Laws & Notices
The Fair Credit Reporting Act (“FCRA”) became effective on April 25, 1971. The FCRA is a group of acts contained in the Federal Consumer Credit Protection act, such as the Truth in Lending Act and the Fair Debt Collection Practices Act.
Congress substantively amended the FCRA upon the passage of the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”). The FACT Act created many new responsibilities for consumer reporting agencies and users of consumer reports. It contained many new consumer disclosure requirements as well as provisions to address identity theft. In addition, it provided free annual consumer report rights for consumers and improved access to consumer report information to help increase the accuracy of data in the consumer reporting system.
The identity theft rights summary includes the identity theft rights granted to consumers by FACTA, including the right to place fraud alerts on their credit reports, to block businesses and credit bureaus from reporting information in their credit files that is a result of identity theft, and to obtain from businesses information about accounts or transactions in their name that result from identity theft. The identity theft rights summary will be provided by consumer reporting companies to consumers who contact the agencies because they believe they are victims of fraud or identity theft.
The general consumer rights summary includes, among other things, consumers' right to see their credit files and know when they have been used against them, to correct inaccuracies, and to opt-out of unsolicited offers. The summary also notes that, in addition to identity theft victims, active-duty military personnel have additional rights under the FCRA and FACTA. This general summary of rights updates the current summary, which credit reporting companies provide to consumers with their credit reports. The furnisher and user notices explain to businesses their duties under the FCRA.
The FCRA contains significant responsibilities for business entities that are consumer reporting agencies and lesser responsibilities for those that are not. Generally, financial institutions are not consumer reporting agencies.
In addition to the requirements related to financial institutions acting as consumer reporting agencies, FCRA requirements also apply to financial institutions that operate in any of the following capacities:
-
Procurers and users of information (for example, as credit grantors, purchasers of dealer paper, or when opening deposit accounts).
-
Furnishers and transmitters of information (by reporting information to consumer reporting agencies, other third parties, or to affiliates).
-
Marketers of credit or insurance products.
-
Employers.
Financial institutions are subject to a number of different requirements under the FCRA. The statute contains some of the requirements, while others are in regulations issued jointly by the FFIEC agencies or in regulations issued by the Federal Reserve Board and/or the Federal Trade Commission.
The Dodd-Frank Act granted rulemaking authority under the FCRA (except for §615(e) (identity theft) and §628 (disposal)) to the Consumer Financial Protection Bureau (“CFPB”) and, with respect to entities under its jurisdiction, granted authority to the CFPB to supervise for and enforce compliance with the provisions of the FCRA and the implementing regulations.
The CFPB structured the examination procedures as a series of modules, grouping similar requirements together. The modules contain general information about each of the requirements:
-
Module 1 Obtaining Consumer Reports.
-
Module 2 Obtaining Information and Sharing Among Affiliates.
-
Module 3 Disclosures to Consumers and Miscellaneous Requirements.
-
Module 4 Financial Institutions as Furnishers of Information.
-
Module 5 Consumer Alerts and Identity Theft Protections.
-
FCRA
https://www.ftc.gov/system/files/ftc_gov/pdf/fcra-may2023-508.pdf
-
Summaries of Rights and Notices of Duties Under the FCRA and FACT Act: Publication of Final Guidance on Model Disclosures
Summaries of Rights and Notices of Duties Under FCRA and FACTA.pdf
-
CFPB
-
CFPB Regulations
-
CFPB and the FCRA
http://www.consumerfinance.gov/policy-compliance/guidance/supervision-examinations/
-
The CFPB required that the standard FCRA notices that refer to the FTC must be updated by Jan. 1, 2013 to reflect the role of the CFPB under the FCRA. Part 1022 of the Code of Federal Regulations:
https://www.federalregister.gov/articles/2011/12/21/2011-31728/fair-credit-reporting-regulation-v
-
Appendix I to Part 1022—Summary of Consumer Identity Theft Rights
-
Appendix I to Part 1022—Summary of Consumer Identity Theft Rights (Spanish)
Syntrove - Summary of Consumer Identity Theft Rights (Spanish).pdf
-
Syntrove - Summary of Consumer Rights (Spanish)
-
Appendix K to Part 1022—Summary of Consumer Rights
-
Appendix M to Part 1022—Notice of Furnisher Responsibilities
-
Appendix N to Part 1022—Notice of User Responsibilities
-
GLBA
-
DPPA
-
ADA
-
ECOA
-
TILA https://www.fdic.gov/regulations/compliance/manual/5/V-1.1.pdf
-
Credit Reports for Collections Notice: New limitation on “permissible purpose” and use of Credit Reports for collections of delinquent child support, judgments, fines, liens, and medical debts Syntrove - Credit Reports for Collections Notice.pdf
-
CCPA - HIPAA Amendment CCPA-HIPAA Amendment.pdf
-
Syntrove - Data Broker Registry Under CCPA (CRA Exceptions) Syntrove Data Broker Registry Under-CCPA (CRA Exceptions).pdf
-
California Employment Screening – Use of Credit Reports Syntrove - California Use of Credit Reports for Employment Purposes.pdf
-
California Consumer Privacy Act of 2018 ("CCPA") Syntrove - California Consumer Privacy Act of 2018.pdf
-
California Consumer Privacy Act of 2020 ("CPRA") Syntrove - California Consumer Privacy Act of 2020-CPRA.pdf
-
Syntrove– Virginia Consumer Data Protection Act ("VCDPA")
Syntrove – Virginia Consumer Data Protection Act ("VCDPA").pdf
-
Syntrove – Colorado Privacy Act ("CPA") Syntrove– Colorado Privacy Act ("CPA").pdf
-
Syntrove - Utah Consumer Privacy Act ("UCPA") Syntrove- Utah Consumer Privacy Act (UCPA).pdf
-
Syntrove– Connecticut Data Privacy Act ("CTDPA") Syntrove– Connecticut Data Privacy Act ("CTDPA").pdf
-
Syntrove- UDAAP Procedure Syntrove-UDAAP-Procedure.pdf
-
New York City Credit Report Restrictions & FADV Cybersecurity Survey New York City - Restricts Requests or Use of Credit Reports for Employment.pdf
-
State Laws Limiting Use of Credit Information For Employment Syntrove-State-Laws-Limiting-Use-of-Credit-Information-For-Employment.pdf
-
Syntrove - I-9 Employment Eligibility Verification Form Form-I-9-Paper-Version-11-14-16-.pdf
-
Syntrove - I-9 New Employment Eligibility Verification Form Syntrove -New-Form-I-9-Employment-Eligibility-Verification-12-12-16-.pdf
-
Syntrove - I-9 Employment Eligibility Verification Instructions Form-I-9-Instructions-11-14-16-.pdf
-
Syntrove- Colorado Affirmation Form For Employment Repealed Syntrove-Colorado-Affirmation-Form-For-Employment-Repealed.pdf
-
Syntrove - Military Act Lending Compliance Syntrove- Military Act Lending Compliance.pdf
-
Syntrove- Credit Reports for Collections Notice Syntrove - Credit Reports for Collections Notice.pdf
-
Landlords Property Managers the ADA Landlords-Property-Managers-the-ADA-12-08-16-.pdf
-
New York City Salary History Inquiry Law Syntrove New-York-City-Salary-History-Inquiry-Law-05-19-17.pdf
-
New York Shield Act Syntrove - -NY-SHIELD-Act-03-19-20.pdf
-
EU – U.S. Privacy Shield Invalidated EU-US-Privacy-Shield-Invalidated-0920.pdf
-
Final Rule on Consumer Disclosures related to Debt Collection Final-Rule-on-Consumer-Disclosures-related-to-Debt-Collection.pdf
In October 2016, the Federal Trade Commission (“FTC”) issued guidance applicable to background screening companies and landlords who engage in tenant screening. The FTC highlights four key responsibilities of such background screening companies (considered consumer reporting agencies) covered by the Fair Credit Reporting Act (“FCRA”), specifically:
-
“Follow reasonable procedures to ensure accuracy
-
Get certifications from your clients.
-
Provide your clients with information about the FCRA.
-
Honor the rights of applicants and tenants.”
The FTC opines on what “reasonable procedures to ensure accuracy” are (and those should be read to apply to employment screening as well). The FTC maintains: “certain practices may be indicators that a background screening company isn’t following reasonable procedures. For example, if a report lists criminal convictions for people other than the applicant or tenant – for instance, a person with a middle name or date of birth different from the applicant’s – that raises FCRA compliance concerns. Other examples that raise FCRA compliance concerns include screening reports with multiple entries for the same offense or that list criminal records that have been expunged or otherwise sealed. Another indication that a company’s procedures might not be reasonable are reports that list housing court actions, but do not include the outcome of the action – for instance, that a case was resolved in the tenant’s favor.”
Background screeners should also note that the FTC calls out reports with multiple entries for the same offense, the reporting of expunged or sealed records, reports with no dispositions, and finally, the failure to use a middle name to ensure accuracy.
Please see the following materials from the FTC:
-
Screening Tenants New FTC Guidance
-
What Tenant Background Screening Companies Need to Know About the Fair Credit Reporting Act
what-tenant-background-screening-companies-need-know-about-fair.pdf
-
Using Consumer Reports What Landlords Need to Know
Employers - Criminal Background Check Policy
Employers should be aware that in 2012 guidance on the use of criminal history records in employment, the Equal Employment Opportunity Commission made clear that blanket prohibitions on employment based on criminal history are frowned upon due to the potential for discrimination.
A federal district court judge recently granted class certification in litigation against the Washington Metropolitan Area Transit Authority (WMATA) challenging WMATA’s criminal background check policy. The case is Little et al. v. Washington Metro Area Transit Authority et al., filed in U.S. District Court in the District of Columbia in 2014. The claim being that WMATA’s criminal background check policy is racially discriminatory in part because it is overly broad, permanently barring applicants with certain convictions from employment without considering length of time since the conviction and whether the offense was related to the position at hand.