Skip to main content

FTC Announces $1.8 Million Settlement for Violation of Fair Credit Reporting Act

Written by Stu Eaton

In a settlement announced by the Federal Trade Commission (“FTC”) on June 27, 2011, Teletrack, Inc. agreed to pay $1.8 million to settle FTC charges that it violated the Fair Credit Reporting Act (“FCRA”) by selling consumer reports to marketers without a “permissible purpose.”  Teletrack sells credit reports and other services to businesses, such as pay day lenders, that use those credit reports to determine whether to offer credit to financially distressed customers. 

According to the FTC’s complaint, Teletrack created a marketing database, which included information on customers that applied for credit with its service, and sold that information to marketers.  The FTC alleged that such applications for credit, and by extension the marketing database that aggregated them, were credit reports under because they contained information about consumers’ creditworthiness.  One FTC Commissioner explained that “[t]he fact that a consumer has applied for a payday loan is credit report information protected by the FCRA.”   

Under the FCRA, it is illegal for a consumer reporting agency like Teletrack to sell a credit report without a “permissible purpose.”   Teletrack was subject to liability because marketing is not a “permissible purpose.”  Although Teletrack is in the credit reporting business, this settlement should serve as reminder all business that collect and sell consumer information.  The FCRA’s provisions may apply to any business that regularly “assembles or analyzes” consumer credit information and then provides that information to third parties for a fee.  See 15 U.S.C. 1681(d).  With such a broad definition, many business may be engaging in activities regulated by the FCRA and not be aware of it.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.