A recent case involving a mortgage broker who revealed personal financial information on Yelp brought a modern perspective to the scope of FCRA protections.

In United States of America, on behalf of the Federal Trade Commission v. Mortgage Solutions FCS, a mortgage broker found itself in trouble with the Federal Trade Commission (FTC) for violations of the FCRA, among other things. In its complaint, the FTC alleged that as part of its business, Mortgage Solutions FCS, Inc., doing business as Mount Diablo Lending (“Mount Diablo”), collects and maintains sensitive personal financial information from its customers, including social security numbers, income information, credit history, names and dates of birth. The complaint further alleged that some of this information was collected directly from customers, and the rest by obtaining and reviewing customers’ consumer credit reports.

According to the FTC’s complaint, Mount Diablo revealed some of this sensitive personal financial information in response to negative reviews posted on the review website Yelp. The complaint alleged several instances in which Mount Diablo's owner posted consumers’ credit histories, taxes, sources of income, debt-to-income ratios, health, family relationships, and other personal information. According to the complaint, several of these posts identified the consumers using their first and last names and, in post where consumers’ names were not used, consumers were still readily identifiable through their Yelp accounts.

FTC’s complaint presented an alleged post that stated:

“The truth of the matter is you didn’t have one late 2 years ago. Your credit report shows 4 late payments from the Capital One account, 1 late from Comenity Bank which is Pier 1, another late from Credit First Bank, 3 late payments from an account named SanMateo. Not to mention the mortgage lates. All of these payments are having an enormous negative impact on your credit score….”

Another alleged post stated:

“The high debt to income ratio was caused by this borrower cosigning on multiple mortgages for his children. The borrower was also self employed and took high deductions from his business.”

The FTC alleged that these actions by Mount Diablo constituted use of consumer reports for an impermissible purpose, in violation of section 604(f) of the FCRA, 15 U.S.C. § 1681b(f), and unfair or deceptive acts or practices, in violation of Section 5(a) of the FTC ACT, 15 U.S.C. § 45(a).

In early January, the United States Magistrate Judge assigned to this matter issued a stipulated order for permanent injunction, civil penalties, and other relief. The order permanently restrained and enjoined Mount Diablo, its officers, agents, employees, attorneys, and all other persons in active concert or participation with any of them, from using or obtaining a consumer report for any purpose other than a permissible purpose as provided by 15 U.S.C. § 1681b(a). The order also entered a judgment in favor of plaintiff against Defendants in the amount of $120,000, as a civil penalty.

The settlement of the case before a decision could be reached on the merits leaves us with some uncertainty about how far the scope of the FCRA extends. However, the settlement may be an indication that the protections of the FCRA could expand in the age of social media and technology. If we take one thing away from this case it’s this – the protection of consumers’ personal financial information is taken seriously by the FTC and, likewise, should be taken seriously by businesses that are subject to the FCRA.