The Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (“FCRA”) governs the collection, assembly, and use of consumer report information and provides the framework for the credit reporting system in the United States. The FCRA was enacted in 1970, and it has been amended several times in the ensuing years. The two most extensive amendments were the Consumer Credit Reporting Reform Act of 1996 (the “1996 amendments”) and the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”). The FCRA regulates the practices of consumer reporting agencies (“CRAs”) that collect and compile consumer information into consumer reports for use by credit grantors, insurance companies, employers, landlords, and other entities in making eligibility decisions affecting consumers. Information included in consumer reports generally may include consumers’ credit history and payment patterns, as well as demographic and identifying information and public record information (e.g., arrests, judgments, and bankruptcies). Consumer report information may be used by entities to predict the risk of future nonpayment, default, or other adverse events.

The FCRA was enacted to (1) prevent the misuse of sensitive consumer information by limiting recipients to those who have a legitimate need for it; (2) improve the accuracy and integrity of consumer reports; and (3) promote the efficiency of the nation’s banking and consumer credit systems.

As a CRA, Indelible Investigations adheres to all aspects of the FCRA. Provided is a link to the full FCRA: https://www.ftc.gov/system/files/ftc_gov/pdf/fcra-may2023-508.pdf

A Summary of Your Rights Under the Fair Credit Reporting Act (FCRA)

You have certain rights under the FCRA. The provided link provides a summary of these rights: https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act of 2018 gives consumers more control over the personal information businesses collect about them. This landmark legislation was the first comprehensive consumer privacy law passed in the United States. https://cppa.ca.gov/

In 2020, California voters approved Proposition 24, the California Privacy Rights Act. This amended the CCPA by adding additional consumer privacy rights. It also established this Agency and tasked it with responsibilities including the enforcement of the law and educating the public on their rights under the law. As of January 1, 2023, California residents have the following rights:

·         The right to delete personal information businesses have collected from them (subject to some exceptions);

·         The right to correct inaccurate personal information that businesses have about them;

·         The right to know what personal information businesses have collected about them and how they use and share it;

·         The right to opt-out of the sale of their personal information;

·         The right to opt-out of the sharing of their personal information for cross-context behavioral advertising;

·         The right to limit the use and disclosure of sensitive personal information collected about them; and

·         The right to non-discrimination for exercising their CCPA rights.

Businesses that are subject to the CCPA must also comply with the law’s purpose limitation and data minimization rules. This means businesses must limit the collection, use, and retention of your personal information to only those purposes that: (1) a consumer would reasonably expect, or (2) are compatible with the consumer’s expectations and disclosed to the consumer, or (3) purposes that the consumer consented to, as long as consent wasn’t obtained through dark patterns. For all of these purposes, the business’ collection, use, and retention of the consumer’s information must be reasonably necessary and proportionate to serve those purposes. Businesses also have additional responsibilities, including making certain disclosures to consumers about their privacy practices, such as posting a privacy policy. CPRA amends the CCPA; it does not create a separate, new law. As a result, the Agency typically refers to the law as “CCPA” or “CCPA, as amended.” The CPRA amendments to the CCPA are in effect as of January 1, 2023.

California Consumer Credit Reporting Agencies Act (CCCRA)

The California Consumer Credit Reporting Agencies Act (CCCRA) was passed in 1975 as the state's version of the federal Fair Credit Reporting Act. The act regulates consumer credit reporting agencies as well as any users of credit reports. The act also provides a narrower definition of "consumer credit report" as any information that falls within credit reports is protected by the act. The CCCRA allows consumers to request a copy of their credit file with a thorough explanation of any codes used, credit score with related information, records of any third party requests made for the consumer's files, and the identifiable information of any party third party that has received the consumer's file. Any information requested by the consumer must be made available by a person, by mail, or by phone with a trained person who is able provide a comprehensive explanation of the information. Credit reports can be disclosed to third parties without notifying the consumer if the information is related to the party requesting the information, if it is to complete a court order, or if the party requesting it has legitimate use for the information. (California Civil Code § 1785, et seq.) https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.6.&part=4.&chapter=1.&article

California Investigative Consumer Reporting Agencies Act (ICRAA)

The California Investigative Consumer Reporting Agencies Act (ICRAA) has a number of clauses which are stricter than the FCRA and must be followed. One clause is in regard to criminal records. The ICRAA, section 1786.18 (as well as Labor Code Section 432.7), only allows the reporting of criminal CONVICTIONS, and limits the conviction information to seven years from the date of disposition, release or parole. This is regardless of the subjects anticipated salary (The general 7-year limitations under the FCRA do not apply to employee’s whose salary is $75,000.00 or more). Additionally, under Civil Code Section 1786.2 (c), the definition of an “investigative consumer report” (as opposed to just a consumer report) is expanded to include information obtained… through “any means.” This means that a public records check which would be a “consumer report” under the FCRA is considered an “investigative consumer report” under the ICRAA. Civil Code Section 1786.16 requires that applicants be notified in writing “of the nature and scope of the investigation requested,” and be provided “a summary of the provisions of (their rights) section 1786.22 There are other clauses under California Law which also add greater restrictions and/or requirements to a pre-employment screening. (California Civil Code § 1786, et seq.) https://icraa.com/

Gramm-Leach-Bliley Act (GLB)

The Gramm-Leach-Bliley Act (GLB) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. https://www.ftc.gov/legal-library/browse/statutes/gramm-leach-bliley-act

Driver’s Privacy Protection Act (DPPA)

The Drivers Privacy Protection Act (DPPA), Public Law No. 103-322 codified as amended by Public Law 106-69, was originally enacted in 1994 to protect the privacy of personal information assembled by State Department of Motor Vehicles (DMVs). https://epic.org/dppa/

International Regulations, Laws and/or Acts Regarding Consumer Data Protection

As a CRA, Indelible Investigations might at times conduct business outside of the United States, as authorized by the consumer and requested by our client. We adhere to all applicable international regulations, laws and/or acts, etc. as it applies to the company. Below is a list of some of the more relevant international regulations, laws and/or acts for your reference:

General Data Protection Regulation (GDPR) - https://gdpr.eu/

Consumer Credit Directive - https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202302225

Data Protection Act 2018 - United Kingdom – https://www.gov.uk/data-protection

Federal Data Protection Act (BDSG) - Germany - https://www.gesetze-im-internet.de/englisch_bdsg/englisch_bdsg.html

French Data Protection Act - France - https://www.kiteworks.com/risk-compliance-glossary/french-data-protection-act/

Contact Information

Questions, comments, complaints or requests for assistance regarding any of the information above can be addressed to:

Indelible Investigations
Attn: FCRA and/or related regulations
contact@indelibleinvestigation.com