On January 5, 2017, the Consumer Financial Protection Bureau (the “CFPB”) issued a civil investigative demand (“CID”) to The Source for Public Data, L.P. (“Public Data”), a company that collects personal information about consumers. The CID requested information to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act. The CID implied that Public Data is a consumer reporting agency, a characterization Public Data has rejected.
On January 25, 2017, Public Data filed a petition with the CFPB to set aside the CID. This petition was denied by the CFPB on February 14, 2017 and the CFPB issued an order to Public Data to comply with the CID. Public Data failed to comply with this CFPB order and on March 6, 2017, the CFPB petitioned the U.S. District Court for the Northern District of Texas to issue a show cause order requiring Public Data to explain why it was not required to comply with the CID. After the court issued an order to show cause, Public Data filed a response and the Bureau filed a reply, followed by a show cause hearing on April 26, 2017.
Public Data raised four objections to the CID: (1) that the CFPB exceeded its statutory authority; (2) that the CFPB lacked jurisdiction over Public Data; (3) that the CID failed to identify the nature of conduct under investigation as required by statute; and (4) that the CID was overbroad.
On June 6, 2017, the U.S. District Court for the Northern District of Texas rejected all four of Public Data’s arguments and ordered Public Data to comply with the CID. Of note, this case was the first test of whether and how courts will apply the D.C. Circuit’s decision in CFPB v. Accrediting Council for Independent Colleges and Schools, 854 F.3d 683 (D.C. Cir. 2017) (“ACICS”), where the court found that the notification of purpose in the CFPB’s CID failed to “adequately inform ACICS of the link between the relevant conduct and the alleged violation.”
The district court found that the CID at issue in Public Data “presents a closer case” than the one in ACICS. Here, despite the fact that the CFPB’s notification of purpose only generally identified the subjects of the investigation and the violations of law, the district court was persuaded that the CID provided fair notice to Public Data. In reaching this conclusion, the district court noted that while in ACICS the Bureau acknowledged that “it lack[ed] statutory authority over the accreditation process of for-profit colleges,” here the CFPB “has broad statutory authority to investigate consumer reporting agencies.” According to the district court, that fact, along with the CFPB’s specific references to “consumer reporting agencies” and “the persons and specific laws at issue and other details” in the CID was sufficient to inform Public Data of the link between the relevant conduct and the alleged violation. In other words, it may be that the ACICS case represents a unique combination of factors that are not applicable to the vast majority of the Bureau’s CIDs. How other courts apply the ACICS decision and handle challenges to CFPB CIDs bears watching.