In a case of first impression for the U.S. Court of Appeals for the Eleventh Circuit, the Court joined the Sixth Circuit in holding that obtaining a consumer report to verify a consumer’s identity and eligibility for a service is a “legitimate business need” and therefore a “permissible purpose” under the Fair Credit Reporting Act (FCRA).
A copy of the opinion in Domante v. Dish Networks, LLC is available at: Link to Opinion.
In this case, the consumer was previously the victim of identity theft when her personal information was used on several occasions to create accounts with a television provider. Learning of the accounts after they became delinquent, the consumer brought suit against the provider for alleged violations of the FCRA. The lawsuit was settled, with the provider agreeing “to flag [the consumer’s] social security number in order to preclude any persons from attempting to obtain new [provider] services by utilizing [the consumer’s] social security number.”
The present case ensued when the consumer’s personal information was yet again fraudulently used to apply for the provider’s services online. The personal information included the last four digits of the consumer’s Social Security number, her first name and her date of birth. Other information, such as last name, address and telephone number were different from the consumer’s.
As part of an automated process, the provider sent the application information to a consumer reporting agency that returned a consumer report that included the consumer’s full Social Security number. At that point, based on the full Social Security number, the processes put in place pursuant to the settlement agreement prevented the opening of an account. In fact, at the provider’s request, the consumer reporting agency deleted the inquiry from the consumer’s record.
Nevertheless, the consumer filed a lawsuit against the provider alleging the consumer report had been obtained without a “permissible purpose” and that the terms of the settlement agreement had been breached. The trial court granted summary judgment in favor of the provider, finding that it had a “legitimate business need” for obtaining the report and that it fulfilled the terms of the settlement agreement by “flagging” the consumer’s Social Security number. The consumer appealed.
Initially, the Court of Appeals explained that the “FCRA enumerates an exhaustive list of the ‘permissible purposes’ for which a person may use or obtain a consumer report. 15 U.S.C. § 1681b(a)(3) . . . One of those permissible purposes is where a person ‘has a legitimate business need for the information . . . in connection with a business transaction that is initiated by the consumer.’ 15 U.S.C. § 1681b(a)(3)(F)(i).”
The Court noted that it had “never weighed in on what constitutes a ‘legitimate business need’ in connection to a business transaction for FCRA purposes.” However, following the lead of the Sixth Circuit Court of Appeals in Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014), the Eleventh Circuit agreed “that requesting and obtaining a consumer report for verification and eligibility purposes is a ‘legitimate business need’ under the FCRA.”
Here, the consumer argued the provider had no “legitimate business need” because it “either knew or should have known that [she] had not initiated the business transaction because of their prior settlement agreement.” Also, she believed that the provider should have done more to verify her identity before requesting the consumer report.
These arguments did not sway the Court. First, “the FCRA does not explicitly require a user of consumer reports to confirm beyond doubt the identity of potential consumers before requesting a report.” Second, just because the provider “had the mechanisms in place to verify that the scant information provided by the applicant actually belonged to [the consumer] does not necessarily lead to the conclusion that [the provider] suspected (or was able to verify) the same.” Finally, the provider simply didn’t have enough information to act upon until it received the full Social Security number contained in the consumer report.
The breach of contract claim was rejected by the Court since “[t]he only affirmative action [the provider] agreed to take in the settlement agreement was ‘to flag [the consumer’s] social security number,’” which it did.