are invested with authority to enforce the FCRA, depending on the type and size of the institution that is the target of enforcement, and the type of activities it conducts. The federal agencies that may have enforcement authority include the CFPB, the FTC, the federal prudential bank regulators (such as the OCC and FDIC), and other specialized agencies. In some cases, one agency will have exclusive enforcement authority relative to other federal agencies. In other cases, enforcement authority will be shared by two or more federal agencies.

Fair Credit Reporting: C.1 Introduction

The Fair Credit Reporting Act requires the Consumer Financial Protection Board (CFPB) to develop a number of model forms for credit reporting agencies, users, and furnishers to use. A table of these forms is set forth below. The authority, purpose, and legal effect of these model forms are set forth in 12 C.F.R.

Fair Credit Reporting: C.4 Summary of Consumer Identity Theft Rights

Section 1681g(d) of the FCRA requires the CFPB, in consultation with the federal banking agencies and the National Credit Union Administration, to prepare a model summary of the rights of consumers “with respect to the procedures for remedying the effects of fraud or identity theft.” Consumer reporting agencies must distribute this form to any consumer who “contacts a consumer reporting agency and expresses a belief that the consumer is a victim of fraud or identity theft.”

Fair Credit Reporting: C.5 FTC Identity Theft Affidavit

The FTC developed the ID Theft Affidavit to assist victims who dispute fraudulent debts and accounts opened by an identity thief. The FTC’s ID Theft Affidavit is intended to simplify this process. Instead of completing different forms, consumers can use the ID Theft Affidavit to alert companies when a new account was opened in the identity theft victim’s name. The company can then investigate the fraud and decide the outcome of the consumer’s claim.

Fair Credit Reporting: C.6 Notice of Furnisher Responsibilities

Section 1681e(d)(1) of the FCRA requires that consumer reporting agencies distribute to each person that regularly furnishes information to the agency or that receives information from the agency a notice of the person’s responsibilities under the FCRA. The FCRA requires the CFPB to “prescribe” the content of model notices that can be used to comply with section 1681e(d)(1).

Fair Credit Reporting: Introduction

Many consumers learn of errors in a consumer report only when a creditor or other user informs the consumer that adverse action has been based on a report. Users must also certify to the agency that the user has a permissible purpose for obtaining a consumer report. Some users, including employers, users of investigative consumer reports, users of reports containing medical information, users of prescreened lists, and resellers of credit reports, have additional obligations.

Fair Credit Reporting: I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS

A. Users Must Have a Permissible Purpose

Congress has limited the use of consumer reports to protect consumers’ privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are:

Fair Credit Reporting: II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES

If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk based pricing notice to the consumer in accordance with the regulations prescribed by the CFPB.

Fair Credit Reporting: IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED

Investigative consumer reports are a special type of consumer report in which information about a consumer’s character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following:

Fair Credit Reporting: V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS

Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.