On February 7, 2012, the U.S. Federal Trade Commission (FTC) announced that it had warned marketers of six
mobile applications that they may be violating the U.S. Fair Credit Reporting Act. The FTC stated
that the mobile applications provide background screening reports
on individuals. Although the FTC reached no conclusion regarding
whether there was any violation by the marketers, the FTC requested
that the marketers review the application of and their compliance
with the Fair Credit Reporting Act.
The U.S. Fair Credit Reporting Act regulates the
activities of consumer reporting agencies. A "consumer
reporting agency" is one that regularly assembles or evaluates
information about a person's creditworthiness, credit standing,
credit capacity, character, general reputation, personal
characteristics or mode of living and reports that information to
third parties for the purpose of establishing the consumer's
eligibility for (1) credit or insurance to be used primarily for
personal, family, or household purposes or (2) employment
The FTC warned the marketers that they must comply with the
Fair Credit Reporting Act if they have reason to believe
the information provided through the apps is being used for
employment, housing, credit or similar purposes. For example, the
Fair Credit Reporting Act imposes obligations on credit
reporting agencies with respect to ensuring the accuracy of
information, providing mechanisms for consumer redress, and, in
some circumstances, requiring consumer reporting agencies to notify
users of consumer reports of their obligations under the Fair
Credit Reporting Act. The FTC stated that a warning by the
marketer that the app was not to be used for the purposes regulated
by the Fair Credit Reporting Act did not protect the
marketers if the marketers had reason to believe the apps were
being used in decisions by third parties with respect to
employment, housing, credit or similar purposes.
Developers and marketers of similar applications in Canada
should be aware that Canadian provinces have similar laws
regulating consumer reporting. For example, in Ontario, the Consumer Reporting Act regulates persons
or organizations that provide reports to third parties for use in
relation to, among other things, (1) credit granting or debt
collection, (2) entering into or a renewal of a tenancy agreement,
(3) employment decisions, and (4) underwriting of insurance.
Among other things, consumer reporting agencies in Ontario (1)
must be registered, (2) must follow prescribed practices with
respect to the information that may be contained in a report, (3)
must provide consumers with access to their consumer report, and
(4) must have a process for the consumer to contest inaccurate
Failure to comply with the Consumer Reporting Act
(Ontario) may result in a fine of not more than Cdn. $25,000 or to
imprisonment for a term of not more than one year, or to both.
Accordingly, developers and marketers of background checking or
screening apps in Canada may wish to obtain legal advice to ensure
that they remain compliant with respect to Canadian provincial laws
governing consumer reporting.
FMC is one of Canada's leading business and litigation law
firms with more than 500 lawyers in six full-service offices
located in the country's key business centres. We focus on
providing outstanding service and value to our clients, and we
strive to excel as a workplace of choice for our people. Regardless
of where you choose to do business in Canada, our strong team of
professionals possess knowledge and expertise on regional, national
and cross-border matters. FMC's well-earned reputation for
consistently delivering the highest quality legal services and
counsel to our clients is complemented by an ongoing commitment to
diversity and inclusion to broaden our insight and perspective on
our clients' needs. Visit:
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Payment Card Industry Data Security Standard ("PCI DSS") is a contractual standard for the protection of data regarding payment cards issued by the major card brands, including Visa, MasterCard and American Express. Organizations that accept payment card transactions or store, process or transmit payment card data are usually contractually obligated to comply with PCI DSS.