FCRA Enforcement and Penalties - CIPP/US Study Guide

FCRA enforcement runs through dispute resolution, private litigation (including class actions), and government action by the FTC, CFPB and state attorneys general. Statutory damages reach $1,000 per violation, with a willful-violation cap noted in the chapter; CRA insiders who knowingly disclose data face criminal penalties.

Consumers have a private right of action, increasingly via class actions. Beyond actual damages, violators face statutory damages up to $1,000 per violation and a maximum of $4,705 per willful violation. CRA insiders who knowingly and willfully give file information to unauthorized recipients can face criminal penalties and imprisonment.

Government actions may be brought by the FTC, the CFPB and state attorneys general. State AGs have had concurrent authority since 1996 but must notify the FTC before suing, and the FTC may intervene.

Example FCRA enforcement actions
Action	Enforcer	Outcome
TeleCheck (2014)	FTC	$3.5M penalty for failing to follow dispute procedures
RealPage (2018)	FTC	$3M penalty; first FCRA case on automated background screening accuracy
Clarity Services (2015)	CFPB	$8M penalty for dispute and permissible-purpose failures
JPMorgan Chase (2017)	CFPB	$4.6M penalty for furnisher accuracy/investigation failures
Equifax/Experian/TransUnion (2015)	30+ state AGs	$6M to states plus practice changes

Example FCRA enforcement actions

Action

Enforcer

Outcome

TeleCheck (2014)

FTC

$3.5M penalty for failing to follow dispute procedures

RealPage (2018)

FTC

$3M penalty; first FCRA case on automated background screening accuracy

Clarity Services (2015)

CFPB

$8M penalty for dispute and permissible-purpose failures

JPMorgan Chase (2017)

CFPB

$4.6M penalty for furnisher accuracy/investigation failures

Equifax/Experian/TransUnion (2015)

30+ state AGs

$6M to states plus practice changes