The FTC this week warned marketers of six mobile apps that provide background screening that the companies may be violating the Fair Credit Reporting Act (FCRA). The FTC warned the apps marketers that, if they believe that the background reports (which included criminal record histories) generated by their apps are being used for employment screening, housing, credit, or other similar purposes, they must comply with the FCRA.
Who Got the Warnings: The FTC sent these warning letters to Everify, Inc., marketer of the Police Records app, InfoPay, Inc., marketer of the Criminal Pages app, and Intelligator, Inc., marketer of Background Checks, Criminal Records Search, Investigate and Locate Anyone, and People Search and Investigator apps.
Who Should Pay Attention: The warning letters serve as a reminder that broader enforcement by the FTC of the mobile apps sector is likely to follow if mobile app providers engaged in similar practices do not take steps to comply with the FCRA.
Why: Under the FCRA, businesses that assemble or evaluate information that can be considered a “credit report” and provide it to third parties can qualify as consumer reporting agencies. Many companies are often surprised to learn that the information they assemble and/or evaluate and provide to a third party may be considered a “credit report.”
These can include drug testing, driving records, among other information, that bears on the character, general reputation, personal characteristics, or mode of living of a person, which is used or expected to be used as a factor in establishing a person’s eligibility for employment purposes (among other purposes outlined in the FCRA). For these reasons, close attention should be paid to exactly what information a mobile app provider is assembling and/or evaluating, and how the app provider expects others to use that information, to determine if the FCRA is triggered.
If a mobile app provider is providing credit reports, the FCRA requires that it take reasonable steps to ensure the user of each credit report has a “permissible purpose” (as outlined in the FCRA) to use the report; take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports; and provide users of its reports with information about their obligations under the FCRA. For example, where consumer reports are provided for employment purposes, the app provider must share with employers information regarding their obligation to provide notice to employees and applicants of any adverse action taken on the basis of a consumer report.
Violations of the FCRA can be costly and include civil penalties of thousands of dollars per violation, statutory damages, as well as class action exposure.