The expansiveness of FCRA has long been used by plaintiffs as a sword against consumer reporting agencies, furnishers of consumer information, and users of consumer information. Here, a company successfully used FCRA as a shield.
In a recent opinion, the Fifth Circuit ruled on the permissibility of broad based investigative subpoenas by the Consumer Financial Protection Bureau (“CFPB”). Consumer Financial Protection Bureau v. Source for Public Data, L.P., 2018 WL 4258966 (5th Cir. Sept. 6, 2018). As background, the Dodd-Frank act gave the CFPB broad enforcement authority with respect to several statutes, including FCRA. When the CFPB suspects a violation, it issues Civil Investigative Demands (“CIDs”) requiring that a regulated company provide documents relevant to the CFPB’s investigation. However, the CFPB is required to provide a “notification of purpose” to inform the company of “the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation.” 12 U.S.C. § 5562(c)(2).
Here, the CFPB issued a CID seeking to collect documents from the Source for Public Data, a search engine for compiling publicly available information. The CID’s Notification of Purpose stated that it was investigating potential violations of FCRA “or any other federal consumer financial law.” The Source for Public Data objected, asserting that the CID was impermissibly broad and that it was not a consumer reporting agency under FCRA.
The Fifth Circuit held that the district court abused its discretion in overruling the company’s objections. In doing so, the Court observed that FCRA is “an expansive law” and held that a reference to FCRA did not provide the kind of specificity required in a notification of purpose. Rejecting the CID on notification grounds, the Fifth Circuit did not reach the question of whether the company qualified as a consumer reporting agency.