The data broker industry is a $240 billion industry that is growing, opaque, intrusive, and potentially harmful to consumers, yet largely unregulated. The Fair Credit Reporting Act (FCRA) presents a meaningful avenue to address this regulatory gap for many companies in this industry, if the CFPB issues a rule that defines the scope of the Act as broadly as Congress originally intended.
The terms “consumer report” and “consumer reporting agency” are defined expansively in the FCRA, and cover many types of information sold by data brokers when used for one of the purposes enumerated in the Act, such as credit, employment, insurance, or a consumer-initiated business transaction. However, court decisions have unduly constricted the scope of the FCRA with judicially created barriers not found in the plain language of the Act. The CFPB can restore via rulemaking the original scope of these definitions that have been narrowed by judicial fiat.
Restoring the original broad scope of “consumer report” and “consumer reporting agency” (“CRA”) is especially critical because some of the most problematic data brokers are actually the Big Three credit bureaus, a.k.a. the nationwide CRAs: Equifax, Experian, and TransUnion. The three companies have a number of products that they claim are outside the scope of the FCRA, even though in the case of at least Experian, the information is derived from its main credit reporting database. All three nationwide CRAs offer products supposedly not FCRA-regulated that include financial information, such as consumers’ assets and investments. Other problematic data brokers include LexisNexis and Acxiom.