The CFPB and FTC announced last week that they had entered into a settlement with Trans Union LLC (TU LLC) to resolve a lawsuit filed jointly in a Colorado federal district court by the agencies alleging that TU LLC and its subsidiary, TransUnion Rental Screening Solutions, Inc. (TURSS), violated the Fair Credit Reporting Act (FCRA), the FTC Act, and the Consumer Financial Protection Act (CFPA) by failing to ensure the accuracy of tenant screening reports by including inaccurate and incomplete eviction records about consumers.  The Stipulated Order will require the companies to pay $11 million in consumer redress and a $4 million civil money penalty to the CFPB. 

The CFPB also announced that it had entered into a consent order with TU LLC, another subsidiary, TransUnion Interactive, Inc., and the ultimate parent company, TransUnion (TU Companies) to settle an administrative proceeding in which the companies were charged with FCRA and CFPA violations for allegedly failing to honor security freeze and lock requests.  The Consent Order requires the companies to pay $3 million in consumer redress and a $5 million civil money penalty to the CFPB.  Both the Stipulated Order and Consent Order require the companies to take actions to remedy and prevent the conduct underlying the alleged violations.

Colorado Lawsuit. The key allegations made by the CFPB and FTC in the joint complaint are:

  • TURSS violated the FCRA by failing to follow reasonable procedures to assure the maximum possible accuracy of eviction-related records in its tenant screening reports such as reasonable procedures to (1) prevent the inclusion of multiple entries for the same eviction case, (2) assure that eviction-related records accurately reflect the true or current status of the public records, such as the final disposition of the case, (3) label the fields in eviction-related records to accurately describe the nature of the information populated in the field, and (4) prevent the inclusion of  sealed eviction-related records.
  • TURSS violated the FCRA by failing to disclose to consumers that criminal and eviction records were obtained from third-party vendors.
  • TU LLC  also engaged in these FCRA violations because it operates TURSS as a business unit and performs various shared services for TURSS including legal and compliance, accounting and finance, marketing and public relations , data science and human resources.  During the relevant time period, TU LLC has been responsible for management and oversight of TURSS’s FCRA compliance and policies and procedures, including monitoring and testing for regulatory compliance training.  TU LLC participated in, directed, or authorized the acts and practices of TURSS alleged in the complaint.

Administrative Proceeding. The CFPB’s key findings in the Consent Order include:

  • Since at least 2003, the TU Companies failed to timely place or remove security freezes and locks requested by tens of thousands of consumers. The failures resulted from longstanding issues with the companies’ databases. The TU Companies did not tell consumers that their requests had not been processed and sent standard confirmations reflecting that their requests had been successfully processed.
  • The TU Companies failed to adequately investigate, address, or remediate the causes of these failures although some of the causes were known or suspected by the companies’ employees for years.
  • The TU Companies failed to exclude from pre-screened solicitation lists thousands of consumers whose files contained an alert that they were on active military duty or an extended fraud alert.
  • The TU Companies also failed to timely handle freeze requests because they did not require a third-party vendor handling incoming mail to meet statutory deadlines.