Case study: LexisNexus $13.5M settlement over violations of FCRA
Key points:
Database companies can be CRAs subject to FCRA if they collect information that is provided to insurance companies, banks, or any other entity to make credit eligibility or employment decisions.
A violation of FCRA is unlikely to be considered ‘wilful’ for the purposes of qualifying for statutory damages where the organization relied on an opinion of the FTC to conclude the activities were not subject to FCRA
Background
Lexis is a data broker that sells an identity report called Accurint® for Collections (“Accurint”), used to locate people and assets, authenticate identities, and verify credentials. The Accurint database contains information on over 200 million people, and millions of Accurint reports are sold each year. For years, Lexis sold Accurint without complying with the FCRA, on the theory that Accurint is not a “consumer report” that triggers the Act’s protections.
A class action lawsuit was brought against defendants, LexisNexis Risk and Information Analytics Group, Inc.; Seisint, Inc.; and Reed Elsevier Inc. (together, “Lexis”). The class consisted of:
(1) approximately 200 million people whose information resides in the Accurint database; and
