The Fair Credit Reporting Act regulates the use of credit reports as a protection for consumers. Permissible uses of the credit report include:
- Applications. This can be for opening new lines of credit, purchasing insurance, or finding a new place to live (rental applications).
- Employment purposes. Employers can request a credit report on prospective or current employees they are looking to hire, promote, reassign, or retain. The CRA and employer must procure the individual’s consent.
- Court orders (grand jury subpoenas).
- Consumer-initiated business transactions (for personal, family, or household purposes) for legitimate purposes.
- Account reviews by banks and other lenders for customer retention purposes.
- Professional licensing qualifications.
- Determining child support payments.
- Law enforcement for investigative purposes. Specific to government agencies with authority (via the Patriot Act) to have secret access to credit report for counterintelligence purposes.
- Credit reports containing medical information requires specific prior consent.
Non-permissible uses of credit reports focus primarily on target marketing, the act of pulling credit reports specifically to target potential clients based on their information.
Law Enforcement and Government Agencies
CRAs may supply the basic identifying information of any consumer to all federal, state, and municipal agencies. Basic identifying information includes their name, former address, and place of employment.
Before 9/11, the FBI already had access to credit reports for counterintelligence purposes. However, that access was contingent on their certifying that the information was necessary for “the conduct of an authorized investigation to protect against international terrorism or clandestine intelligence activities.” In other words, “We promise we need this information for legit reasons.” Upon certifying a legitimate need, the FBI’s access is considered classified (secret). The CRA providing the information may not disclose to the consumer or anyone that the file was accessed. Semiannually, a report is issued by the Attorney General to Congress of the FBI’s classified requests for credit reports.
After 9/11, the U.S. Patriot Act broadened access to credit reports to include law enforcement. Any authorized government agency may gain access to credit reports for investigative counterintelligence purposes. Like the FBI, the agency must certify that the request is for legit reasons. Again, the request is classified. The CRA may not disclose that the request was made and, unlike the FBI provision, there is not a semiannual reporting clause made by the Attorney General to Congress.