Newsroom

The CFPB Thursday issued an advisory opinion (AO) to ensure that credit reporting agencies (CRAs) and furnishers that use and share credit and background reports have a “permissible purpose” under the Fair Credit Report Act (FCRA) to protect consumer privacy. Of note, this change does not impose new requirements on credit unions but reiterates existing requirements under the FCRA.

The bureau’s AO clarifies that credit reporting companies and users of credit reports have specific obligations to protect the public’s data privacy. The opinion also reminds covered entities of potential criminal liability for certain misconduct.

“Americans are now subject to round-the-clock surveillance by large commercial firms seeking to monetize their personal data,” stated CFPB Director Rohit Chopra. “While Congress and regulators must do more to protect our privacy, the CFPB will be taking steps to use the Fair Credit Reporting Act to combat misuse and abuse of personal data on background screening and credit reports.”

Of note, the CFPB recently issued multiple AOs since the launch of the program in 2020, including one that affirms that the Equal Credit Opportunity Act bars lenders from discriminating against customers after they have received a loan, not just during the application process; and another that prohibits debt collectors from charging “pay-to-pay” or “convenience” fees, which are imposed on consumers who want to make a payment in a specific way, such as online or by phone.

Read the AO. NAFCU will continue to monitor the CPPB’s developments on protecting consumer privacy and share updates with credit union members.