Overall 11.5 million people are victims of identity theft every year. The perpetrators are using consumer information in order to commit these crimes. Consumer information includes identifiers of an individual such as, legal name, social security number, address, driver’s license number, phone number, email address, employment history, and financial information. This information is often collected and organized on a consumer report by Credit Repositories and Consumer Reporting Agencies (CRAs), which include the credit bureaus. To prevent criminals from obtaining consumer reports, many different government organizations have created statutes for how someone may legally obtain, store, and destroy a consumer report.
There are various legitimate reasons for obtaining someone else’s consumer report—this is known as a permissible purpose. As defined in Section 604 of the Fair Credit Reporting Act (FCRA). [15 U.S.C. § 1681b], permissible purposes include:
- Property Rental
- Financing – Mortgage, automotive, etc.
Even if a company or individual states that they have a permissible purpose to obtain a consumer report, there is a process that must be followed. As part of the FCRA, the Gramm-Leach Bliley Act (GLBA), and the Dodd Frank Act (DFA), the company or individual must be properly vetted, which will include a Physical OnSite Inspection observing the permissible purpose claimed in the application.