Far-Reaching Implications of Recent FCRA Enforcement Actions
Time 2 Minute Read
Categories: Centre for Information Policy Leadership, Enforcement, FCRA, International, Workplace Privacy

On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. At first blush, the case may appear to be a simple FCRA matter – the FTC alleged that HireRight functioned as a consumer reporting agency when providing employment screening services to companies, but then failed to take steps to assure the accuracy of those reports and prevented consumers from dispute inaccurate information. Despite initial appearances, however, the case has broader geopolitical implications.

For years, the United States has argued that the FCRA is the foundation of a privacy regime aimed at preventing harm to individuals. The FCRA requires consumer reporting agencies to comply with fair information practice principles, such as accuracy, access and correction, and imposes strong penalties for violations. In addition, FTC enforcement actions establish a basis for consumer private rights of action when companies fail to comply with the Act.

Organizations such as the Centre for Information Policy Leadership at Hunton & Williams LLP have repeatedly argued in international settings that the FCRA is a very broad law giving the FTC authority in almost all cases where companies aggregate information for the purpose of substantive decision making. However, many non-U.S. privacy policymakers believe that the FCRA is narrowly focused on preventing harm in credit-related decisions. The FTC’s two employment-related enforcement actions this year (the HireRight and Spokeo cases) make clear that employment is fully covered under the FCRA. By emphasizing the FCRA’s applicability in the employment context, the FTC helps strengthen the case for interoperability between very different privacy regimes. The more FCRA enforcement actions the FTC files against non-traditional consumer reporting agencies, the stronger the U.S. government’s arguments regarding interoperability with respect to information aggregation issues, and the more likely that discussions about interoperability will bear fruit.

Tags: Consumer Protection, Fair Information Practice Principles, Federal Trade Commission, Penalty
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page