On September 12, 2018, the Consumer Financial Protection Bureau (CFPB) issued an interim final rule updating the required disclosures under the Fair Credit Reporting Act and issuing new model disclosures. The new disclosure requirements became effective September 21, 2018. This means that employers who use credit checks as part of their employment process and companies that report to credit bureaus must make changes to their forms immediately.
What’s Changed?
In response to several, high-profile data breaches, Congress passed the Economic Growth, Regulatory Relief, and Consumer Protection Act in May 2018. The new law amends the Fair Credit Reporting Act in three ways:
- Credit reporting bureaus, under certain circumstances, will be required to provide consumers fraud alerts for one (1) year (up from 90 days) and unlimited, free national security freezes and freeze releases.
- Certain medical debts incurred by veterans will now be excluded from credit reporting. The law also provides a new dispute process for veterans with respect to such medical debt.
- Whenever an employer, background check company, or creditor is required to provide FCRA disclosures (ie: “A Summary of Your Rights Under the Fair Credit Reporting Act” or the “Summary of Consumer Identity Theft Rights”), they also must provide a notice regarding these new rights.
The interim final rule updates the CFPB’s model form (which was last revised in 2012) and incorporates the new required notices.
What Do Businesses Need to Do?
Businesses need to act before September 21 to update their FCRA disclosures. Businesses can either use the new model disclosure form, or combine the 2012 disclosure forms with a summary of the new/expanded rights, “so long as a separate page that contains the additional required information is provided in the same transmittal.”[ii] Businesses that wish to update or supplement the 2012 Summary of Your Rights Under the Fair Credit Reporting Act” need to add the following language to their disclosure form:
You have a right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.
As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years.
For businesses that want to simply switch to the new form, a copy of the new version of “A Summary of Your Rights Under the Fair Credit Reporting Act” is attached for your convenience.
For more information about this, or other legal or compliance matters important to your business, contact us at Lisa@pretuslawgroup.com.