CFPB toughens up on credit report sharing companies

The Consumer Financial Protection Bureau (CFPB) has issued a legal interpretation, which states companies that use and share credit reports have an obligation to protect consumers’ data under the Fair Credit Reporting Act. 

This comes after the US Congress has enacted a number of sector-specific privacy laws to protect personal data, such as the aforementioned Fair Credit Reporting Act. 

“Americans are now subject to round-the-clock surveillance by large commercial firms seeking to monetize their personal data,” said CFPB Director, Rohit Chopra

“While Congress and regulators must do more to protect our privacy, the CFPB will be taking steps to use the Fair Credit Reporting Act to combat misuse and abuse of personal data on background screening and credit reports.”

The advisory members’ new measures will aim to hold companies responsible for any violation that impedes the Fair Credit Reporting Act.

These violations include: insufficient matching procedures, providing credit reports of multiple people as ‘possible matches’, disclaimers about insufficient matching procedures do not cure permissible purpose violations, and violating a person’s privacy by obtaining a credit report when they lack a permissible purpose.   

The Fair Credit Reporting Act ensures fair and accurate reporting, requiring users to have a legally permissible purpose. This ensures that companies cannot check an individual’s personal information, including their credit history, without a bona fide reason. Some common purposes include using consumer reports for credit, insurance, housing, or employment decisions. 

The CFPB also intends to hold companies accountable for illegal debt collection, along with false identification of consumers in background reports, a move that looks to safeguard compliance amongst big tech firms.