Ruling Protects Employers from FCRA Privacy Right Violation Claims

In the March 2017 Dilday v. DirectTV decision from the Eastern District Court of Virginia, employers received some relief from lawsuits for certain technical violations of the federal Fair Credit Reporting Act (FCRA).

Of special importance, the court rejected the notion that plaintiff Dilday suffered harm based on the argument that his right to privacy was violated due to a mere technical infraction of the FCRA. This finding narrows the grounds on which plaintiffs can claim employers broke consumer protection laws. The ruling limits the meaning of “injury-in-fact” under the FCRA in cases where consumer information is improperly shared.

The Dilday ruling contradicts the findings of the earlier case Thomas v. FTS USA, from the Eastern District Court of Virginia, where that judge found the FCRA confers “a right to the privacy of one’s personal information.” These conflicting rulings point to the likelihood that the issue in these cases will eventually be heard again by the U.S. Supreme Court. In the meantime, at least some employers get some relief from Dilday.

The Dilday Verdict

In the verdict in the case Dilday v. DirectTV, Judge Henry Hudson ruled that the plaintiff, Michael Dilday, did not have standing to sue DirectTV for a misuse of his consumer credit report because he did not show that a “concrete harm” had occurred or was likely to occur. DirectTV had received Dilday’s credit report from Equifax without his knowledge or consent.

In his opinion, Judge Hudson frequently cites the 2016 Supreme Court decision in Spokeo v. Robins, which defined the test that to prevail under the FCRA plaintiffs must establish “a concrete and particularized injury” and not merely show that a technical violation of the consumer-protection statute had occurred. The Supreme Court sent the issue to Spokeo back to the 9th Circuit of Appeals to clarify the conditions for standing in FCRA cases.

Privacy and the FCRA

Judge Hudson analyzed the right to privacy under common law and precedent, and concluded that Dilday’s privacy was not violated. The judge reasoned that an invasion of privacy may occur due to “publicity [emphasis added] given to private life,” among other factors. The judge’s decision rests in part on the distinction between “publicity” and “publication,” finding a distinction between publicity (to share widely and intentionally) and mere publication to DirecTV by Equifax. In short, the court found that the non-consensual publication of Dilday’s consumer credit report was not concrete harm.

Therefore, Dilday could not prevail under the FCRA for a violation of privacy. Stay tuned to see how other courts interpret the Spokeo case.

About Michael Gaul

A security industry professional since 1988, Michael has extensive expertise in the fields of human capital risk management, physical security, and background screening process management. Michael leads Proforma’s sales, marketing, and strategic customer relations efforts.


View all posts by Michael Gaul →