In Domante v. Dish Networks, L.L.C. (“Dish”), the Eleventh Circuit examined permissible purposes for obtaining a credit report.  A copy of the opinion is available here

Plaintiff-Appellant Peri Domante was the apparent victim of identity theft.  In 2011 and 2013, identity thieves opened accounts in her name with Dish Networks, L.L.C.  After being alerted to the fraud, Plaintiff sued Dish and Equifax for alleged non-compliance with FCRA.  That litigation was settled in October 2016.  The settlement agreement provided that Dish would “flag [Plaintiff’s] social security number in order to preclude any persons from attempting to obtain new [Dish] services by utilizing [Plaintiff’s] social security number.”  Dish complied by adding Plaintiff’s identifying information to an internal system meant to flag unauthorized use.

Fast-forward to January 12, 2017, and an unknown individual submitted an online application to Dish using Plaintiff’s last four digits of her social security number, her date of birth, and first name. The application used a different last name, address, and telephone number.  As part of its normal process, Dish’s automated system submitted the information to a CRA to verify the individual’s identity. The CRA matched the application to Plaintiff’s name and Dish blocked the application.  Further, Dish requested the hard inquiry from Plaintiff’s credit report be removed. 

Based on these facts, Plaintiff filed the instant lawsuit against Dish, alleging Dish negligently and willfully obtained her credit report in January 2017 without a permissible purpose in violation of 1681b.  In addition to the FCRA claims, Plaintiff asserted a cause of action for breach of the settlement agreement.  On January 23, 2018 (while the litigation was pending), the exact same factual scenario happened again:  an unknown individual applied for an account in Plaintiff’s name using the last four numbers of her social security number; Dish’s automated system sent the request to a CRA; CRA matched the information to Plaintiff; Dish blocked the account and requested the hard inquiry be removed. 

The district court granted Dish’s motion for summary judgment on both the FCRA and breach of contract claims.  The district court concluded Dish had a “legitimate business need” to verify the identity and determine the applicant’s eligibility when it obtained the credit report from the CRA in January 2017.  As to the breach of contract claim, the district court concluded Dish complied with the terms of the settlement agreement by inputting her information into its internal management system to prevent an account from being opened in her name.

On appeal, the Eleventh Circuit first addressed the FCRA claims and noted the 11th Circuit had not weighed in on the meaning of a “legitimate business need” in the context of a permissible purpose.  The Eleventh Circuit adopted the Sixth Circuit’s holding from Bickley v. Dish Network, LLC, 751 F.3d 724 (6th Cir. 2014) and concluded that “requesting and obtaining a consumer report for verification and eligibility purposes is a ‘legitimate business need’ under the FCRA.”  Applying this standard, the Eleventh Circuit easily concluded Dish had a permissible purpose to obtain Plaintiff’s credit report based on the January 2017 application. 

The Eleventh Circuit rejected Plaintiff’s argument that Dish could not have a permissible purpose because it knew or should have known her information was flagged and that an account could not be opened in her name based on the settlement agreement.  Essentially, Plaintiff argued that Dish should have conducted a more thorough investigation prior to requesting her credit report.  The Eleventh Circuit disagreed and held that “FCRA does not explicitly require a user of consumer reports to confirm beyond doubt the identity of potential consumers before requesting a report.”  Plaintiff’s last-ditch argument to save her FCRA claim was that settlement agreement, itself, established that Dish did not have a legitimate business purpose because it provided that no account, even one requested by Plaintiff, could be opened in her name.  In rejecting this argument, the Eleventh Circuit concluded that Dish was not expressly prohibited from entertaining potential consumers who shared similar identifying characteristics with Plaintiff. 

The Eleventh Circuit also dispensed with the breach of contract claim.  Dish complied with the terms of the settlement agreement by inputting her information in its internal system and triggering the flag once the information from the CRA matched the system.  Accordingly, there was no breach.