FTC Sends FCRA Warning Letters to Mobile App Background Check Providers

Published On February 8, 2012 | By Melissa Maalouf | FTC & State AG, General, Litigation, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On February 7, the FTC announced that it sent letters to 6 mobile application providers that offer background screening products warning that the apps may be violating the Fair Credit Report Act (“FCRA”).  The FCRA is a consumer credit protection law designed to protect the privacy of consumer report information and ensure the accuracy of information supplied by consumer reporting agencies to third parties evaluating consumers for employment, housing, credit or other similar purposes.

The letters were sent to InfoPay, Inc., marketer of the Criminal Pages app; Everify, Inc., marketer of the Police Records app; and Intelligator, Inc., marketer of the Background Checks, Criminal Records Search, Investigate and Locate Anyone, and People Search and Investigator apps.

Under the FCRA, a company is considered a consumer reporting agency (“CRA”) if it assembles or evaluates information on consumers for the purpose of furnishing “consumer reports” to third parties.  Such reports contain information relating to an individual’s character, reputation or personal characteristics, and are used or expected to be used for employment, housing, credit, or other similar purposes.  Companies who are CRAs must comply with several different FCRA provisions, including:  (1) taking reasonable steps to ensure the user of each report has a “permissible purpose” to use the report; (2) taking reasonable steps to ensure the maximum possible accuracy of the information provided in the report; and (3) providing users of reports with information about their obligations under the FCRA (such as informing employers about their obligation to provide employees/applicants with notice of any adverse action taken on the basis of the reports, their rights to receive copies of the reports, and their rights to a free reinvestigation of information if the consumer believes the report to be in error).

According to the FTC’s letters, some of the apps include criminal record histories, which contain information on an individual’s character and general reputation, and are often used in employment decisions and tenant screening.  The FTC therefore advised that if the app providers have reason to believe that the background reports they offer are being used by third parties for such purposes, or any other enumerated purposes under the FCRA, they must be in compliance with the FCRA.  The FTC emphasized that the apps’ obligation to comply with the FCRA exists even if the apps have a disclaimer on their websites or apps warning others not to use the reports for employment or other FCRA purposes.  The FTC noted that factors such as advertising placement and customer lists would help it to evaluate whether a particular app may be being used for FCRA purposes.

The FTC has not yet taken a position as to whether the apps are in violation of the FCRA, but warned that it reserves the right to take legal action against the apps based on past or future violations, and that such action would entitle the FTC to seek injunctive relief and/or monetary penalties of up to $3,500 per violation.

About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.

Leave a Reply

Your email address will not be published. Required fields are marked *