Customers Worry About Loss of Privacy When Businesses Share Credit Information
Posted Dec 5, 2004 1:39 AM CST
By Jill Schachner Chanen
When Brenda Matthews, a New Jersey paralegal, applied last year for a corporate position as a patent specialist, she never suspected that her credit history would be a deciding factor in whether she got the job.
As things turned out, the credit report that came back on Matthews eliminated her from contention for the position, despite her qualifications and experience.
The outcome of Matthews’ case comes as no surprise to lawyers in the consumer protection field. They know that the credit histories of job applicants have become a standard tool for evaluating who would be a good hire.
If the connection between an individual’s credit history and his or her work performance seems murky, consider some of the other ways companies are using credit information: Insurers are looking to credit histories to help set premiums for both auto and health insurance. A utility company in Texas is setting rates for individual customers based on their credit histories. A national retail chain reportedly has refused to allow customers to return goods--despite stated store policy to do so--if their credit histories aren’t quite up to snuff.
And the trend toward finding new ways to use consumer credit information as a reference in making other decisions about individuals is likely to continue, say lawyers in the field--even if the connection seems to be tenuous.
These developments are part of the changing reality of the Information Age. As it becomes possible to electronically process consumer credit information in more and more configurations, that information is being used in seemingly unlikely ways. “Credit has become so much a part of the way consumers do business that you cannot go a day in your life without these issues coming up,” says Donald C. Lampe, an attorney in Charlotte, N.C.
Many in the business community contend that an individual’s credit history provides a large measure of predictive information about an individual’s behavior in other areas.
“A lot depends on how you define credit,” says Craig Watts, a spokesman for Minneapolis-based Fair Isaac Corp., a leading provider of credit information. “If you use a service in advance of payment, that is--by definition--credit. So it stands to reason that utilities are protective of their owners for undue risk from consumers who would use the power and be a payback risk.”
But consumer advocates question whether it’s legal under the existing umbrella of state and federal consumer protection laws for companies to make decisions about individuals based on their credit histories.
That issue is likely to be the next battleground in consumer protection law, says Joan M. Burda, a solo practitioner in Lakewood, Ohio, near Cleveland.
“The financial institutions, the insurance companies and others believe that they should have as much access [to consumer credit information] as they need or want to make valid business decisions,” says Burda, a council member for the ABA’s General Practice, Solo and Small Firm Section. “Consumers, on the other hand, want to limit the amount of information they give out. It’s a confusing situation because I do not think that people know what they can say yes or no to.”
Lampe says these concerns have put a focus on how to reconcile privacy concerns of consumers with the business community’s interest in maximizing access to and use of credit information about consumers.
“That is about the hottest topic right now in the world of consumer protection,” he says.
Seeking Cover under Federal Law
Federal law generally limits how credit information on individuals may be used by businesses and other commercial entities. Still, concerns about the issue have intensified efforts to invoke federal consumer protection laws to pursue actions against companies that produce or use credit information that is incorrect.
One of the key weapons in these consumer actions has been the Fair Credit Reporting Act of 1970. “It’s the plastics of the 21st century,” says Richard Rubin, a Santa Fe, N.M., lawyer who handled the successful appeal for a consumer in a key recent case in this area, Johnson v. MBNA, 357 F.3d 426 (4th Cir.).
The Fair Credit Reporting Act governs most phases of the consumer information reporting industry in efforts to ensure that the industry operates in a fair and equitable manner that protects consumers’ privacy rights. The FCRA affirms that consumers are entitled to notice about reporting activities, access to reports on them and correction of untrue information. The act also gives consumers private causes of action against credit bureaus, furnishers of credit information, and users of credit information that violate these rights.
In 2003, Congress passed the Fair and Accurate Credit Transactions Act to further hone the obligations of consumer information users. The FACT Act addresses such issues as identity theft and dissemination of medical information, and the remedies of consumers. Under the FACT Act, which amends the FCRA, businesses that provide consumer information to credit bureaus are liable for errors they don’t correct. The 2003 law also requires credit bureaus to furnish consumers with a free report once a year, requires business to notify consumers if they will receive less favorable credit terms because of their credit history, and increases consumer protections in identity theft cases. Some recent court decisions also have helped bolster the protections consumers enjoy under the Fair Credit Reporting Act.
The 9th U.S. Circuit Court of Appeals at San Francisco has ruled that the FCRA gives consumers a private cause of action against providers of credit information. Nelson v. Chase Manhattan Mortgage Corp., 282 F.3d 1057.
The case involved a consumer’s unsuccessful attempts to remove from his own credit reports the bankruptcy of a co-signor on a mortgage. The plaintiff repeatedly wrote to Chase Manhattan, the mortgage lender, and Experian Information Solutions, a national credit bureau, asking them to remove the information, which had led to him being denied credit for a car loan and further problems when he tried to secure other credit.
The 9th Circuit held that Congress intended furnishers of credit information to be liable under 1996 amendments to the FCRA that expanded liability under the act. As a result of Nelson, “The liability has ratcheted way up,” says Stephen Gardner, a former consumer lawyer in Dallas who now is director of litigation for the Center for Science in the Public Interest. “It used to be only the credit bureaus. Then it became the furnishers of [credit] information, and now the liability is anyone involved in the loop between the credit bureaus--the information furnishers and anyone else obtaining the information.”
The Richmond, Va.-based 4th Circuit’s February ruling in Johnson v. MBNA is another victory for consumers. The Johnson court ruled that furnishers of credit information have a duty to investigate consumer complaints about incorrect information.
The plaintiff in Johnson sued a credit card issuer to contest its declaration that she was responsible for the balance on a credit card that was in the name of her former spouse. The plaintiff claimed that she had no knowledge of the card, had not applied for it as a co-obligor and had never used it. The defendant credit card issuer did not go back to its records, including the original application, to investigate the plaintiff’s claims.
The decision should force credit providers to become more diligent in following up on consumer complaints, says Leonard Bennett, a Newport News, Va., attorney who represented the plaintiff at the trial court level.
“Almost all creditors that investigate what they report to credit bureaus do a very superficial computer check [on its accuracy],” Bennett says. “Johnson held that the creditors have to go back to the original documents. It seems somewhat self-evident, but that was not what the practice was.”
In addition to these appellate rulings, a jury of the U.S. District Court for the District of Oregon awarded $5.3 million in 2002 against TransUnion, one of the three national credit bureaus in the United States, for willfully violating the Fair Credit Reporting Act by failing to correct the plaintiff’s credit report. (The jury award was later reduced, and TransUnion did not appeal the verdict.)
Consumer advocates are optimistic about the direction of these decisions. Privacy expert Evan Hendricks of Cabin John, Md., attributes the success of recent consumer cases to a better understanding by attorneys of how the credit information industry operates. Hendricks, who edits a newsletter called Privacy Times, says he would not be surprised to see more verdicts in line with the TransUnion case, where the jury clearly identified with a consumer’s frustrations in trying to get her credit report corrected after the reporting bureau merged her information with that of another consumer.
But consumer law experts also say lawsuits under the Fair Credit Reporting Act must be pursued carefully.
The act is thick with procedural requirements that must be followed for a case to proceed, notes Ian Lyngklip, a consumer protection lawyer in Southfield, Mich. Lyngklip also notes that plaintiffs must prove negligence or willfulness on the part of credit information users to win damages. But he adds that proving those things can produce hefty awards because of the nature of the consumer claims.
“When you look at the real value of these cases you have people who walk in with nightmare scenarios,” Lyngklip says. “This immediately resounds with juries. It has the ring of truth and the familiar feeling of frustration in dealing with a corporate society that has nothing in place besides a rule book that no one knows about. That is why we’ve had so much success in recent years in trials--because virtually everyone who sits on a jury understands the frustration of trying to deal with corporations that respond with form letters. People are pounding their heads against the walls trying to get their credit fixed.”
Getting the Score Right
lyngklip and others predict that the next round of legal battles in the consumer information area will involve the adverse action notices provision in the FCRA. The amendments incorporated into the FCRA by the FACT Act in 2003 require credit users to notify consumers when they give them less favorable credit terms on such things as car loans based on the credit information available to them. One purpose of the notices is to alert people that there might be a problem with their credit reports. Proving noncompliance with this requirement is becoming more complicated, however, because many creditors are relying on credit scores rather than credit reports, say consumer protection lawyers.
Fair Isaac pioneered the use of credit scores. Under this approach, Fair Isaac creates an individual’s credit score based on an algorithm that summarizes available information from credit bureaus and other sources, explains Karlene Bowen, the company’s director of client relations. The resulting number or score ranks consumers according to risk. Credit scores have become the leading tool for businesses when making decisions about consumers because the numeric rankings provide a quick, objective risk assessment, experts say.
For consumers, however, the growing use of credit scores is problematic. Bennett says consumers have no way to challenge the scores under the Fair Credit Reporting Act’s adverse action notice because they don’t know what went into creating the numeric ranking.
“Unlike traditional credit reports, you have no way to challenge the score,” he says. “If you look at your credit report and see a collection account on it that is not yours, you can say, ‘I’ve never been to a doctor in New Mexico,’ or that you paid the credit card on time. But with credit scores, you do not see any of those things.”
Some lawyers have challenged the use of credit reports, but so far with little success. David Donaldson, an attorney in Birmingham, Ala., has filed two suits in federal court this year alleging that cellular telephone providers failed to comply with adverse action notice requirements. Both cases were dismissed, however, when the companies filed affidavits with the court asserting that they had complied with the act by sending adverse action notices to the plaintiffs.
Despite these setbacks, Donaldson, who maintains there is a widespread failure by companies to comply with the adverse action notice provisions, is continuing to take on businesses that he believes are ignoring the requirements. He recently filed a class action in federal court in Columbus, Ga., claiming a car dealer has repeatedly violated the act. Court proceedings have not begun.
Earlier this year, however, Sprint and AT&T Corp. each settled with the Federal Trade Commission over allegations that they violated the FCRA’s adverse action notification provisions when they used credit scores to deny individuals telephone service or placed certain conditions on those services.
In the case of Brenda Matthews, the unsuccessful job applicant, an adverse action claim under the FCRA was an option, says Adam Klein, the New York City lawyer who represents her. But instead, Klein opted to pursue a racial discrimination claim with the U.S. Equal Employment Opportunity Commission against Johnson & Johnson, the company that refused to hire Matthews. The EEOC’s decision is pending. Klein says a successful Title VII claim against an employer based on the use of credit information could have a significant impact on hiring policies. He argues that an employer violates Title VII of the Civil Rights Act of 1964 if a facially neutral requirement such as screening the credit histories of all potential employees has an adverse impact on a group of people, unless the employer can prove the requirement is job-related and consistent with business necessity.
“That last prong requires the employer to prove some predictive value to the requirement in terms of the job itself,” Klein says. “There has to be some factual basis to show that a credit score will determine whether an applicant will be a good employee or not. That cannot be too overstated or too broadly applied.”
This area “is all very fresh,” says privacy expert Hendricks. “There is a tension building all over because credit scores are going to be used everywhere.”
States Enter the Fray
Lawyers also are watching developments on two other fronts where the interest of businesses in gaining information and the interest of consumers in protecting information face brewing conflicts.
One concern of consumer advocates is that recently issued federal banking regulations no longer require national financial institutions to disclose certain information to national banking customers.
Among the information that financial institutions may avoid informing customers about under the regulations are such things as increased fees for late payments and bounced checks, according to Chi Chi Wu, a staff attorney with the National Consumer Law Center in Boston.
Wu says the regulations issued through the Office of the Comptroller of the Currency also have effectively pre-empted all state laws regulating disclosure of information to credit card customers by national banking institutions.
A combination of less state regulation and looser federal controls could translate into problems for credit card customers, Wu says.
She cites a recent Ohio case in which a credit card issuer sued one of its customers for thousands of dollars in late fees that had accrued on a $2,000 balance. She says credit card issuers also are imposing cross-default penalties. Under these rules, if a consumer incurs a late charge on any credit card, another credit provider may use that late payment as a reason to add a late payment penalty onto its own line of credit, even if it is unrelated to the account on which the late payment occurred.
Wu says the regulatory void in the credit card industry needs to be addressed. “This is a policy issue,” she says.
Other consumer advocates say the policies being followed by some credit card issuers have begun to spill over into other lending areas.
The servicing of mortgage loans--particularly those offered at subprime rates--has become especially problematic in the current environment, says Nina Simon, a lawyer with the AARP in Washington, D.C.
Simon notes that information passed on to mortgage loan servicers often is incorrect. As a result, the servicers often do not receive full payment histories and begin charging mortgagors’ late fees to the consumers even if the mortgage payments are current.
This practice by mortgage loan servicers has triggered a number of class actions against them, according to Simon, and a number of them have settled. In one of the more notable settlements, Fairbanks Capital Holding Corp., one of the country’s largest subprime mortgage servicers, settled last year with the Federal Trade Commission for more than $40 million over allegations that it had engaged in unfair, deceptive and illegal practices while servicing mortgage loans. United States v. Fairbanks Capital Corp., FTC No. 032 3014.
But ultimately, the most crucial question may be just how much private information businesses may share with each other about their customers, say experts in the field. Recognizing that the boundaries of information sharing are limited largely by technology rather than any real legal limitations, Congress passed the Gramm-Leach-Bliley Financial Modernization Act in 1999. The law requires financial institutions to inform customers about their information-sharing policies and, when customers request it, to bar the sharing of information about them with other entities, including businesses. But some consumer advocates contend that Gramm-Leach-Bliley doesn’t go far enough to protect consumers.
And this year, the California legislature took those protections another step when it enacted the Financial Privacy Information Act (SB-1). The law created a different set of rules regulating the sharing of consumer information in the state. The law differs most notably from Gramm-Leach-Bliley in that it calls for consumers to opt in to information-sharing arrangements among financial institutions. The federal law, by contrast, allows businesses to share information unless a customer tells them not to. The banking industry challenged the law, but a federal judge upheld it earlier this year. American Bankers Association v. Lockyer, No. S 04-778 (E.D. Cal.). Lampe says the law, if it survives the expected appeals, will create a quagmire for financial institutions.
“Financial institutions make a lot of money [from information sharing], but it also permits them to do business easier,” Lampe says. “The main concern is one of uniformity. If I have to code my data 50 different ways, it’s a compatibility issue. So that is why national uniformity is a concern.”
Jill Schachner Chanen, a lawyer, is a legal affairs writer for the ABA Journal.