Case study: ChoicePoint $15M FCRA consent decree
Key points:
Furnishing consumer reports — credit histories — to subscribers who do not have a permissible purpose to obtain them, and failing to maintain reasonable procedures to verify both their identities and how they intended to use the information is a violation of the FCRA
False or misleading statements in the privacy policy are a violation of the FTC Act
Background
ChoicePoint was a data broker publicly traded company based in suburban Atlanta. It obtained and selled to more than 50,000 businesses the personal information of consumers, including their names, Social Security numbers, birth dates, employment information, and credit histories. ChoicePoint, Inc., acknowledged in 2005 that the personal financial records of more than 163,000 consumers in its database had been compromised.
FTC Allegations
The Federal Trade Commission (FTC) brought action againts ChoicePoint in 2006 arguing that it violated the Fair Credit Reporting Act (FCRA) and the FTC Act.
Alleged violations of FCRA:
FTC argued ChoicePoint violated FCRA by furnishing consumer reports — credit histories — to subscribers who did not have a permissible purpose to obtain them, and by…