Compliance

Description: Our Criminal Record Database has been years in development and offers records from varies state DOC, Association of Courts and County Courts, The information is compatible if not better to many competing databases but at a much lower price. We do not make any guarantees as to the validity of the records and should only be used as a reference and verified by the source.

DISCLAIMER: Information provided through this service is subject to the following restrictions and/or limitations:

Coverage and Content — Data may not be available from all states or all counties or all smaller subdivisions within. Some items of data may be available from some but not other jurisdictions, and many of the sources of court records have attempted to protect personal identifiers by no longer providing data fields containing Social Security numbers, dates of birth, addresses, or telephone numbers.
History — Some jurisdictions provide deeper history than others, often due to the advent of computerized record keeping, which did not occur at the same time everywhere; consult the coverage chart for indications of historical availability in any particular jurisdiction.
Currentness — Some jurisdictions provide more recent data than others, and some jurisdictions have ceased to make records available to the public; consult the coverage chart for indications of currentness in any particular jurisdiction.
Reliability — The data provided through this service is a snapshot in time and may not reflect all action that has occurred since electronic record of the reported event(s) were obtained.
Accuracy — Data entry errors occur everywhere every day. Positive ID requires fingerprint search. Disposition inquiries should be directed to the reporting agency.
Verification — Since records may not have sufficient information to establish an exact identity, search results should be taken only as an indicator of information available. Records are for informational purposes only.
Completeness — Information provided through this service is from public court records, but does not comprise all information from the official court records available to the public. Court pleadings, for instance, may be found in case files that may be viewed and copied at a courthouse. Confidential cases, sealed cases, sealed documents, and expunged records also are not available though our service.
FCRA — You may not use our service or the information it provides to make decisions about consumer credit, employment, insurance, tenant screening, or any other purposes that would require FCRA compliance.

18 U.S. Code § 2721 – Prohibition on release and use of certain personal information from State motor vehicle records

(a)In General.—A State department of motor vehicles, and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity:

(1)

personal information, as defined in 18 U.S.C. 2725(3), about any individual obtained by the department in connection with a motor vehicle record, except as provided in subsection (b) of this section; or

(2)

highly restricted personal information, as defined in 18 U.S.C. 2725(4), about any individual obtained by the department in connection with a motor vehicle record, without the express consent of the person to whom such information applies, except uses permitted in subsections (b)(1), (b)(4), (b)(6), and (b)(9): Provided, That subsection (a)(2) shall not in any way affect the use of organ donation information on an individual’s driver’s license or affect the administration of organ donation initiatives in the States.

(b)Permissible Uses.—Personal information referred to in subsection (a) shall be disclosed for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers, and removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act (15 U.S.C. 1231 et seq.), the Clean Air Act (42 U.S.C. 7401 et seq.), and chapters 301, 305, and 321–331 of title 49, and, subject to subsection (a)(2), may be disclosed as follows:

(1)

For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions.

(2)

For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles, motor vehicle parts and dealers; motor vehicle market research activities, including survey research; and removal of non-owner records from the original owner records of motor vehicle manufacturers.

(3)For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only—

(A)

to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and

(B)

if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual.

(4)

For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court.

(5)

For use in research activities, and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals.

(6)

For use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating or underwriting.

(7)

For use in providing notice to the owners of towed or impounded vehicles.

(8)

For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection.

(9)

For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver’s license that is required under chapter 313 of title 49.

(10)

For use in connection with the operation of private toll transportation facilities.

(11)

For any other use in response to requests for individual motor vehicle records if the State has obtained the express consent of the person to whom such personal information pertains.

(12)

For bulk distribution for surveys, marketing or solicitations if the State has obtained the express consent of the person to whom such personal information pertains.

(13)

For use by any requester, if the requester demonstrates it has obtained the written consent of the individual to whom the information pertains.

(14)

For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety.

(c)Resale or Redisclosure.—

An authorized recipient of personal information (except a recipient under subsection (b)(11) or (12)) may resell or redisclose the information only for a use permitted under subsection (b) (but not for uses under subsection (b)(11) or (12)). An authorized recipient under subsection (b)(11) may resell or redisclose personal information for any purpose. An authorized recipient under subsection (b)(12) may resell or redisclose personal information pursuant to subsection (b)(12). Any authorized recipient (except a recipient under subsection (b)(11)) that resells or rediscloses personal information covered by this chapter must keep for a period of 5 years records identifying each person or entity that receives information and the permitted purpose for which the information will be used and must make such records available to the motor vehicle department upon request.

(d)Waiver Procedures.—

A State motor vehicle department may establish and carry out procedures under which the department or its agents, upon receiving a request for personal information that does not fall within one of the exceptions in subsection (b), may mail a copy of the request to the individual about whom the information was requested, informing such individual of the request, together with a statement to the effect that the information will not be released unless the individual waives such individual’s right to privacy under this section.

(e)Prohibition on Conditions.—

No State may condition or burden in any way the issuance of an individual’s motor vehicle record as defined in 18 U.S.C. 2725(1) to obtain express consent. Nothing in this paragraph shall be construed to prohibit a State from charging an administrative fee for issuance of a motor vehicle record.

(Added Pub. L. 103–322, title XXX, § 300002(a), Sept. 13, 1994, 108 Stat. 2099; amended Pub. L. 104–287, § 1, Oct. 11, 1996, 110 Stat. 3388; Pub. L. 104–294, title VI, § 604(b)(46), Oct. 11, 1996, 110 Stat. 3509; Pub. L. 106–69, title III, § 350(c), (d), Oct. 9, 1999, 113 Stat. 1025; Pub. L. 106–346, § 101(a) [title III, § 309(c)–(e)], Oct. 23, 2000, 114 Stat. 1356, 1356A–24.)

Drivers Privacy Protection Act

The Act prohibits state departments of motor vehicles (DMVs) and others to whom the DMVs provide information from disclosing a driver’s personal information without the driver’s consent. DMVs that violate the Act are subject to civil penalties.

Under the DPPA, personal information contained in a motor vehicle record may be disclosed for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or to any private person or entity acting on behalf of a Federal, State, or local agency; and for use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, or pursuant to a Federal, State, or local court order.

The Act requires that the driver consent before the state discloses most of this information, but permits disclosure of the 5-digit zip code and “information on vehicular accidents, driving violations and driver’s status.” The Act provides a number of exceptions, including information required to control emissions, driver safety, thefts, recalls, verifying personal information submitted to a business, and insurance. The private parties that receive this information are also authorized to disclose it to others for the same purposes. And “a private actor who has obtained drivers’ information from DMV [Department of Motor Vehicles] records specifically for direct-marketing purposes may resell that information for other direct-marketing uses, but not otherwise.”

Drivers Privacy Protection Act

SECURITY BREACH NOTIFICATION LAWS

2/6/2018

TABLE OF CONTENTS

CONTACT

Pam Greenberg

Forty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).

PLEASE NOTE: NCSL serves state legislators and their staff. This site provides general comparative information only and should not be relied upon or construed as legal advice.

State	Citation
Alaska	Alaska Stat. § 45.48.010 et seq.
Arizona	Ariz. Rev. Stat. § 18-545
Arkansas	Ark. Code §§ 4-110-101 et seq.
California	Cal. Civ. Code §§ 1798.29, 1798.82
Colorado	Colo. Rev. Stat. § 6-1-716
Connecticut	Conn. Gen Stat. §§ 36a-701b, 4e-70
Delaware	Del. Code tit. 6, § 12B-101 et seq.
Florida	Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i)
Georgia	Ga. Code §§ 10-1-910, -911, -912; § 46-5-214
Hawaii	Haw. Rev. Stat. § 487N-1 et seq.
Idaho	Idaho Stat. §§ 28-51-104 to -107
Illinois	815 ILCS §§ 530/1 to 530/25
Indiana	Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq.
Iowa	Iowa Code §§ 715C.1, 715C.2
Kansas	Kan. Stat. § 50-7a01 et seq.
Kentucky	KRS § 365.732, KRS §§ 61.931 to 61.934
Louisiana	La. Rev. Stat. §§ 51:3071 et seq.
Maine	Me. Rev. Stat. tit. 10 § 1346 et seq.
Maryland	Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
Massachusetts	Mass. Gen. Laws § 93H-1 et seq.
Michigan	Mich. Comp. Laws §§ 445.63, 445.72
Minnesota	Minn. Stat. §§ 325E.61, 325E.64
Mississippi	Miss. Code § 75-24-29
Missouri	Mo. Rev. Stat. § 407.1500
Montana	Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq., 33-19-321
Nebraska	Neb. Rev. Stat. §§ 87-801 et seq.
Nevada	Nev. Rev. Stat. §§ 603A.010 et seq., 242.183
New Hampshire	N.H. Rev. Stat. §§ 359-C:19 et seq.
New Jersey	N.J. Stat. § 56:8-161 et seq.
New Mexico	2017 H.B. 15, Chap. 36 (effective 6/16/2017)
New York	N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208
North Carolina	N.C. Gen. Stat §§ 75-61, 75-65
North Dakota	N.D. Cent. Code §§ 51-30-01 et seq.
Ohio	Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192
Oklahoma	Okla. Stat. §§ 74-3113.1, 24-161 to -166
Oregon	Oregon Rev. Stat. §§ 646A.600 to .628
Pennsylvania	73 Pa. Stat. §§ 2301 et seq.
Rhode Island	R.I. Gen. Laws §§ 11-49.3-1 et seq.
South Carolina	S.C. Code § 39-1-90
Tennessee	Tenn. Code §§ 47-18-2107; 8-4-119
Texas	Tex. Bus. & Com. Code §§ 521.002, 521.053
Utah	Utah Code §§ 13-44-101 et seq.
Vermont	Vt. Stat. tit. 9 §§ 2430, 2435
Virginia	Va. Code §§ 18.2-186.6, 32.1-127.1:05
Washington	Wash. Rev. Code §§ 19.255.010, 42.56.590
West Virginia	W.V. Code §§ 46A-2A-101 et seq.
Wisconsin	Wis. Stat. § 134.98
Wyoming	Wyo. Stat. §§ 40-12-501 et seq.
District of Columbia	D.C. Code §§ 28- 3851 et seq.
Guam	9 GCA §§ 48-10 et seq.
Puerto Rico	10 Laws of Puerto Rico §§ 4051 et seq.
Virgin Islands	V.I. Code tit. 14, §§ 2208, 2209

State Public Record Laws

All 50 states also have public records laws which allow members of the public (including non-residents) to obtain documents and other public records from state and local government bodies. State public records laws are not identical to FOIA nor are state court interpretations of similar language in state statutes necessarily the same as federal court interpretation of FOIA (though many were modeled upon the federal FOIA). Several state courts have held that federal judicial interpretations of FOIA are at least helpful in interpreting similar language in state public record laws.

The citations for the state public records acts follows:

Alabama	Ala. Code 36-12-40 et seq.
Alaska	Alaska Stat. 09.25.100 to .220
Arizona	Ariz. Rev. Stat.Ann.39-121 to 1-24
Arkansas	Ark.Code Ann. §25-19-106 et seq.
California	Cal.Gov.Code 6250 to 6270
Colorado	C.R.S. 24-72-201 et seq
Connecticut	Conn.Gen.Stat.§1-200 et seq
Delaware	29 Del. C. § 10001 et seq.
District of Col.	D.C.CodeAnn. 25-61-10
Florida	Fla.Stat.Ann. 119.01 to .165
Georgia	Ga.CodeAnn. 50-18-70 to 76
Hawaii	Haw. Rev. Stat. §92F-1 et seq.
Idaho	Idaho Code 9-338 to -347
Illinois	5 ILCS 140/1
Indiana	Ind.Code Ann. 5-14-3-1 to 10
Iowa	Iowa Code Ann. 22.1 to .14
Kansas	Kan.Stat.Ann 45-215 to 225
Kentucky	Ky.Rev.Stat..Ann. 61.870 to .884
Louisiana	La.Rev.Stat.Ann. 44:31
Maine	Me.Rev.Stat.Ann. 1-13 408
Maryland	Md.Code Ann., State & Govt, 10-611 to 628
Massachussetts	Mass.Gen.Laws Ann. Ch.4, 7; Ch. 66,10
Michigan	MCL 15.231
Minnesota	Minn. Stat. Ann. 13.03
Mississippi	Miss. Code Ann. 25-61-1 et seq
Missouri	Mo.Ann.Stat. 109.180 to .190
Montana	Mont.Code Ann. 2-6-101 to 111
Nebraska	NEB. REV. STAT. §§ 84-712
Nevada	Nev.Rev.Stat.Ann. 239.005 to .040
New Hampshire	NH Rev. Stat. 91-A:1
New Jersey	N.J.S.A. 47:1A-1 et seq.
New Mexico	14-2-1 NMSA 1978 et seq.
New York	NY Pub. Off. Law Sec. 84
North Carolina	N.C.Gen. Stat. 132-1 to 10
North Dakota	N.D. Cent. Code 44-04-18 to -18.8
Ohio	Ohio Rev. Code. Ann 149.43
Oklahoma	Okla. Stat. Ann. Tit. 51,24A.1 to .18
Oregon	Or. Rev. Stat. Ann. 192.410 to .505
Pennsylvania	Pa.Cons.Stat.Ann. Tit. 65, 66..1 to .4
Rhode Island	R.I. Gen. Laws 38-2-1 to -14
South Carolina	S.C. Code Ann. §30-4-10
South Dakota	S.D. Codified Laws Ann. 1-27-1 to -19
Tennessee	Tenn. Code Ann. 10-7-503 et seq.
Texas	Texas Code § 552
Utah	Utah.Code.ann. 63-2-101 to -207
Vermont	1 V.S.A. § 316
Virginia	Va. Code § 2.2-3704
W. Virgina	W.Va. Code § 29B-1-1
Washington	Wash. Rev. Code Ann. 42.17.250 to .311
Wisconsin	Wis. Stat. Ann. 19.31 to .39
Wyoming	Wyo.Stat.Ann,9-2-407

CONSUMER REPORTS

All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau’s website, www.consumerfinance.gov/learnmore.

NOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA

The Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau’s (CFPB) website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at the CFPB’s website. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.

The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.

I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS

A. Users Must Have a Permissible Purpose

Congress has limited the use of consumer reports to protect consumers’ privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under

the law.

These are:

• As ordered by a court or a federal grand jury subpoena. Section 604(a)(1)
• As instructed by the consumer in writing. Section 604(a)(2)
• For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer’s account. Section 604(a)(3)(A)
• For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)
• For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C)
• When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i)
• To review a consumer’s account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii)
• To determine a consumer’s eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status. Section 604(a)(3)(D)
• For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E)
• For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5)

In addition, creditors and insurers may obtain certain consumer report information for the purpose of making “prescreened” unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of “prescreened” information are described in Section VII below.

B. Users Must Provide Certifications

Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.

C. Users Must Notify Consumers When Adverse Actions Are Taken

The term “adverse action” is defined very broadly by Section 603. “Adverse actions” include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA – such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.

1. Adverse Actions Based on Information Obtained From a CRA

If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:

• The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.
• A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.

• A statement setting forth the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if the consumer makes a request within 60 days.
• A statement setting forth the consumer’s right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.

2. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies

If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer’s written request.

3. Adverse Actions Based on Information Obtained From Affiliates

If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.

D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files

When a consumer has placed a fraud alert, including one relating to identify theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer’s alert.

E. Users Have Obligations When Notified of an Address Discrepancy

Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer’s file. When this occurs, users must comply with regulations specifying the procedures to be followed.

Federal regulations are available at www.consumerfinance.gov/learnmore.

F. Users Have Obligations When Disposing of Records

Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. Federal regulations are available at www.consumerfinance.gov/learnmore.

II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES

If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations prescribed by the CFPB.

Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) (“Notice to the Home Loan Applicant”).

III. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES

A. Employment Other Than in the Trucking Industry

If the information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:

• Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.
• Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.
• Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer’s rights will be provided to the consumer.
 Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer’s rights (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken.

An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2).

The procedures for investigative consumer reports and employee misconduct investigations are set forth below.

B. Employment in the Trucking Industry

Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company.

IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED

Investigative consumer reports are a special type of consumer report in which information about a consumer’s character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following:

• The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)

• The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.
• Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.

V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS

Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.

VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION

Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes – or in connection with a credit transaction (except as provided in regulations) the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or a permitted by statute, regulation, or order).

VII. OBLIGATIONS OF USERS OF “PRESCREENED” LISTS

The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(1), 604(c), 604(e), and 615(d). This practice is known as “prescreening” and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and to grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that:

• Information contained in a consumer’s CRA file was used in connection with the transaction.
• The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer.
• Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral.
The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system.

In addition, the CFPB has established the format, type size, and manner of the disclosure required by Section 615(d), with which users must comply. The relevant regulation is 12 CFR 1022.54.

VIII. OBLIGATIONS OF RESELLERS
A. Disclosure and Certification Requirements
Section 607(e) requires any person who obtains a consumer report for resale to take the following steps:

• Disclose the identity of the end-user to the source CRA.
• Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user. • Establish and follow reasonable procedures to ensure that reports are resold only for permissible
purposes, including procedures to obtain:
(1) the identify of all end-users;
(2) certifications from all users of each purpose for which reports will be used; and
(3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report.

B. Reinvestigations by Resellers

Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer.

C. Fraud Alerts and Resellers

Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports.

IX. LIABILITY FOR VIOLATIONS OF THE FCRA

Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619.

The CFPB’s website, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA.

Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1681 et seq.:

Section 602 Section 603 Section 604

Section 605 Section 605A Section 605B Section 606 Section 607 Section 608 Section 609 Section 610 Section 611 Section 612 Section 613

15 U.S.C. 1681 15 U.S.C. 1681a 15 U.S.C. 1681b

15 U.S.C. 1681c 15 U.S.C. 1681c-A 15 U.S.C. 1681c-B 15 U.S.C. 1681d 15 U.S.C. 1681e 15 U.S.C. 1681f 15 U.S.C. 1681g 15 U.S.C. 1681h 15 U.S.C. 1681i 15 U.S.C. 1681j 15 U.S.C. 1681k

Section 614 Section 615 Section 616 Section 617 Section 618 Section 619 Section 620 Section 621 Section 622 Section 623 Section 624 Section 625 Section 626 Section 627 Section 628 Section 629

15 U.S.C. 1681l 15 U.S.C. 1681m 15 U.S.C. 1681n 15 U.S.C. 1681o 15 U.S.C. 1681p 15 U.S.C. 1681q 15 U.S.C. 1681r 15 U.S.C. 1681s 15 U.S.C. 1681s-1 15 U.S.C. 1681s-2 15 U.S.C. 1681t 15 U.S.C. 1681u 15 U.S.C. 1681v 15 U.S.C. 1681w 15 U.S.C. 1681x 15 U.S.C. 1681y