FCRA Violations Result in $1.8 Million FTC Penalty
The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC’s complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack’s credit reports to decide whether and on what terms to extend credit to their customers.
The FTC Alleged that Teletrack created a marketing database of information that it gathered through its credit reporting business. The company allegedly sold the information to marketers. For example, Teletrack is alleged to have sold lists of consumers who previously sought pay day loans. The buyers sought to use the information to target potential customers. The FTC alleged that these marketing lists were credit reports subject to the FCRA because the reports contained information about consumers' creditworthiness. The FCRA generally prohibits furnishing of credit reports for purposes other than the specific "permissible purposes" set out in the law (e.g., employment or credit eligibility). The FTC charged that in disclosing the information for marketing purposes -- which are not "permissible" under the statute -- Teletrack violated the FCRA.
The FTC Bureau of Consumer Protection Director David Vladeck commented that “the fact that a consumer has applied for a pay day loan is credit report information protected by the FCRA.” “The FCRA says a credit reporting agency like Teletrack can’t sell a consumer’s sensitive credit report information for mere sales pitches,” added Vladeck.
The settlement order requires Teletrack to furnish credit reports only to customers that the company has reason to believe have a permissible FCRA purpose to receive the reports, or as otherwise allowed by the statute. The order also requires Teletrack to pay a civil penalty of $1.8 million and contains reporting and record-keeping requirements to verify the company’s compliance with the decree.
We have documented on our blog the rigorous privacy enforcement that the FTC and other federal agencies (EEOC, HHS, NLRB and SEC) have championed this year. It is fair to say that the FTC has opened yet another front in its privacy enforcement push, seeking to address FCRA compliance. We expect this push to extend beyond traditional consumer reporting agencies. In May of this year, for example, the FTC issued a letter to Social Intelligence Corporation -- an Internet and social media background screening service used by employers in pre-employment background screening -- finding that the company is a consumer reporting agency subject to the FCRA. For companies whose business involves data brokerage, the time is right to consider FCRA compliance.