Last week, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion to ensure that companies that use and share credit and background reports have a “permissible purpose” under the Fair Credit Reporting Act (“FCRA”). The credit, criminal, job, and rental records of individuals are a few items consumer reporting agencies gather, compile, and assess. This information is then packaged into a report and used across various industries by creditors, insurers, landlords, employers, and others to make eligibility and other decisions about consumers. This collection, assembly, evaluation, dissemination, and use of vast quantities of often highly sensitive personal and financial information contained within consumer reports pose significant risks to consumer privacy. Thus, to combat these risks and better safeguard individuals’ personal data, the CFPB’s new advisory opinion makes clear that users of credit reports also have express obligations to protect this sensitive data. For these reasons, entities must have a “permissible purpose” when obtaining such reports.
Continue Reading The Consumer Financial Protection Bureau Issues an Advisory Opinion Strengthening Consumer Privacy

Theft or accidental loss of a laptop, thumb drive or other device is “[t]he single most common way that protected health information is compromised.” And while violating the Health Insurance Portability and Accountability Act’s Privacy and Security Rules can result in million-dollar fines, HIPAA does not provide for a private right of action. So when an employee of Alere Home Monitoring Inc. had a company laptop containing patients’ medical information stolen out of her car in 2012, plaintiffs filed
Continue Reading Healthcare Home Monitoring Company Avoids FCRA Liability Over Stolen Laptop