Privacy & Information Security Law Blog

In a January 13, 2013 blog post, the Federal Trade Commission’s Bureau of Consumer Protection’s Business Center Blog highlighted the FTC’s recent groundbreaking settlement for violations of the Fair Credit Reporting Act (“FCRA”) in the mobile app context. The settlement with Filiquarian Publishing, LLC, Choice Level, LLC, and Joshua Linsk (the owner of Filiquarian and Choice Level, collectively, the “Companies”), is the first FCRA enforcement action against a mobile app developer. Filiquarian offered mobile apps to consumers for purposes of conducting criminal background checks in numerous states, and Choice Level provided the criminal background checks used by the apps to Filiquarian.

The complaint against the Companies alleged numerous violations of the FCRA, including that they (1) regularly furnished consumer reports to persons who did not have a permissible purpose to use them, (2) failed to ensure the accuracy of the reports, and (3) did not provide required notices to the users of the consumer reports. The Companies published disclaimers that the criminal background checks were not to be used to screen individuals for insurance, employment or credit and that the companies did not comply with the FCRA, but the FTC pointed out that those disclaimers were essentially meaningless. Rather, the FTC noted in the blog post, that “what triggers a company’s obligations under the FCRA” is the fact that it produces consumer reports that are used for employment, housing, credit or other similar purposes, and that no disclaimer could eliminate a company’s FCRA obligations.

The consent order between the FTC and the Companies prohibits them from (1) furnishing a consumer report to anyone without a permissible purpose under the FCRA, (2) not maintaining reasonable procedures to restrict the provision of such reports, (3) failing to ensure the accuracy of the information in the reports, and (4) neglecting to provide the “Notice to Users of Consumer Reports: Obligations of Users Under the FCRA” to all users and the “Notice to Furnishers of Information: Obligations of Furnishers Under the FCRA.” The consent order, which is effective for 20 years, also requires the Companies to retain records that show compliance with the order for five years, including the contact information for anyone that seeks to obtain the consumer reports as well as the Companies’ training and marketing materials.

The Business Center Blog post references the warning letters the FTC sent to mobile app developers in 2012, gently reminding background screening service providers that “[i]t’s wise to pay attention to what the FTC says in warning letters to other companies.”

Update: On May 1, 2013, the FTC approved the final settlement order with the Companies.