Current Developments in Privacy Law

SOME THOUGHTS ABOUT THE EQUIFAX DATA BREACH

Novemeber 2017



Following the Equifax data breach, regulatory agencies, state Attorneys General and consumer advocacy groups have suggested steps consumers can take to avoid becoming victims of identity theft. 


Here are 10 steps suggested by the Consumer Financial Protection Bureau: https://www.consumerfinance.gov/about-us/blog/top-10-ways-protect-yourself-wake-equifax-data-breach/.  


These are all good suggestions, but the risk to most consumer of becoming victims of identity theft from the Equifax hack is overblown.The likelihood of being a victim of identity theft among the 150M records that were hacked is infinitesimal. You would have to be very unlucky. All breaches I have dealt with involve more personal ID theft—a friend or relative, Jr-Sr., the receptionist at a doctor’s office; they are typically not the result of a hack involving millions of records. It can happen, but the risk is extremely low.     


First, if someone uses your identifiers and gets credit in your name, the lender is out the money, not you. Banks are in business to make money. That’s why they use credit reports in the first place. Banks use credit reports to determine if an applicant is likely to pay them back. But, second, if the applicant is a fraudster, the bank would not get paid back, so in addition to determining credit risk, lenders take steps to determine whether the applicant is who he or she claims to be. Lending to an imposter with your good credit report is a sure way to lose money.  If you get approved for a credit card, the card is mailed to your home and you have to activate it by calling from your phone. The fraudster would have to steal your mail to get the card and then break into your home to use your land line or steal your cell phone to place the call. If you want a personal loan, the bank makes you fill out an application, asks for your driver’s license, maybe a copy of one of your credit cards, and verifies information on the application, such as employment and income. 


Car loans are the same and are generally completed in person where you have to provide identification documents. If you apply for an online loan, the lender verifies your identity through a number of companies that provide fraud prevention services, including Equifax.This is not to say that identity theft can’t happen from the hack, but it’s not easy and the risk is very low. Credit fraud is usually a very personal process where the fraudster knows you or lives near you.  If you are a victim, you may unfortunately have some difficulty convincing the lender or the credit bureau that you were in fact a victim and are not just trying to avoid paying an obligation you actually owe. That happens and a large percentage of credit bureau disputes—the person owes the money and is trying to get out of paying. But, most identity theft victims clear up the error fairly rapidly.    


Unfortunately, credit bureaus, monitoring services, legislators and regulators as well as media have an incentive to scare people about identity theft—the credit bureaus and other credit monitoring services sell product based on your fear; the regulators want to show how they are concerned about their constituents and trying to help them; Congress likes to have hearings where they can get good, pro-consumer sound bites; the media doesn’t tell good news stories and likes to blow up the risk since that gets ratings. No one has in incentive to say what I said above.  


February, 2014

CFPB Credit Reporting Complaint  Snapshot: The CFPB finds that credit reporting accounted for 11% of the  consumer complaints it has received. Of those  complaints, 73% involved  complaints about accuracy.    http://files.consumerfinance.gov/f/201402_cfpb_snapshot_credit-reporting-complaints.pdf
 

The FTC also listed complaints it received in 2013. Identity theft topped the list. Credit reporting was not in the top ten: http://www.ftc.gov/news-events/press-releases/2014/02/ftc-announces-top-national-consumer-complaints-2013  





October, 2013
 

Data Brokers and Privacy: In a report issued by the GAO, it recommends that Congress  should consider strengthening the consumer privacy framework to reflect  the effects of changes in technology and the increased market for  consumer information. Any changes should seek to provide consumers with  appropriate privacy protections without unduly inhibiting commerce and  innovation. The Department of Commerce agreed that strengthened privacy  protections could better protect consumers and support innovation. 
 

For details, see: http://www.gao.gov/assets/660/658151.pdf
 

CFPB Bulletin 2013-09   Date: September 4, 2013   Subject: The FCRA’s requirement to investigate disputes and review  “all relevant” information provided by consumer reporting agencies  (CRAs) about the dispute   The Fair Credit Reporting Act (FCRA) generally requires a consumer  reporting agency (CRA) to notify a furnisher when a consumer disputes  the accuracy or completeness of an item of information provided by the  furnisher to the CRA.1 The CRA must also promptly provide the furnisher  “all relevant information” regarding the dispute that the CRA timely  received from the consumer.2 The furnisher, in turn, must “conduct an  investigation with respect to the disputed information,” “review all  relevant information” provided by the CRA, and respond appropriately  based on the result of the investigation.3 The CFPB expects CRAs and  furnishers to comply fully with these FCRA requirements, thereby  promoting the accuracy and completeness of information in the consumer  reporting system.   This bulletin specifically addresses furnishers’ obligations to  “review all relevant information” they receive in connection with  disputes forwarded by CRAs.   The CFPB expects furnishers to have reasonable systems and technology  in place to receive and process notices of disputes and information  regarding disputes, including relevant documentation, forwarded to them  by CRAs. The CFPB also expects every furnisher to review and consider  “all relevant information” relating to the dispute, including documents  that the CRA includes with the notice of dispute or transmits during the  investigation, and the furnisher’s own information with respect to the  dispute.  The CFPB will continue to  evaluate compliance with the requirement to review “all relevant  information” by furnishers subject to its supervisory and enforcement  authorities. In general, with respect to disputes received by furnishers  from CRAs, the CFPB expects each furnisher to comply with the FCRA by:   (1) Maintaining a system reasonably capable of receiving from CRAs  information regarding disputes, including supporting documentation;   (2) Conducting an investigation of the disputed information including reviewing:   a. “all relevant information” forwarded by the CRA and;   b. the furnisher’s own information with respect to the dispute;   (3) Reporting the results of the investigation to the CRA that sent the dispute;   (4) Providing corrected information to every nationwide CRA that  received the information if the information is inaccurate or incomplete;  and   (5) Modifying or deleting the disputed information, or permanently  blocking the reporting of the information if the information is  incomplete or inaccurate, or cannot be verified.   Any furnisher not currently maintaining a process that meets these  requirements should take immediate steps to comply with the requirements  of the law.   The CFPB is monitoring complaints received from consumers and will  prioritize examinations and other actions on the basis of risks posed to  consumers. If the CFPB determines that a furnisher has engaged in any  acts or practices that violate the FCRA or other Federal consumer  financial laws and regulations, it will take appropriate supervisory and  enforcement actions to address violations and seek all appropriate  corrective measures, possibly including remediation of harm to  consumers. The CFPB will continue to review furnisher compliance with  these requirements during examinations and investigations.  
 

CDIA Says "60 Minutes" Story Misleads On Credit Report Accuracy Story Ignores Study Results that Credit Reports are Materially Accurate 98% of the Time WASHINGTON, Feb. 9, 2013  /PRNewswire-USNewswire/ -- "The promotion released yesterday for a '60  Minutes' story airing this coming Sunday, February 10, demonstrates that  '60 Minutes' has selectively interpreted an upcoming Federal Trade  Commission (FTC) study to ignore the most significant results," stated  Consumer Data Industry Association (CDIA) president and CEO Stuart Pratt  .  "The FTC study shows that 98% of credit reports are materially  accurate, a fact it appears '60 Minutes' is set to ignore." The "60 Minutes" promotional spot  reveals that the show has been given access to a Federal Trade  Commission report on the accuracy of credit reports that has not yet  been released to the general public.  Having obtained a copy of the  report, CDIA found that the show has missed the most critical point in  the research; that the measure of accuracy is tied to the question of  when an error has a consequence for consumers, not just when a report  contains an error that will have little or no impact on  creditworthiness. "It is irresponsible for '60 Minutes' to  be reporting the findings of the study in this manner.  The FTC's study  concludes that only 2.2 percent of credit reports have an error that  would lead to higher-priced credit for the consumer. It is simply wrong  to suggest that 21 percent have errors that would lead to this  consequence," stated Pratt. "It's easy to selectively hype snippets  from the FTC study to sensationalize the issue, as '60 Minutes' has  done, but the number important to consumers is the one they ignored –  that only 2.2% of credit reports contain materials errors.  The shared  goal of our members and lenders who report data about consumers is to  get it right every time.  We will continue our efforts to push down the  material error rate even further in credit reports," stated Pratt. The show also states that a disputed  error is "nearly impossible to expunge."  Pratt reacted, "The notion  that it is difficult to dispute an error is just wrong.  It is  irresponsible to suggest to consumers that they might as well not take  action when they have a question about their credit report. CDIA and our  members encourage consumers to get a copy of their credit report from  each of the national credit reporting agencies at  www.annualcreditreport.com."  Research released by the Political and  Economic Research Council in 2011 shows that consumers in their study  were satisfied with the results of the dispute process in 95% of the  cases.  Statements made on the show suggest that  the actions of CDIA members are in violation of federal law.  Pratt  responded "Federal courts have found just the opposite on multiple  occasions."  Further, Congress directed the Federal Trade Commission to  conduct a year-long review of the dispute process and they did not find  any violations of law.  "There seems to be some misunderstanding  about what the law requires of a credit bureau when a consumer submits a  dispute.  This is a good time to get the facts straight," Pratt said. 

For Release: 02/11/2013

In FTC Study, Five Percent of Consumers Had Errors on Their Credit Reports That Could Result in Less Favorable Terms for Loans

Consumers Should Check Their Credit Reports for Free Using AnnualCreditReport.com


A  Federal Trade Commission study of the U.S. credit reporting industry  found that five percent of consumers had errors on one of their three  major credit reports that could lead to them paying more for products  such as auto loans and insurance. Overall,  the congressionally mandated study on credit report accuracy found that  one in five consumers had an error on at least one of their three  credit reports. “These  are eye-opening numbers for American consumers,” said Howard Shelanski,  Director of the FTC’s Bureau of Economics.  “The results of this  first-of-its-kind study make it clear that consumers should check their  credit reports regularly.  If they don’t, they are potentially putting  their pocketbooks at risk.” The  study, in which participants were encouraged to use the Fair Credit  Reporting Act (FCRA) process to resolve any potential credit report  errors, also found that:  

  • One in four consumers identified errors on their credit reports that might affect their credit scores;
  • One  in five consumers had an error that was corrected by a credit reporting  agency (CRA) after it was disputed, on at least one of their three  credit reports;
  • Four out of five consumers who filed disputes experienced some modification to their credit report;    
  • Slightly  more than one in 10 consumers saw a change in their credit score after  the CRAs modified errors on their credit report; and
  • Approximately  one in 20 consumers had a maximum score change of more than 25 points  and only one in 250 consumers had a maximum score change of more than  100 points.           

Other study results can be found in the executive summary of the report. “Your  credit report has information about your finances and your bill-paying  history, so it’s important to make sure it’s accurate,” said Charles  Harwood, Acting Director of the FTC’s Bureau of Consumer Protection.   “The good news for consumers is that credit reports are free through  annualcreditreport.com, and if you find an error, you can work with the  credit reporting company to fix it.”
______________________________________________________________________________________CFPB Bulletin 2012-09 
Date:  November 29, 2012 
Subject: The FCRA’s “streamlined process” requirement for 
consumers to obtain free annual reports from nationwide 
specialty consumer reporting agencies 
Background 
The Fair Credit Reporting Act (FCRA) requires nationwide specialty 
consumer reporting agencies (NSCRAs) to provide, upon request of a 
consumer, a free annual disclosure of the consumer’s file, commonly 
known as a consumer report.  The FCRA’s implementing Regulation 
(Regulation V) includes a rule mandated by the FCRA that requires each 
NSCRA to establish a “streamlined process for consumers to request [their 
free annual] consumer reports . . . which shall include, at a minimum, the 
establishment by each such agency of a toll-free telephone number for 
such requests.” 15 U.S.C. § 1681j; 12 C.F.R. § 1022.137.   
Pursuant to Regulation V, this streamlined process must permit 
consumers to request an annual file disclosure through a toll-free 
telephone number that is published “in any telephone directory in which 
any telephone number for the [NSCRA] is published” and is “clearly and 
prominently posted on any Web site owned or maintained by the [NSCRA] 
that is related to consumer reporting.” 12 C.F.R. § 1022.137(a)(1)(ii)–(iii). 
The streamlined process must, among other things, have adequate 
capacity to accept requests from the reasonably anticipated volume of 
consumers requesting their annual file disclosures through the 
streamlined process and must provide clear and easily understandable 
information and instructions to consumers. 12 C.F.R. § 1022.137(a)(2). 
It has come to the attention of the CFPB that some NSCRAs may not have 
established the required streamlined process for consumers to request 
copies of their annual file disclosures.  The Bureau is issuing this Bulletin 
to remind the NSCRAs of their obligation to comply with the streamlined 
process requirement, which the Bureau views as an important consumer 
protection.   
CFPB Expectations 
NSCRAs are defined as consumer reporting agencies that compile and 
maintain files on consumers on a nationwide basis relating to (1) medical consumerfinance.gov
records or payments; (2) residential or tenant history; (3) check writing 
history; (4) employment history; or (5) insurance claims.  15 U.S.C. § 
1681a(x).  In light of the range and frequency of decisions that rely on 
NSCRA reports, the accuracy of these reports is critical.  Consumer access 
to NSCRA files enables consumers to detect and dispute inaccuracies 
contained in their files. 
The CFPB will evaluate compliance with the streamlined process 
requirements by NSCRAs subject to its supervisory and enforcement 
authority.  The CFPB expects each NSCRA to comply with the FCRA and 
Regulation V, including by:   
(1) Enabling consumers to request annual file disclosures by a toll-free 
telephone number that;  
a. Is published, in conjunction with all other published numbers 
for the NSCRA, in any telephone directory in which any 
telephone number for the NSCRA is published; and 
b. Is clearly and prominently posted on any Website owned or 
maintained by the NSCRA that is related to consumer 
reporting, along with instructions for requesting disclosures by 
any additional available request methods, 12 C.F.R. § 
1022.137(a)(1); 
(2) Ensuring that its streamlined process for obtaining an annual file 
disclosure has adequate capacity to accept requests from a reasonably 
anticipated volume of consumers, 12 C.F.R. § 1022.137(a)(2)(i); 12 
C.F.R. § 1022.137(b)-(c); 
(3) Collecting only as much personal information from a consumer 
requesting a disclosure as is reasonably necessary to identify the 
consumer properly, 12 C.F.R. § 1022.137(a)(2)(ii); 
(4) Providing clear and easily understandable information and instructions 
to consumers, including but not limited to: providing information on 
the status of a request, providing a “help” or “frequently asked 
questions” page for web-based requests, and providing a statement 
when the identity of the consumer requesting an annual file disclosure 
cannot properly be verified and directions on how to complete the 
request, 12 C.F.R. § 1022.137(a)(2)(iii);  
(5) Using or disclosing personally identifiable information collected from 
a consumer because of the consumer’s request for an annual or other 
disclosure required by the FCRA from the entity that the consumer 
made through the streamlined process only in ways permitted by 
Regulation V, 12 C.F.R. § 1022.137(d); and consumerfinance.gov
(6) Accepting consumer requests for annual file disclosures from 
consumers who use methods other than the streamlined process or 
instructing such consumers on how to use the streamlined process. 12 
C.F.R. § 1022.137(e). 
Any NCSRA not currently providing a process that meets these 
requirements should take immediate steps to comply.   

New York Times February 5, 2012

Austrian Law Student Faces Down Facebook
By KEVIN J. O'BRIEN
BERLIN — As Wall Street prepares for a record, multibillion-dollar initial stock sale from Facebook, the social networking site, a meeting with the potential to shape the economics of the deal was set to take place Monday in Vienna.
 

Richard Allan, a former member of Parliament in Britain who is the European director of policy for Facebook, and another executive from Facebook’s headquarters in Menlo Park, California, will meet with Max Schrems, a 24-year-old college student.
 

Mr. Schrems, a law student at the University of Vienna and a user of Facebook since 2008, has led a vocal campaign in Europe against what he maintains are Facebook’s illegal practices of collecting and marketing users’ personal data, often without consent.
 

In less than a year, Mr. Schrems’s one-person operation has morphed into a Web site, Europe Versus Facebook, and a grass-roots movement that has persuaded 40,000 people to contact Facebook in Ireland, where its European headquarters are located, to demand a summary of all the personal data the U.S. company is holding on them.
 

Mr. Schrems and his crusade have become a cause célèbre in parts of Europe, attracting the attention of lawmakers in Brussels as the Continent begins a lengthy debate over tough new proposed restrictions on personal data, which could affect Web businesses like Facebook.
 

Last month, the author of a proposed European data protection law, which would update a 1995 statute to reflect the realities of the digital age, cited Mr. Schrems’s case as an example of why European lawmakers should adopt tightened controls over Web businesses.
 

The plan put forward by Viviane Reding, the European justice commissioner, would give E.U. residents the right to opt out more easily of standard data collection practices used by businesses like Facebook. It would also compel companies to expunge all personal data, permanently, at a consumer’s request.
 

Both elements have the potential to hamper the data-harvesting engine that is at the heart of Facebook’s advertising-driven business, and of its value.
 

Facebook said in a statement that its data practices followed European law and that the company had gone out of its way to meet Mr. Schrems’s request for personal information. The company also noted that Facebook users could easily obtain a copy of their information on Facebook by using a function within their personal account settings.
 

The company said a report in December from an Irish regulator demonstrated “how Facebook adheres to European data protection principles and complies with Irish law.” It says it is not only fully compliant with E.U. data protection laws, but “we also strongly believe that every Facebook user owns his or her own data and should have simple and easy access to it.”
 

Mr. Schrems appeared on Facebook’s radar last June when he filed a complaint against the company with the Irish regulator, the office of the Irish Data Protection Commissioner, in Port Arlington, Ireland. He alleged 22 violations of European law. Mr. Schrems filed the grievance after using a provision of Irish law to obtain from Facebook a copy of all of the information the company had been keeping on him.
 

Facebook sent Mr. Schrems a computer disc containing 1,222 pages of information.
 

The disc, Mr. Schrems said, showed that Facebook was routinely collecting data that he had never consented to give, like his physical location, which he assumes was determined from his computer’s unique address identifiers, which can be traced geographically. Facebook was also retaining data he had deleted, Mr. Schrems said.
 

Irish officials began an audit based on his complaints and in October visited Facebook’s offices in the Hanover Quay section of Dublin, where the company employs more than 400 workers to direct many of its global operations outside North America.
 

On Dec. 21, the Irish regulator, which has a staff of only 22 employees, released a 150-page report that gave Facebook until July to make a series of changes in the way it collects and retains data and how it explains to users how their information is being used.
 

Mr. Schrems, during an interview last week, said the Irish inquiry and the regulator’s agreement with Facebook had not addressed “90 percent” of his complaints. Mr. Schrems said he planned to request a “formal decision” from Irish officials, which would give him the legal basis to challenge the regulator’s findings in Irish court.
 

Gary Davis, the deputy Irish data commissioner who led the audit on Facebook, said his agency had obtained significant concessions from Facebook that had had positive effects for the 854 million active global users of the site. After 40,000 people requested their own data from Facebook Ireland, the company responded, Mr. Davis said, by creating a software tool in October on the Web site that gives all users a quick overview of the data being kept on file.
 

Facebook announced improvements to that tool last week, Mr. Davis said, to provide more detailed information, and has committed to providing even more by July, when the regulator will revisit Facebook’s offices to check whether it has honored its commitments.
 

That visit could coincide with Facebook’s I.P.O., which could take place as early as May, depending on the length of the regulatory review in the United States.
 

Mr. Davis said that Facebook, as a result of Mr. Schrems’s campaign, had agreed to cut the amount of time it retains data on most user activities on the Web site to less than one year. Queries typed into Facebook’s search field are deleted within six months, in conformance with European law. Previously, Mr. Davis said, the company had no comprehensive policy on data retention, with times often dictated by the perceived level of security threats and cyberattacks on the business.
 

“We still view Max very favorably for the issues he has raised, which were very specific and well prepared and have led to concrete improvements in how Facebook does business,” Mr. Davis said. “I obviously think we have achieved a lot in Ireland by getting Facebook to improve its transparency and data protection practices.”
 

Mr. Schrems said the concessions from Facebook had been insufficient. At the time of its release, Thilo Weichert, the data protection commissioner in the German state of Schleswig-Holstein, criticized the Irish regulator, saying it had identified infractions in Facebook’s handling of consumer data but had not taken a harder line or imposed financial penalties.
 

The main issue, Mr. Schrems said, is that no one, including the Irish regulator, is independently verifying whether Facebook is doing what it says it will do in terms of permanently deleting personal information and shortening data retention times.
 

Consumer Reporting Agency to Pay $1.8 Million for Fair Credit Reporting Act Violations    


June 27, 2011

 

Company Provided Sensitive Consumer Credit Information to Marketers In Violation of Law

Teletrack,  Inc. has agreed to pay $1.8 million to settle Federal Trade Commission  charges that it sold credit reports to marketers, in violation of the  Fair Credit Reporting Act (FCRA). This settlement seeks to protect  consumers’ privacy by ensuring that their sensitive credit report  information is not sold for marketing purposes. According  to the FTC’s complaint, as part of its business Teletrack sells credit  reports and other services to businesses – such as payday lenders,  rental purchase stores, and non-prime rate auto lenders – that mainly  serve financially distressed consumers. These businesses use Teletrack’s  credit reports to decide whether and on what terms to provide credit to  their customers. The  complaint alleges that Teletrack created a marketing database of  information that it gathered through its credit reporting business. It  then sold the information in this database – including lists of  consumers who had applied for non-traditional credit products – to  marketers. For example, Teletrack sold lists of consumers who previously  sought payday loans to third parties that wanted to use this  information to target potential customers. The FTC’s complaint alleges  that these marketing lists were credit reports under the FCRA because  they contained information about a consumer’s creditworthiness. The FTC  charges that Teletrack violated the FCRA, which makes it illegal to sell  credit reports without a specific “permissible purpose” under the  statute; marketing is not a permissible purpose. “The  fact that a consumer has applied for a payday loan is credit report  information protected by the FCRA,” said FTC Bureau of Consumer  Protection Director David Vladeck. 
“The FCRA says a credit reporting agency like Teletrack can’t sell a  consumer’s sensitive credit report information for mere sales pitches.” The  settlement order resolving the FTC’s charges requires Teletrack to  furnish credit reports only to those people that it has reason to  believe have a permissible purpose to receive them under the FCRA, or as  otherwise allowed by the FCRA. It also requires Teletrack to pay a  civil penalty of $1.8 million, and contains reporting and record-keeping  requirements to ensure the company’s compliance with the decree. The  Commission vote to authorize the staff to refer the complaint to the  Department of Justice, and to approve the proposed order, was 5-0. The  DOJ filed the complaint and proposed order on behalf of the Commission  in U.S. District Court for the Northern District of Georgia on June 24,  2011. The proposed order is subject to court approval.  March 8, 2011    FTC Releases List of Top Consumer Complaints in 2010; Identity Theft Tops the List Again The  Federal Trade Commission today released the list of top consumer  complaints received by the agency in 2010. The list showed that for the  11th year in a row, identity theft was the number one consumer complaint  category. Of 1,339,265 complaints received in 2010, 250,854 – or 19  percent – were related to identity theft. Debt collection complaints  were in second place, with 144,159 complaints. The  report breaks out complaint data on a state-by-state basis and also  contains data about the 50 metropolitan areas reporting the highest per  capita incidence of fraud and other complaints. In addition, the 50  metropolitan areas reporting the highest incidence of identity theft are  noted. For  the first time, “imposter scams” – where imposters posed as friends,  family, respected companies or government agencies to get consumers to  send them money – made the top 10. The FTC also has issued a new  consumer alert, “Spotting an Imposter”, to help consumers avoid imposter  scams. The top consumer complaints were: Rank Category Number of Complaints Percentage 1 Identity Theft 250,854 19% 2 Debt Collection 144,159 11% 3 Internet Services 65,565 5% 4 Prizes, Sweepstakes and Lotteries  64,085 5% 5 Shop-at-Home and Catalog Sales 60,205 4% 6 Imposter Scams 60,158 4% 7 Internet Auctions 56,107 4% 8 Foreign Money/Counterfeit Check Scams 43,866 3% 9 Telephone and Mobile Services 37,388 3% 10 Credit Cards 33,258 2% March 2, 2011   The  Federal Reserve Board and the Federal Trade Commission (FTC) on Tuesday  proposed regulations regarding the credit score disclosure requirements  of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The  statute requires creditors to disclose credit scores and related  information to consumers in risk-based pricing and adverse action  notices under the Fair Credit Reporting Act (FCRA) if a credit score was  used in setting the credit terms or taking adverse action. The  Board proposes to amend Regulation V (Fair Credit Reporting) to revise  the content requirements for risk-based pricing notices and to add  related model forms to reflect the new credit score disclosure  requirements. The Board is issuing this proposal jointly with the FTC. The  Board also proposes to amend certain model notices in Regulation B  (Equal Credit Opportunity), which combine the adverse action notice  requirements for both Regulation B and the FCRA. The proposed amendments  would revise the model notices to incorporate the new credit score  disclosure requirements. Public  comments on the proposed rules under Regulations V and B are due 30  days after publication in the Federal Register, which is expected  shortly. 

February, 2011

 The CEO of a former client is named to the CFPB.  Elizabeth  Warren, the White House adviser charged with setting up the U.S.  Consumer Financial Protection Bureau, has hired Corey Stone to head a  unit that will write rules for credit information firms. Corey is the  former chief executive of Pay Rent, Build Credit, Inc. (PRBC), a credit  bureau designed to allow consumers to build credit histories by  documenting rent and bill payment, rather than by incurring debt. PRBC  was a client until the merger with MicroBilt, in 2008. MicroBilt  continues to be a client. He  will be in charge of writing rules to regulate credit bureaus,  according to the agency’s draft organizational chart as well as play the  same role for debt-collection companies 




 January 1, 2011 


 After many postponements, the Red Flag Rules finally are in effect. See http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml for information about what businesses need to do to comply. Please call if you have any questions.   

December 1, 2010

The  Federal Trade Commission issued a preliminary staff report that  proposes a framework to balance the privacy interests of consumers with  innovation that relies on consumer information to develop beneficial new  products and services. The proposed report suggests implementation of a  “Do Not Track” mechanism – likely a persistent setting on consumers’  browsers – so consumers can choose whether to allow the collection of  data regarding their online searching and browsing activities. See the  report at: (http://www.ftc.gov/os/2010/12/101201privacyreport.pdf)