Earlier this year, an enterprise that sold criminal record reports via mobile apps agreed to settle FTC charges that it operated as a consumer reporting agency without taking consumer protection measures required by the Fair Credit Reporting Act (FCRA) and otherwise committed deceptive acts and practices. In re Filiquarian Publishing, LLC, FTC File No. 112 3195 (settlement announced Jan. 10, 2013). According to the FTC, the app allowed consumers to access hundreds of thousands of criminal records and conduct searches on potential employees. Among other things, the agency claimed that the company failed to: maintain reasonable procedures to verify their users, confirm that the information would be used for a permissible purpose, ensure that the information sold was accurate and would be used legally, and inform users of their reports about their obligations under the FCRA, including the requirement to notify consumers if an adverse action was taken against them based on a report. Despite disclaimers that the app was not FCRA compliant, the FTC alleged that such disclaimers were not enough to avoid liability under the FCRA because the company advertised and expected that its reports could be used for employment purposes.
The FTC’s settlement order, which prohibits the respondents from future FCRA violations and bars the respondents from furnishing a consumer report to anyone they do not have reason to believe has a “permissible purpose” to use the report, resolves the agency’s first FCRA case involving mobile apps.
This settlement, along with the agency's multiple reports on mobile privacy and other enforcement actions concerning mobile apps undertaken this year, clearly shows that the FTC considers the mobile environment as the next important consumer privacy frontier.