Federal District Court Denies Defense Motion to Dismiss FCRA Claims Against Consumer Reporting Agency Because a Jury Could Find that it Acted Recklessly in Allowing Public Defender’s Investigator to Access Consumer’s Credit Report Even Though Reasons Given were Facially Valid
A consumer filed suit against credit reporting agencies for violating the federal Fair Credit Reporting Act (FCRA), 15 U.S.C. §§ 1681 et seq., after a public defender’s office twice requested and received a credit report for the consumer, an alleged eyewitness to a crime, “in an attempt to impeach his credibility on the theory that his poor credit history created a financial motive to testify against the criminal defendant.” Centuori v. Experian Information Solutions, Inc., 431 F.Supp.2d 1002 (D. Ariz. 2006). The investigator from the public defender’s office gained access to the credit report through a written agreement with Merchants Information Solutions (MIS), which in turn had access to Experian’s consumer records through an agreement whereby MIS promised to ensure that MIS’s customers utilized Experian’s records only for lawful purposes and in compliance with all state and federal laws. In 1998, the public defender’s office had executed a “Permissible Purpose Certificate” for MIS “which listed the permissible and impermissible purposes of access a credit history under the FCRA.” Id., at 1004-05 (footnote omitted).
In 2001, Experian allowed MIS customers direct access to its database via the Internet, thereby saving Experian’s millions of dollars. Experian’s internal policies required that access requests be “properly validated and authorized before access is provided.” Centuori, at 1005. Experian’s policies also generally disallowed access to records by private investigators and attorneys (save for attorneys involved in debt collection) “because of a ‘high risk’ that they would access credit reports for impermissible purposes”; nonetheless, Experian accepted an application from the “Chief Criminal Investigator” of the “Pima County Public Defender,” and provided him with a user ID and password. Id. The access underlying the lawsuit consisted of two requests by the investigator for “collection purposes” and “government fee for service” – both of which are “facially proper purposes under the FCRA,” id., at 1006, though the true purpose is noted above, id., at 1007-08.
The federal district court denied Experian’s motion for summary judgment, and specifically found a genuine dispute as to whether Experian had “reasonable grounds for believing that credit reports would be used only for permissible purposes.” Centuori, at 1008. The Court was unimpressed with the steps Experian had taken to satisfy its “grave responsibilities” under the FCRA, which it summarized at page 1006 as follows:
At the time the Public Defender submitted its application, Experian had assigned only two employees to process about 200 Internet access applications per day. These two employees had only high school diplomas, were not trained in the definition of “permissible purpose” under the FCRA, and were not required to review application forms for signs that an applicant might be seeking to access credit reports for impermissible purposes. Furthermore, Experian did not attempt to independently verify that any customer, including the Public Defender, had a permissible purpose to obtain consumer credit reports, relying only on the verification it assumed that MIS had previously conducted. Essentially, Experian’s primary independent effort to verify that applicants would be accessing credit histories for a permissible purpose was to cross-reference the applicant with a list of names previously approved by MIS. Experian did audit MIS twice-in 1993 and 1998-but did not review each application approved by MIS over the years.
The district court believed a jury could find Experian’s decision to require two high school graduates to review 200 applications per day “reckless,” id., at 1009, and it was not lost on the court that “Experian saved significant amounts of money by eliminating phone line and training costs” when it switched to Internet access, id., at 1008. The court was also influenced by the fact that Experian did not honor its own policies with respect to investigator access to credit histories, id., at 1009.
Finally, the court found that the complaint adequately alleged damages, including emotional distress, and that punitive damages were recoverable under FCRA for reckless as well as intentional behavior. Centuori, at 1010-11.