Press "Enter" to skip to content

11th Cir. Holds Obtaining Consumer Report for Verification and Eligibility Is a Permissible Purpose

consumer reportIn a case of first impression for the U.S. Court of Appeals for the Eleventh Circuit, the Court joined the Sixth Circuit in holding that obtaining a consumer report to verify a consumer’s identity and eligibility for a service is a “legitimate business need” and therefore a “permissible purpose” under the Fair Credit Reporting Act (FCRA).

A copy of the opinion in Domante v. Dish Networks, LLC is available at:  Link to Opinion.

In this case, the consumer was previously the victim of identity theft when her personal information was used on several occasions to create accounts with a television provider.  Learning of the accounts after they became delinquent, the consumer brought suit against the provider for alleged violations of the FCRA.  The lawsuit was settled, with the provider agreeing “to flag [the consumer’s] social security number in order to preclude any persons from attempting to obtain new [provider] services by utilizing [the consumer’s] social security number.”

The present case ensued when the consumer’s personal information was yet again fraudulently used to apply for the provider’s services online.  The personal information included the last four digits of the consumer’s Social Security number, her first name and her date of birth.  Other information, such as last name, address and telephone number were different from the consumer’s.

As part of an automated process, the provider sent the application information to a consumer reporting agency that returned a consumer report that included the consumer’s full Social Security number.  At that point, based on the full Social Security number, the processes put in place pursuant to the settlement agreement prevented the opening of an account.  In fact, at the provider’s request, the consumer reporting agency deleted the inquiry from the consumer’s record.

Nevertheless, the consumer filed a lawsuit against the provider alleging the consumer report had been obtained without a “permissible purpose” and that the terms of the settlement agreement had been breached.  The trial court granted summary judgment in favor of the provider, finding that it had a “legitimate business need” for obtaining the report and that it fulfilled the terms of the settlement agreement by “flagging” the consumer’s Social Security number.  The consumer appealed.

Initially, the Court of Appeals explained that the “FCRA enumerates an exhaustive list of the ‘permissible purposes’ for which a person may use or obtain a consumer report. 15 U.S.C. § 1681b(a)(3) . . . One of those permissible purposes is where a person ‘has a legitimate business need for the information . . . in connection with a business transaction that is initiated by the consumer.’ 15 U.S.C. § 1681b(a)(3)(F)(i).”

The Court noted that it had “never weighed in on what constitutes a ‘legitimate business need’ in connection to a business transaction for FCRA purposes.”  However, following the lead of the Sixth Circuit Court of Appeals in Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014), the Eleventh Circuit agreed “that requesting and obtaining a consumer report for verification and eligibility purposes is a ‘legitimate business need’ under the FCRA.”

Here, the consumer argued the provider had no “legitimate business need” because it “either knew or should have known that [she] had not initiated the business transaction because of their prior settlement agreement.”  Also, she believed that the provider should have done more to verify her identity before requesting the consumer report.

These arguments did not sway the Court.  First, “the FCRA does not explicitly require a user of consumer reports to confirm beyond doubt the identity of potential consumers before requesting a report.”  Second, just because the provider “had the mechanisms in place to verify that the scant information provided by the applicant actually belonged to [the consumer] does not necessarily lead to the conclusion that [the provider] suspected (or was able to verify) the same.”  Finally, the provider simply didn’t have enough information to act upon until it received the full Social Security number contained in the consumer report.

The breach of contract claim was rejected by the Court since “[t]he only affirmative action [the provider] agreed to take in the settlement agreement was ‘to flag [the consumer’s] social security number,’” which it did.

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.