Subscribe
  About Us
  Consulting
  Expert Witness
  Speaker's Bureau
  Congressional
Testimony
   TV & Radio
  Old Stories
  Contact
Home

From Privacy Times, October 23, 2009

IS LITTLE-KNOWN DATABASE SUBJECT TO FCRA? EQUIFAX, NCTUE WON'T SAY

For several years, several major utilities and telecom companies, with the help of Equifax, have secretly screened prospective customers' applications against a database on non-paying customers, and presumably have rejected applicants or charged higher deposits or rates based upon their profiles. One source estimated that 80 percent of major utilities participate, meaning the little-known database contains data on millions of unsuspecting Americans.

It's called the National Consumer Telecom & Utilities Exchange, Inc. (NCTUE), and several legal experts believe that its shadowy operations, as well as the presumed failure of utilities and phone companies to provide "adverse action" notices, runs afoul of the Fair Credit Reporting Act (FCRA).

Without adverse action notices, consumers would never learn they were being turned down because of their NCTUE file. Thus, they would not know they needed to access their files, check them for accuracy and dispute errors - an all-too-common process in traditional credit reporting.

While testifying about the FACT Act Amendments to the FCRA in 2003, then FTC Commissioner Timothy Muris called "adverse action" notices the "teachable moment" that was at the heart of the FCRA's regime for improving accuracy.

Clearly Covered By FCRA?

Richard J. Rubin, an attorney who has successfully argued several FCRA cases before federal appeals courts and chair emeritus of the National Association of Consumer Advocates, said there was no doubt in his mind that NCTUE was governed by the FCRA.

"These types of customer screening lists - compiled from consumers' past experiences and performance with companies who then share the data with each other - are well established as consumer reports covered by the FCRA. As a result, the compilers of the lists are consumer reporting agencies who, along with the furnishers and users of the information, are each subject to their various responsibilities under this federal law," he said.

It appeared that Equifax was aware the FCRA applied in some manner to the NCTUE. Until October 10th, a page on its Web site, in promoting the benefits of the service, stated, "Receive technical and user support, daily reports, monthly management reports, and a toll-free customer service number for consumer adverse action and resolution as stated by the FCRA guidelines Comply with FCRA Consumers who have been denied credit or assessed a deposit based on information in the NCTUE database can contact Equifax via a 1-800 customer service number."

But the page apparently was pulled down around October 10th. (It can still be viewed by going to www.bing.com, typing in the phrase, "NCTUE and FCRA." At the second entry, beginning with the text, "Comply with FCRA," below that sentence, click on "Cached page.") (Privacy Times sent its first query to Equifax on Oct. 5th.)

On the other hand, one knowledgeable source said that an NCTUE user had indicated that Equifax personnel told him that the database was not subject to the FCRA.

Privacy Times submitted questions to both NCTUE and Equifax as to whether they believed NCTUE was covered by the FCRA, and whether they provided consumers with access to their profiles. We also asked them how many consumers were in their files, how many companies participated and what were the revenues to Equifax and to NCTUE.

NCTUE Executive Director Alan Moore told Privacy Times he would refer the questions to the NCTUE Executive Council. Later, he said the council had directed its counsel, Craig L. Cesar to respond.

Declined To Answer Specific Questions

Neither Equifax nor NCTUE answered any of the specific questions. Instead, Jennifer Costello, an Equifax media spokeswoman, responded with the following joint Equifax-NCTUE statement:

"Thank you for sharing information regarding your upcoming article. We appreciate your interest in the NCTUE, a member-owned database housed and managed by Equifax. NCTUE membership is available to the nation's leading telecommunications and utility companies. The NCTUE database contains proprietary account and contact information from companies that provide utility, telecommunications and cable/satellite services. Equifax maintains this data repository as a separate database, with NCTUE information shared among exchange members. By providing industry-specific data, the NCTUE gives businesses access to a valuable tool that can be used with other data sources to help manage risk across the customer lifecyle. As always, consumer protection is our highest priority and, for this reason, we are committed to the confidentiality and proper use of the consumer's information. For more information about the NCTUE, visit www.nctue.com."

In March 2002, the Atlanta Business Chronicle reported that Equifax signed a "five-year contract with NCTUE to house and manage a major risk management data exchange for the communications and utility industries."

$20 Million

"Atlanta-based Equifax is expected to gain $20 million in revenue from the contract. NCTUE will house consumer payment data from the wireless, landline, cable, satellite, gas, electric and water utility companies. NCTUE will assist communication and utility service providers and marketers in the recovery of unpaid account balances and detection of application fraud. The data will allow for early, point-of-sale, identification of high-risk accounts among new service applications and objective risk assessment information for setting deposits," the Chronicle reported.

In July 2008, Equifax, which is one of three nationwide credit bureaus, announced NCTUE had extended Equifax's exclusive contract to manage its database until June 10, 2015. "Enhancements to the exchange database will now capture payment history similar to what happens today in Equifax's consumer reporting file, making it the logical alternative for those members not comfortable with full file reporting," the press release stated. "This represents a significant step forward to capturing widespread payment performance data on the unbanked and underbanked market."

NCTUE's Web site said its "members report Customer Service Applications (CSAs) to the database within 30 days of provisioning. They also report Unpaid Closed Accounts (UCAs) and UCA payment updates. All data submitted remains the property of the member at all times."

'Match' & 'Skip' Reports

"A member submitting a CSA that matches a UCA will receive a 'match' report containing all the information in the UCA record with the exception of the name of the carrier that submitted the record. This information can be used to identify higher-risk consumer applicants, to customize credit and collections strategy, and automatically matches and reports on information received subsequent to account provisioning for six months," it continued.

"Members also receive a 'skip' report when UCA's that they submit match CSA's in the system. The source of the data is not identified unless it is against the members (sic) own data. NCTUE enhances collection and recovery processes by reporting new address and telephone information on defaulted account for 24 months."

The NCTUE Web site also described its more customized services: "'Online Inquiry' is available to members at the time of provisioning to determine whether a prospective customer has defaulted on an account with another carrier prior to initiating service. 'Reverse Append' is an optional tool that returns a name and address when a phone number is submitted. The 'Suppression Tool' allows members to screen marketing lists. Those consumers who have unpaid closed accounts in the database can be deleted from the list prior to the commencement of marketing efforts, saving the member time and money. Wireless members can utilize the 'Wireless Port Indicator' to determine the number of times a wireless number has changed carriers in the last 24 months."

To ensure that consumers know when they are being judged on the basis of records compiled by a third-party, Congress, in the FCRA, defined the term "consumer report" quite broadly:

"'Consumer report' means any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for (A) credit or insurance to be used primarily for personal, family, or household purposes; (B) employment purposes; or (C) any other purpose authorized under [this] section."

Similarly, it broadly defined the term "consumer reporting agency" as "any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports."

Finally, it defined the term "file," as all of the information on that consumer recorded and retained by a consumer reporting agency regardless of how the information is stored.

"This is not even a close call. It's clearly covered by the FCRA," said one government attorney with years of FCRA experience.

Utility Service Is 'Credit'

Dr. Michael Turner, President of the Policy & Economic Research Council (PREC) and an expert on "full file reporting" by utilities, agreed the FCRA clearly covered NCTUE and that consumers were entitled to see their files and correct errors. He noted that in the 2003 FACT Act amendments, Congress broadened the FCRA's definition of credit to be consistent with the Equal Credit Opportunity Act (ECOA).

"This includes energy utility and telecoms services as forms of credit - to the extent that NCTUE data is being used for credit decisioning - that would be risk-based pricing," Turner said. "As such, any adverse actions based upon NCTUE data, including denial of service or the requirement to maintain a security deposit, must automatically generate an adverse action notification to be sent directly to the consumer by NCTUE members."

 

 

Financial Privacy
Identity Theft
FCRA
  Privacy Act
FOIA
  eGov
Homeland Security
HIPAA
EU
 
  More Information
on the Book >
 

Order the Book Online >

  Check Your Credit Reports & Credit Scores Instantly Online
 
 
Privacy Times: We've Got It Covered!
Copyright 1999-2006, Evan Hendricks. All rights reserved.