Limits on Private-sector Collection and Use of Data - Financial (3 of 5) Flashcards
The Fair Credit Reporting Act of 1970 (FCRA)
Summary:
- Limits permissible uses of credit reports
- Requires fair and accurate information reporting
- Provides right to access and dispute information
- Requires notification of adverse actions
Detail:
Mandates that accurate and relevant data collection, give consumers the ability to access and correct their information, and limit the use of consumer reports for permissible purposes, such as employment and extension of credit or insurance
What is considered a Credit Report under FCRA?
Written, oral, or other communication that communicates:
- Creditworthiness
- Credit standing
- Credit capacity
- Character
- General reputation
- Personal characteristics
- Mode of living
Who is in scope for FCRA?
Only Consumer Reporting Agencies
When is sharing a consumer report permitted?
- Responding to a court order
- Acting upon written permission of the consumer
- Can use without consent if:
o Facilitating credit transactions
o Making employment decisions
o Underwriting insurance policies
o Issuing licenses and government benefits
o Other business need - Users of credit reports must provide certification of their intended use
- Reports must contain fair and accurate information
What is the deadline for a consumer dispute regarding the accuracy of a credit report?
Consumer disputes about the accuracy of information must be resolved within 30 days
What must be included in an Adverse Action notice?
o Contact information for a credit reporting agency
o Statement that the CRA did not make the decision
o Notice of the right to access report
o Notice of right to dispute report
o Any credit score used in decision
What types of penalties may be incurred for violating FCRA?
o Actual damages
o Punitive damages
o Legal costs
The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
Summary:
- Consumers may obtain free copies of their credit reports annually
- Consumers may place 90-day fraud alerts on their credit files. Identify theft victims may extend these alerts for seven years.
- Receipts may contain no more than five digits of credit and debit card numbers
- Red Flags Rule
- Disposal Rule
Detail:
Expansion of FCRA. Mandates that credit reporting agencies allow consumers to obtain a free credit report once every 12 months. Additionally, it allows consumers to request alerts when a creditor suspects identity theft and gave the FTC authority to promulgate rules to prevent identity theft.
Red Flags Rule
o Written identity theft protection program
o Address change validation
o Notification of address discrepancies
Disposal Rule
o Reasonable and appropriate destruction
o Burn, pulverize or shred paper records
o Destroy or erase electronic records
The Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley or GLBA)
Re-organized financial services regulation in the US and applies broadly to any company that is “significantly engaged” in financial activities in the US. Established two key rules:
- Privacy
- Safeguards
GLBA Scope
- Banks
- Non-bank lenders
- Financial Advisors
- Check-cashing services
- Payday lenders
- Real estate appraisers
- Tax prepares
- Mortgage brokers
- ATM operators
- Colleges and universities.
GLBA Privacy Rule
Limits how financial institutions may collect and share nonpublic personal information
GLBA Safeguards Rule
requires that financial institutions develop a written information security plan to protect consumer data
GLBA Privacy Notices
- Provided to customers annually
- Describe privacy policies and practices
- Disclose third-party information sharing
- Describe information security policies and practices
