CDIA Regulatory Comments & Amici
In December 2019, the CFPB issued Supervisory Highlights Consumer Reporting Special Edition, Issue No. 20 (Fall 2019). The report addresses several issues. Under Supervisory Observations at Furnishers, the report addresses Reasonable, written policies and procedures; Prohibition of reporting information with actual knowledge of errors; Duty to correct and update information; Duty to provide notice of delinquency of accounts; and Obligations upon notice of dispute. For Supervisory observations at consumer reporting companies, the report addresses Reasonable procedures to assure maximum possible accuracy; Duty to limit the furnishing of consumer reports to permissible purposes; Blocking information resulting from identity theft; and Dispute investigation.
In December 2019, the CFPB issued a report, A new retrospective on the removal of public records. This is another in a series of quarterly consumer credit trends. This report is a follow-up to the Feb. 2018 report, Removal of public records has little effect on consumers’ credit scores.
In December 2019, the FTC and the CFPB hosted a workshop on the accuracy of consumer reporting. CDIA filed a comment in advance of that workshop. CDIA and a number of member companies appeared on panels at that workshop.
In September 2018, the BCFP issued an Interim Final Rule on the Interim Final Rule on the Summaries of Rights under the Fair Credit Reporting Act (Regulation V). In connection with that process, CDIA filed a comment to the Bureau. All comments can be viewed online.
In 2018, the BCFP issued 12 RFIs in connection with its Call for Evidence. Of the 12 RFIs, CDIA has commented on five:
- Bureau Public Reporting Practices of Consumer Complaint Information Deadline June 4. CDIA filed a comment. There were 23,000+ comments filed.
- Bureau External Engagements Deadline May 29. CDIA filed a comment. There were 66 comments filed in connection with this RFI.
- Bureau’s Supervision Program Deadline May 21. CDIA filed a comment. There were 55,000+ comments filed in connection with this RFI.
- Bureau Enforcement Processes Deadline May 14. CDIA filed a comment. There were 61 comments filed in connection with this RFI.
- Bureau Civil Investigative Demands and Associated Processes Deadline April 26. CDIA filed a comment. There were 90 comments filed in connection with that RFI.
In December 2016, CDIA filed a comment to the CFPB in response to the Bureau’s notice and request for comment that was issued for a new information collection titled, ‘‘Consumer Response Customer Response Survey”. The November 2016 notice follows up on an OMB-required notice related to the prior request issued on August 1, 2016. The November 2016 request provides more detail about the Customer Response Survey. As with the December 2016 comment, CDIA filed a comment in connection with the August 2016 request.
Summary: The CFPB’s proposed amendments to its rules regarding the disclosure of records and information pursuant to the Freedom of Information Act, the Privacy Act of 1974, and in legal proceedings. CDIA comment. A link to all comments is here.
Summary: The CFPB sought input on its “Consumer Response Company Response Survey” and made a blog posting about the request. CDIA commented on the Consumer Complaint Database Portal. A link to all comments is here.
In August 2015, CDIA sent a letter to the CFPB asking it to postpone production of the CFPB monthly complaint report. In November 2015, CDIA sent a letter to the CFPB’s Office of Ombudsman making a similar request.
In August 2015, CDIA filed a comment with the CFPB requesting the normalization of consumer complaint data and other matters relating to the consumer complaint portal.
- In October 2019, CDIA filed suit against the State of New Jersey challenging the validity of a new law that seeks to impose obligations on the nationwide consumer reporting agencies to provide credit reports to consumers in New Jersey in at least 11 languages other than English. The New Jersey law is preempted by the FCRA. The law also violates the First Amendment of the U.S. Constitution. The complaint in CDIA v. Grewal is available online. The law that passed is Ch. 183, Session Law 2019 (S. 3452/A. 5055).
- In late-September, CDIA filed suit against the State of Maine challenging the validity of two new provisions of state law that (1) Change the way medical debt is reported to credit bureaus; and (2) Limit the reporting of adverse information about a consumer if that consumer was a victim of economic abuse. These new provisions in Maine are preempted by the FCRA. The complaint in CDIA v. Frey is available online. On November 25, the OAG and the Superintendent filed an answer to CDIA’s complaint.
- In 2019, CDIA filed suit against the State of Texas challenging the validity of a law that changes the way medical debt is reported to credit bureaus. The Texas law is preempted by the FCRA. The complaint in CDIA v. Texas is available online.
In 2012, following an appeal by CDIA, CDIA successfully invalidated a New Mexico law that could have increased credit repair. The law would have allowed consumers to block allegedly fraudulent information from their credit reports prior to an investigation of the validity of the allegations and in a way that is preempted to the FCRA. The U.S. Court of Appeals for the Tenth Circuit ruled 3-0 that “New Mexico’s block-first-ask-later rule is therefore in tension with one of the key legislative compromises of the FCRA—the requirement that CRAs be given an opportunity to investigate suspicious block requests before acceding to them.” Consumer Data Indus. Ass’n v. King, 678 F.3d 898. On remand, the U.S. District Court for New Mexico found the law preempted by the FCRA. Consumer Data Indus. Ass’n v. King, U.S. Dist. Ct., D. N.M. (No. 10-cv-00458-MCA-WDS) (July 30, 2012).
In 2009, CDIA successfully sued New Jersey over a law that would have prevented credit bureaus from sharing information with mortgage lenders that help save consumers money as they shop for a new or refinance mortgage. Consumer Data Industry Assn. v. Milgram, U.S. Dist. Ct. (D. N.J.), No. 3:09-cv-01270-MLC-LHG (June 26, 2009). The court’s order, which found the state law preempted by the FCRA, is online.
In 2007, CDIA successfully sued Minnesota over a law that would have prevented credit bureaus from sharing information with mortgage lenders that help save consumers money as they shop for a new or refinance mortgage. The U.S. District Court for Minnesota found, in looking specifically at the subject matter preemption of 15 U.S.C. § 1681t(b)(1)(A), that “the preemptive reach of FCRA is both broad and explicit” and held that the “‘subject matter’ of mortgage-trigger lists is unquestionably regulated by [the FCRA]”. Thus, “neither Minnesota nor any other state may prohibit or regulate their sale.” CDIA v. Swanson, U.S. District Court, D. Minn. (No. 07-CV-3376), at 7-8. The court’s order is online.
Federal Housing Finance Agency
CDIA filed a comment with the FHFA in March 2019 in response to its December 2018 request for comments on its proposal on the process for validation and approval of credit score models by the Federal National Mortgage Association (Fannie Mae) and the Federal Home Loan Mortgage Corporation (Freddie Mac) [together, the Enterprises]. FHFA requests public comment on all aspects of this proposed rule. All the comments filed are online.
Internal Revenue Service
Joint Trades Letter to the Committee on Ways & Means, Subcommittee on Oversight – Oct. 10, 2018
CDIA Letter to the Committee on Ways & Means, Subcommittee on Oversight – Oct. 1, 2018
Joint Trades Letter to the U.S. House – February 14, 2018
Joint Trades Letter to the U.S. Senate – February 14, 2018
CDIA Letter: Changes to the IRS IVES – Oct. 25, 2017
CDIA Talking Points: Talking Points Supporting a Delay in IRS Implementation of Income Verification Express Service (IVES) Access Changes – Oct. 2017
CDIA Memo, IRS Form 4506-T: Problems with and Solutions for the Possible Redaction of PII – Sept. 2017
CDIA Letter: Changes to the IRS IVES – Oct. 11, 2016
In December 2019, the FTC and the CFPB hosted a workshop on the accuracy of consumer reporting. CDIA filed a comment in advance of that workshop. CDIA and a number of member companies appeared on panels at that workshop.
In November 2018, the FTC issued a notice of proposed rulemaking a proposed rule to implement the credit monitoring provisions applicable to active duty military consumers under Sec. 302 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA). That section of the law requires nationwide consumer reporting agencies to provide a free electronic credit monitoring service to active duty military consumers, subject to certain conditions. The FTC proposes new provisions in the Code of Federal Regulations to be promulgated at 16 C.F.R. Part 609. The FTC also issued a press release covering the NPR. CDIA filed a comment in connection with this rulemaking process. All of the comments filed for this NPR are available at the FTC website or the regulations.gov website. The FTC issued a Final Rule in June 2019.
In January 2015, the FTC issued its sixth interim and final report to Congress under FACTA Sec. 319 concerning the accuracy of information in credit reports. The FTC press release called it a follow-up study of credit report accuracy that found most consumers who previously reported an unresolved error on one of their three major credit reports believe that at least one piece of disputed information on their report is still inaccurate.
In December 2012, the FTC issued it fifth interim report to Congress under FACTA Sec. 319 concerning the accuracy of information in credit reports. The February 2013 FTC press release covering the report suggested a high degree of errors in credit reports, that is not based on the real-world uses of credit reports.
In July 2011, the FTC issued a staff report, that compiles and updates the agency’s guidance on the FCR), the 1970 law designed to protect the privacy of credit report information and ensure that the information supplied by credit reporting agencies is as accurate as possible. The Commission also issued a Statement of General Policy or Interpretation; Commentary on the FCRA. FTC press release.
In December 2010, the FTC issued its fourth interim report to Congress under FACTA Sec. 319 describing progress the agency has made on a national study examining the accuracy of credit reports. Congress directed the FTC to conduct a study of credit report accuracy and provide interim reports every two years, starting in 2004 and continuing through 2012, with a final report in 2014. FTC press release.
In December 2008, the FTC issued a report to Congress on the credit report complaint referral program under the FCRA. The report was submitted in accordance with FCRA section 611(e) which was added to the FCRA by FACTA Sec. 313. Section 611(e) directs the FTC to transmit certain consumer complaints to the nationwide consumer reporting agencies that are the subject of the complaints; obtain information from the CRAs related to the resolution of those complaints; and, submit to Congress information gathered by the Commission pursuant to the subsection. FTC press release.
In July 2007, as noted by an FTC press release, the FTC released a report presenting the results of a study concerning credit-based insurance scores and automobile insurance. The study found that these scores are effective predictors of the claims that consumers will file. It also determined that, as a group, African-Americans and Hispanics tend to have lower scores than non-Hispanic whites and Asians. Therefore, the use of scores likely leads to African-Americans and Hispanics paying relatively more for automobile insurance than non-Hispanic whites and Asians. The FTC also issued a Statement of Chairman Majoras, Commissioner Kovacic, and Commissioner Rosch; a Dissenting Statement of Commissioner Harbour and a Concurring Statement of Commissioner Leibowitz.
In December 2006, the FTC issued its and a contractor’s report for an initial pilot study for Processes for Determining Accuracy of Credit Bureau Information.
In August 2006, the FTC and the Federal Reserve issued a Report to Congress on the FCRA Dispute Process.
In December 2004, the FTC issued a report to Congress containing studies on credit report accuracy and completeness required by the FACTA. FACTA required the FTC to conduct an ongoing study of the accuracy and completeness of consumer credit reports and to report on four specific topics related to credit report accuracy: (1) the effects of requiring the nationwide CRAs to match more points of consumers’ personal identifying information (“mixed files”); (2) the effects of requiring that a consumer who has been denied credit based on information in his or her credit report receive a copy of the same credit report on which the creditor based the adverse action (“same report”); (3) the effects of requiring that consumers be notified when negative information has been added to their credit reports (“Negative Information Notice Proposal”); and (4) whether there are any common financial transactions not generally reported to the CRAs that would provide useful information in determining a consumer’s credit rating (“Common Unreported Transactions Study”).
In September 2004, the FTC issued a press release seeking public comment on a proposed regulation to improve notices of consumers’ right to opt out of prescreened solicitations for credit or insurance. The FTC also issued a document, The Effectiveness of “Opt-Out” Disclosures In Pre-Screened Credit Card Offers: A Report Submitted to the Commission by Manoj Hastak, Ph.D., and a Credit Card Offer Study: Prepared for the Commission by Synovate Public Sector Research Group.
In July 2019, CDIA signed on to a joint industry trades letter to the Social Security Administration in connection with its rollout of a new program under Sec. 215 of the EGRRCPA. This program allows businesses to access a new system to confirm the validity of SSNs to help prevent identity theft. The joint letter notes that “to ensure consumers receive the benefit of the eCBSV’s anti-fraud capabilities as quickly as possible, it is imperative that SSA not limit the number of firms selected for the initial rollout to a low number. We believe such a cap would be detrimental to the broad implementation of eCBSV.”
The U.S. Department of Housing and Urban Development (HUD) issued a notice in the Federal Register on May 15, 2017 seeking public comment identifying existing regulations that may be outdated, ineffective, or excessively burdensome in order to consider whether they should be repealed, replaced, or modified per the instructions of Executive Order 13777. CDIA filed a comment that suggested that HUD review its April 4, 2016 Guidance on Application of Fair Housing Act Standards to the Use of Criminal Records by Providers of Housing and Real Estate-Related Transactions. CDIA asked HUD to review and modify that Guidance with respect to the type of criminal history information that a housing provider can consider in justifying an adverse housing action. In June 2018, HUD issued an advance notice of public rulemaking (ANPR) seeking comment on whether its 2013 Disparate Impact Rule (Rule) should be revised in light of the 2015 U.S. Supreme Court ruling in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc. CDIA filed a comment in connection with this process
In August 2019, HUD issued a proposed rule “to amend HUD’s interpretation of the Fair Housing Act’s disparate impact standard to better reflect the Supreme Court’s 2015 ruling in Inclusive Communities [and] to provide clarification regarding the application of the standard to State laws governing the business of insurance.” CDIA filed a comment in connection with that proposed rule.
CDIA filed a comment to the Centers for Medicare & Medicaid Services (CMS) within the U.S. Department of Health and Human Services to encourage CMS to require name-based, commercial criminal background checks for providers of home and community-based services (HCBS) provided to Medicaid beneficiaries. CDIA’s comment is in response to a request for information (RFI) from CMS to help improve the quality of HCBS provided to Medicaid beneficiaries. You may recall that CDIA filed a comment with CMS in the past, in connection with long-term care.
In October 2016, the Federal Reserve, the OCC, and the FDIC released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to certain large, interconnected financial entities (“covered entities”) as well as the third parties that provide services (“covered services”) to such entities. The press release covering the ANPR is online. In January 2017, CDIA filed a comment on this ANPR.
In September 2018, the National Telecommunications and Information Administration (NTIA) issued a Request for Comments on Developing the Administration’s Approach to Consumer Privacy. In response to that request, CDIA filed a comment and also signed on to a broader industry letter. The NTIA received over 100 comments in connection with its request.
In 2019, the Casualty Actuarial and Statistical Task Force of the National Association of Insurance Commissioners (NAIC) issued a Best Practices for Regulatory Review of Predictive Analytics White Paper. CDIA filed a comment on that paper.
In Oct. 2008, CDIA filed a comment in connection with draft paper on credit-based insurance scores issued from the NAIC.
The National Employment Law Project (NELP) has issued a number of questionable reports and papers over the years:
- 65 MILLION “NEED NOT APPLY” The Case for Reforming Criminal Background Checks for Employment (March 2011)
- Wanted: Accurate FBI Background Checks for Employment (July 2013)
- The “Wild West” of Employment Background Checks (August 2014)
- Unlicensed & Untapped: Removing Barriers to State Occupational Licenses for People with Records (April 2016)
CDIA filed a comment with the VA in response to its Jan. 3, 2014 proposed rule concerning the appointment of fiduciaries. Our comment encouraged the VA to (1) go beyond the ten-year look-back period to determine who can serve as a fiduciary for a veteran; and (2) not just limit disqualifying offenses to those noted below, but perhaps include other crimes of dishonesty and deception. A final rule was issued in July 2018.
- In 2019, CDIA filed an amicus brief in Patel v. Facebook in support of Facebook’s petition for a rehearing en banc before the U.S. Court of Appeals for the 9th Circuit. There is a significant Constitutional question at stake about when a plaintiff can establish sufficient harm to obtain standing under Article III to successfully sue for a violation of law. A three-judge panel of the 9th Circuit permits a class action plaintiff to establish Article III standing and seek billions of dollars in damages simply by alleging a statutory violation relating to privacy—even if the plaintiff concedes that no actual harm occurred. With limited regulatory guidance in interpreting the federal Fair Credit Reporting Act, consumer reporting agencies often face private litigation based on novel theories of liability. Expansive interpretation of Article III standing heightens CRAs’ litigation risk, and that risk is compounded by the potential for unlimited statutory damages that successful plaintiffs may recover in class action lawsuits under the FCRA.
In Patel, the 9th Circuit held that the plaintiffs had satisfied Article III standing simply by alleging a state statutory violation, namely the Illinois Biometric Information Privacy Act (“BIPA”). The plaintiffs claimed that Facebook’s “Tag Suggestions” feature—which uses facial-recognition software to suggest that users tag their friends in photographs they upload to the service—violated BIPA. Judge Donato (N.D. Cal.) certified a class. Two of the named plaintiffs testified that they were unaware of any harm that they suffered because of Tag Suggestions; indeed, one called it a “nice feature” that he continues to use. Plaintiffs’ lawyer admitted in open court that “[w]e haven’t found” that “any consequential harm resulted” from the alleged BIPA violation.
- In 2019, CDIA filed an amicus brief in Denan v. TransUnion before the U.S. Court of Appeals for the Seventh Circuit. The plaintiffs would like credit bureaus to not report legitimately owed debts by consumers if the loans were invalid under state law. CRAs have developed procedures regarding the intake, maintenance, and publication of the data they hold on consumers. Data furnishers are charged with reporting such information with “accuracy” and “integrity” in that the information provided to CRAs must accurately reflect the liability of each consumer with respect to the account reported. Under the FCRA, CRAs cannot and should not be forced to judge the validity of loans.
Also filing an amicus in this case is a joint brief filed by the National Consumer Law Center and the National Association of Consumer Advocates.
In November 2017, CDIA filed an amicus brief in Yim v. Seattle, a case in federal court challenging Seattle’s limitation on the use of criminal background checks for residential screening. CDIA’s brief, jointly filed with NAPBS, was filed in support of the plaintiff’s motion for summary judgement. CDIA and NAPBS filed a response to the city’s objections to the joint amicus brief. Amici briefs in support of the plaintiffs were filed by the National Apartment Association, and the National Consumer Reporting Association. Briefs in support of Seattle were filed by the Sargent Shriver National Center on Poverty Law (“Shriver Center”), and the National Housing Law Project (“NHLP”), which filed a joint brief; the Pioneer Human Services, and the Tenants Union of Washington, which filed a joint brief; and the Fred T. Korematsu Center for Law and Equality (“Korematsu Center”), and the ACLU, filing a joint brief. The city filed its opposition to the motions for leave to file amici briefs submitted by CDIA/NAPBS, and NCRA. The city also filed a combined Opposition to Plaintiffs’ Motion for S.J. and Cross Motion for S.J.
On Nov. 14, the Washington Supreme Court answered the three questions certified to them by the U.S. District Court. The supreme court was asked (1) What is the proper standard to analyze a substantive due process claim under the Washington Constitution? (2) Is the same standard applied to substantive due process claims involving land use regulations? and (3) What standard should be applied to Seattle Municipal Code [chapter] 14.09 (“Fair Chance Housing Ordinance”)? The court said that “[u]nless and until this court adopts heightened protections as a matter of independent state law, state substantive due process claims are subject to the same standards as federal substantive due process Yim etal. v. City of Seattle, No. 96817-9 claims. The same is true of state substantive due process claims involving land use regulations and other laws regulating the use of property. Therefore, the standard applicable to the plaintiffs’ state substantive due process challenge to the Fair Chance Housing Ordinance is rational basis review.”
In February 2016, CDIA filed an amicus brief with the New York Court of Appeals in Griffin v. Sirva, Inc. In short, CDIA urges the Court to agree that the state Human Rights Law applies to “employers” only, and not to third parties, like background check companies.
CDIA filed an amicus in Pedro v. Equifax, a case pending in the 11th Circuit. CDIA argues that (1) a consumer report practice supported by case law and regulatory guidance cannot be a “willful” violation of the FCRA; and (2) an accurate report of authorized user information is not “inaccurate” under the FCRA.
CDIA asked the 9th Circuit to allow CDIA to file an amicus brief in Polo v. Innoventions Int’l, but the court denied that motion without explanation. In this post-Spokeo case, the court is encouraging federal questions about nationwide credit reporting to be decided by state courts when they cannot be heard in federal courts. CDIA argues the cases cannot be heard in any court.
In 2013, CDIA joined with others to file an amicus brief before the U.S. Supreme Court in McBurney v. Young, a case that challenged the constitutionality of Virginia’s Freedom of Information Act which grants Virginia citizens access to all public records, but grants no such right to non-Virginians. Unfortunately, the court ruled 9-0 that the statute, as reported by scotusblog, “does not violate the Privileges and Immunities Clause, which protects only those privileges and immunities that are ‘fundamental.’ The Act also does not violate the dormant Commerce Clause: it neither prohibits access to an interstate market nor imposes burdensome regulation on that market; and in any event, a state does not violate the Clause when, having created a market through a state program, it ‘limits benefits generated by [that] state program to those who fund the state treasury and whom the State was created to serve.’”
In July 2019, the GAO released a new report, Consumer Reporting Agencies: CFPB Should Define Its Supervisory Expectations (GAO 19-459). The report was required under Sec. 308 of the EGRRCPA. As noted in the transmittal letter, the report “(1) describes the current oversight framework for CRAs, (2) examines how the Consumer Financial Protection Bureau (CFPB) has overseen CRAs and entities that furnish consumer data, (3) examines how other federal agencies, including the Federal Trade Commission (FTC) and the prudential regulators, have overseen CRAs and entities that furnish consumer data, and (4) identifies what is known about the causes of inaccuracies in consumer reports and the processes that are in place to help ensure accuracy.”
The GAO issued a report in May 2019, Private Student Loans: Clarification from CFPB Could Help Ensure More Consistent Opportunities and Treatment for Borrowers. The study was required by Sec. 602 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA). The Act required the GAO to review the implementation and effects of private student loan rehabilitation programs. The GAO report examines (1) the factors affecting financial institutions’ participation in these programs, (2) the risks that these programs may pose to financial institutions, and (3) the effects that these programs may have on student loan borrowers’ access to future credit.
GAO report, Range of Consumer Risks Highlights Limitations of Identity Theft Services (GAO-19-230, March 27, 2019), and also released a podcast.
GAO report, Actions Needed to Strengthen Oversight of Consumer Reporting Agencies (GAO-19-196, Feb. 21, 2019). In connection with the release of this report, the GAO also issued congressional testimony delivered before the Subcommittee on Economic and Consumer Policy, of the U.S. House Committee on Oversight and Reform.
GAO report, Process Improvements Needed in Recouping Overpayments to Service Members (GAO-19-61, Feb. 15, 2019)
GAO report, Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility (GAO-19-52, Jan. 15, 2019). In connection with the release of this report, the GAO also issued congressional testimony delivered before the Permanent Subcommittee on Investigations of the U.S. Senate Committee on Homeland Security and Governmental Affairs.
GAO report, Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach, (GAO-18-559, Aug. 30, 2018)
GAO report, Identity Theft Services; Services Offer Some Benefits but Are Limited in Preventing Fraud (GAO-17-254, March 30, 2017), and also released a podcast.
In Sept. 2013, the GAO issued a report, Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace (GAO 13-663). “This report addresses (1) privacy laws applicable to consumer information held by resellers, (2) gaps in the law that may exist, and (3) views on approaches for improving consumer data privacy.”
In 2003, the GAO released a report, Limited Information Exists On Extent of Credit Report Errors and Their Implications for Consumers. This report is a Statement for the Record Before the Committee on Banking, Housing, and Urban Affairs, U.S. Senate.
- In November 2019, the House Financial Services Committee released a committee report on H.R. 3618, the Free Credit Scores for Consumers Act of 2019. Also in November, the committee issued a report on H.R. 3614, the Restricting Credit Checks for Employment Decisions Act.
- On Nov. 21, 2019, the House Financial Services Committee held a hearing, Banking on Your Data: the Role of Big Data in Financial Services. In advance of the hearing, the majority staff produced a memorandum. The bills connected to the hearing are H.R. 4008, the No Biometric Barriers to Housing Act of 2019; H.R. ____, Safeguarding Non-bank Consumer Information Act; and H.R. ____, Financial Information Data Modernization Act. Appearing at the hearing as witnesses were Ms. Lauren Saunders, Associate Director, National Consumer Law Center; Dr. Seny Kamara, PhD., Associate Professor of Computer Science, Brown University and Chief Scientist, Aroki Systems; Dr. Christopher Gillard, PhD., Professor of English, Macomb Community College and Digital Pedagogy Lab Advisor; Mr. Don Cardinal, Managing Director, Financial Data Exchange (“FDX”); and Mr. Duane Pozza,Partner, Wiley Rein.
- In 2019, the U.S. Senate Permanent Subcommittee On Investigations of the Committee on Homeland Security and Governmental Affairs released a staff report, How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach.
- In connection with a markup of a number of bills on July 11, 2019, CDIA submitted a letter to the U.S. House Financial Services Committee. On July 16, the committee also marked up the Accurate Access to Credit Information Act of 2019 (AACIA), legislation the Committee on Financial Services expects to mark-up on July 16, 2019. CDIA submitted a letter to the committee in connection with that bill.
- In March 2019, the Congressional Research Service issued a report, Consumer Credit Reporting, Credit Bureaus, Credit Scoring, and Related Policy Issues.
- On March 26, the Subcommittee on Economic and Consumer Policy, of the U.S. House Committee on Oversight and Reform held a hearing, Improving Data Security at Consumer Reporting Agencies. The hearing examined: (1) the options available to the Federal Trade Commission and the Consumer Financial Protection Bureau to promote the improvement of cybersecurity at consumer reporting agencies; and (2) the Government Accountability Office’s recommendations for improving those options. Testifying at this hearing were Michael Clements, Director, Financial Markets and Community Investment, Government Accountability Office; Mike Litt Consumer Campaigns Director, U.S. PIRG; Andrew Smith, Director, Bureau of Consumer Protection, Federal Trade Commission; and Jennifer Huddleston, Research Fellow, Mercatus Center at George Mason University. In advance of the hearing the committee issued a committee memo and following the hearing the majority issued a hearing recap.
- In March 2019, CDIA filed a letter with the U.S. Senate Committee on Banking, Housing, and Urban Affairs in response to its February 2019 request seeking “feedback…on the collection, use and protection of sensitive information by financial regulators and private companies.” Approximately 55 submissions were filed, including CDIA’s submission. The full list of submissions is available at the committee’s website and all submissions are noted and linked below.
- In March 2019, CDIA filed a letter with the U.S. House Committee on Financial Services in follow up to its February 2019 hearing, Who’s Keeping Score? Holding Credit Bureaus Accountable and Repairing a Broken System.
- On March 7, 2019, the Permanent Subcommittee on Investigations of the U.S. Senate Committee on Homeland Security and Governmental Affairs held a hearing, Examining Private Sector Data Breaches. In connection with this hearing, the committee issued a bipartisan staff report, How Equifax Neglected Cybersecurity and Suffered a Devastating Breach: Staff Report. There were five witnesses on two panels. Panel one had two witnesses, Mark W. Begor, Chief Executive Officer, Equifax; and Arne M. Sorenson, President and Chief Executive Officer, Marriott International, Inc. There were three witnesses on panel two: Alicia Puente Cackley, Director, Financial Markets and Community Investment, U.S. Government Accountability Office; Andrew Smith, Director, Bureau of Consumer Protection, U.S. Federal Trade Commission; and John M. Gilligan, President and Chief Executive Officer, Center for Internet Security.
- On Feb. 27, 2019, the House Committee on Financial Services held a hearing, Who’s Keeping Score? Holding Credit Bureaus Accountable and Repairing a Broken System. The webcast of the hearing is online. There were two panels at the hearing. The first panel was made up of the CEOs of the three nationwide credit reporting agencies: Mark Begor, CEO, Equifax; James M. Peck, President and CEO, TransUnion; and Craig Boundy, CEO, Experian North America. The second panel was mostly consumer special interest groups, but also one financial services attorney. The second panel was made up of Lisa Rice, President and CEO, National Fair Housing Alliance (NFHA); Chi Chi Wu, Staff Attorney, National Consumer Law Center (NCLC); Jennifer Brown, Associate Director, Economic Policy, UnidosUS; Edmund Mierzwinski, Consumer Program Director, U.S. Public Interest Research Group (PIRG); and Thomas P. Brown, Partner, Paul Hastings. In advance of the hearing, the committee issued its Committee Memorandum, H.R.____, “Comprehensive Consumer Credit Reporting Reform Act of 2019” [DRAFT], and H.R.____, “Protecting Innocent Consumers Affected by a Shutdown Act” [DRAFT].
- On July 12, 2018, the U.S. Senate Committee on Banking, Housing & Urban Affairs held a hearing, An Overview of the Credit Bureaus and the Fair Credit Reporting Act. The two witnesses were Maneesha Mithal, the Associate Director for the Division of Privacy and Identity Protection at the Federal Trade Commission and Peggy Twohig, and I am the Assistant Director for Supervision Policy at the Consumer Financial Protection Bureau. Available online is the committee’s hearing record.
- In July 2018, CDIA filed a letter with the U.S. Senate Committee on Banking, Housing & Urban Affairs. The letter was submitted for the record following a hearing on July 12, 2018, An Overview of the Credit Bureaus and the Fair Credit Reporting Act.
- In April 2018, CDIA sent a letter to Jeb Hensarling, the chairman of the Committee on Financial Services, and to Maxine Waters, the Ranking Member on that same committee. CDIA asked for three things in connection with the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA): (1) that CRAs be permitted to perform “data hygiene” with the Social Security Administration (SSA) to further reduce identity theft; (2) that the Committee should remove the credit monitoring obligations of CRAs in the senate version of the bill; and (3) that the Committee include administrative enforcement for the veterans’ credit obligations in the bill.
- In March 2018, the U.S. House Committee on Financial Services conducted a two hearing, Legislative Proposals to Reform the Current Data Security and Breach Notification Regulatory Regime. CDIA testified at that hearing.
- On November 1, 2017, the Subcommittee on Digital Commerce and Consumer Protection of the U.S. House Committee on Energy & Commerce held a hearing, Securing Consumers’ Credit Data in the Age of Digital Commerce. The witnesses were Francis Creighton, President and CEO of the Consumer Data Industry Association; Anne P. Fortney, Esq., Partner Emeritus at Hudson Cook; James Norton, Founder and President of Play-Action Strategies LLC; and Bruce Schneier, an Adjunct Lecturer in Public Policy at the Harvard Kennedy School. Available online is the hearing record.
- On October 17, 2017, the U.S. Senate Committee on Banking, Housing & Urban Affairs held a hearing, Consumer Data Security and the Credit Bureaus. The witnesses were Andrew Smith of Covington & Burling on behalf of the Consumer Data Industry Association; Marc Rotenberg, president of the Electronic Privacy Information Center; and Chris Jaikaran, an analyst in cybersecurity policy for the Congressional Research Service. Available online is the hearing record.
- In Oct. 2017, CDIA testified at a hearing of the U.S. Senate Committee on Banking, Housing, and Urban Affairs, Consumer Data Security and the Credit Bureaus. The committee hearing record includes CDIA’s testimony.
- On October 4, 2017, the U.S. Senate Committee on Banking, Housing & Urban Affairs held a hearing, An Examination of the Equifax Cybersecurity Breach. The witness was Richard (Rick) Smith, the Chairman and Chief Executive Officer of Equifax, Inc. Available online is the hearing record.
- On October 3, 2017, the Subcommittee on Digital Commerce and Consumer Protection of the U.S. House Committee on Energy & Commerce held a hearing, Oversight of the Equifax Data Breach: Answers for Consumers. The witness was Richard (Rick) Smith, the Chairman and Chief Executive Officer of Equifax, Inc. Available online is the hearing record.
- In April 2017, CDIA submitted a letter to the U.S. Senate Committee on Banking, Housing and Urban Affairs in response to its joint request of March 2017 for proposals to foster economic growth. CDIA’s letter offered three suggestions: harmonizing the FCRA class action liability cap with other financial consumer protection laws, reforming the Credit Repair Organizations Act (CROA), and fostering credit score competition through Fannie Mae and Freddie Mac.
- On September 23, 2016, the Subcommittee on Financial Institutions and Consumer Credit of the U.S. House Committee on Financial Services held a hearing, Examining Legislative Proposals to Address Consumers Access to Mainstream Banking Services. The webcast of the hearing is available online. Testifying at the hearing were Dr. Michael Turner, President and Chief Executive Officer, Policy and Economic Research Council; Mr. Ronald D. Paul, Chairman and Chief Executive Officer, Eagle Bank, on behalf of the Independent Community Bankers of America; and Dr. Norbert J. Michel, Research Fellow in Financial Regulations, Heritage Foundation. For the hearing, the committee referenced six bills, H.R. 347, the Facilitating Access to Credit Act of 2015; H.R. 4116, to amend the Federal Deposit Insurance Act to ensure that the reciprocal deposits of an insured depository institution are not considered to be funds obtained by or through a deposit broker, and for other purposes; H.R. 4172, the The Credit Access and Inclusion Act of 2015; H.R. 4211, the Credit Score Competition Act of 2015; H.R. 5660, the Retail Checking Account Protection Act of 2016; and H.R. ____, the Protect Prepaid Accounts Act of 2016. Available online is the hearing record.
- In June 2016, CDIA submitted a written comment for the record to the Over-Criminalization Task Force of the House Judiciary Committee in connection with the Task Force’s June 26, 2014 Hearing on Collateral Consequences. The hearing transcript is available online and includes CDIA’s letter.
- In October 2019, the California Department of Justice (DOJ), which is what the office of the attorney general is called, issued a Proposed Regulations under the CCPA. The Department also issued a Notice of Proposed Rulemaking and an Initial Statement of Reasons for the rulemaking.
- CDIA filed a comment in March 2019 in connection with the California attorney general’s pre-rule making on the California Consumer Privacy Act (CCPA). An overview of the rulemaking process is available online from the OAG. The OAG’s public forums were part of its “preliminary activities” before a proposed rule. In October 2019, the OAG issued proposed rules and CDIA filed a comment in connection with that rulemaking process. The OAG has a webpage dedicated to CCPA resources.
- In April, CDIA submitted a comment to the Texas DMV on proposed changes to motor vehicle record access in the Texas Register, 43 Tex. Reg. 1621 (March 16, 2018). The final rule was published online in the Texas Register in July 2018.
New York State rulemaking
- In October 2017, the New York Department of Financial Services (DFS) published a proposed rule to further regulate “consumer credit reporting agencies”. In response to that proposed rule, CDIA filed a comment with DFS. In July 2018, the DFS issued a Notice of Adoption for the DFS’s Final Rule and Gov. Cuomo’s announcement of the promulgation of that rule. The Department also issued an Assessment of Public Comments for that final rule.On December 12, 2017, New York Governor, Andrew Cuomo (D) announced that the Department of State was issued emergency regulations for “consumer reporting agencies”. CDIA submitted a comment on the emergency regulations. The emergency regulation was finalized in April 2018.
- CDIA filed two comments to the New York Department of Financial Services in December 2016 and January 2017 in connection with the Department’s initial Cybersecurity Requirements For Financial Services Companies and then its revised cybersecurity rule. Most of CDIA’s comments were accepted by the Department in its final rule.
In 2019, the Council of State Government’s (CSG) Suggested State Legislation Committee (SSL) proposed to include Vermont’s data broker law on it’s list of suggested state laws for other states to follow. CDIA objected to this proposal and submitted a letter opposing inclusion of the Vermont law on the SSL list.