On September 9, the U.S. Court of Appeals for the Eleventh Circuit affirmed summary judgment in favor of a cable satellite company, concluding that the company had a “legitimate business purpose” under the FCRA to obtain a consumer’s credit report. According to the opinion, in 2016, following an identity theft, the consumer entered into a settlement agreement with the cable satellite company after the consumer’s personal information was used to fraudulently open two accounts for television services. As part of the agreement, the company put the consumer’s personal information into an internal mechanism designed to flag and prevent unauthorized accounts. In 2017, an unknown individual applied for an account online using some of the consumer’s information. The company’s automated systems sent the information to a consumer reporting agency (CRA), which matched the information to the consumer and resulted in the cable satellite company blocking the account from being opened. Upon request by the company, the CRA deleted the inquiry from the consumer’s credit file. The consumer filed an action alleging that the company breached the settlement agreement and “negligently and willfully obtained the January 2017 consumer report without a ‘permissible purpose’” in violation of the FCRA. While the action was pending, two more attempts were made to use the consumer’s information to open accounts and the satellite company blocked both. The district court granted summary judgment in favor of the satellite company.
On appeal, the 11th Circuit agreed with the district court, concluding that the satellite company had a “legitimate business purpose” to access the credit report. Specifically, the appellate court noted that the “FCRA does not explicitly require a user of consumer reports to confirm beyond doubt the identity of potential consumers before requesting a report.” Moreover, the satellite company was dependent on the credit report to access the consumer’s full social security number and “cross-check that information via its internal mechanisms.” Additionally, the appellate court rejected a claim for breach of the settlement agreement, noting that the company satisfied the terms of the agreement by flagging the social security number in its internal systems and using that system to block the fraudulent application for an account.