FTC Fines Retailer For Violating FCRA

A retailer has agreed to pay $220,000 to settle claims alleged by the Federal Trade Commission that it failed to provide the proper records to individuals who claimed to be the victims of identity theft. The suit marks the first time that the FTC has used its powers under a section of the Fair Credit Reporting Act to require companies to provide such information within 30 days of it being requested by an individual.

“If someone stole your identity, it’s your right to get the records related to the theft – and that’s a right the FTC takes seriously,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, in a statement. “This case is a warning to other companies: We will hold you responsible if you fail to give identity theft victims the required business records.”

The suit alleges that the retailer — Kohl’s — had a policy in place for more than two years that limited the information that victims of identity theft could obtain. The identity of the identity thief, for example, would only be shared with law enforcement or the victim’s attorney, according to the complaint. Kohl’s refused to provide certain details, such as the address or phone numbers that were listed on fraudulent applications or the shipping addresses on fraudulent orders. Kohl’s also did not provide the information it was supplying within the 30-day window required by the FCRA.

Along with paying the fine, the company has agreed to alter its business practices to comply with the provisions of the FCRA.

“Kohl’s takes compliance matters seriously, including the responsibility to assist victims of identity theft,” the company said in a statement. “Kohl’s has coordinated with the Federal Trade Commission (FTC) to take measures to address their concerns and revise our policies accordingly. In February 2020, Kohl’s notified approximately 50 Kohl’s customers to resolve any outstanding requests. We believe the matter has been transparently addressed to resolution.”

Check Also

Appeals Court Upholds Dismissal of FDCPA Third-Party Disclosure Case

Even though its representative may not have followed the exact protocols for placing a location …

Leave a Reply

Your email address will not be published.