CFPB says onus on credit screening companies to guard consumer privacy
The Consumer Financial Protection Bureau tightened its restrictions for who can check or see an individual’s credit report, whose reports they’re allowed to access and with whom they share the information.
In a 14-page advisory opinion issued Thursday, the CFPB said the burden is on credit reporting companies and others seeking to run or use a credit report to ensure they have a legally “permissible purpose” for seeking the information, such as employment background checks, landlord screenings and insurance or lending decisions.
“Americans are now subject to round-the-clock surveillance by large commercial firms seeking to monetize their personal data,” CFPB Director Rohit Chopra said in a press release announcing the decision.
The move comes a day after Republican Sen. Pat Toomey decried the CFPB’s ongoing push to rein in what it views as corporate bad actors whose sloppy handling of consumer data harms Americans. “The CFPB is more out of control than ever before,” Toomey said.
In March the CFPB had prompted the three major credit reporting bureaus, Experian, Equifax and TransUnion, to remove a large portion of medical debt from consumers’ credit reports, saying they had contributed unnecessarily to struggles that vulnerable groups like the elderly had with credit.
Chopra said he expected Congress and government agencies to do more to protect consumer privacy and rights, but in the meantime, the CFPB intended to act within its power “to combat misuse and abuse of personal data on background screening and credit reports.”
The agency warned that it was ready to enforce the law of the Fair Credit Reporting Act, which details the parameters of permissible use, against violators who continued to abuse certain loopholes that the ruling is meant to eliminate.
Credit reporting agencies “may not provide a consumer report to a user under FCRA section 604(a)(3) unless it has reason to believe that all of the consumer report information it includes pertains to the consumer who is the subject of the user’s request,” the CFPB said in the filing.
“Any person who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses shall be fined under title 18, United States Code, imprisoned for not more than 2 years, or both,” the law states.
In the past, some companies had availed themselves of certain loopholes that allowed them to to process credit checks without ensuring that the name appearing in a search was in fact the consumer in question, and using data from such credit reports anyway, the CFPB said.
With the new ruling, “It is unlawful to provide credit reports of multiple people as ‘possible matches,’ ” the bureau said in a statement.
Firms had also been allowed to add a “disclaimer” absolving screeners of responsibility for damage to an individual’s reputation from misreporting. “The Bureau notes that disclaimers will not cure a failure to have a reason to believe that a user has a permissible purpose for a consumer report,” the CFPB said in the advisory.
Comments are closed.