WASHINGTON - The credit reporting industry is suing federal regulators, charging that new privacy rules are unconstitutional.
A lawsuit filed by Individual Reference Services Group Inc., a Baltimore-based trade group representing credit bureaus, claims that the new privacy protections illegally limit their ability to collect information about consumers.
The suit, filed in the U.S. District Court for the District of Columbia last month, charges that the rules improperly expand the definition of nonpublic personal information to include "credit header data" -he most basic data in a credit report, including a consumer's name, address, previous address, and telephone number.
As written, they argue, the final rules would unfairly limit their ability to collect and disseminate such information.
"The final rules constitute final agency action that is arbitrary, capricious, an abuse of discretion, in excess of statutory authority, and contrary to constitutional rights," according to the suit.
Next month the trade group plans to ask the court to impose a preliminary injunction to prevent the rules from taking effect Nov. 13, according to its attorney, Ronald L. Plesser, a partner with Piper Marbury Rudnick & Wolfe LLP in Washington. Compliance is voluntary until July 1.
Experian Information Solutions Inc. of Orange, Calif., filed a similar lawsuit last month. If credit header information is covered by the rule, Experian would have to look elsewhere to assemble that data, a company spokesman said.
The Gramm-Leach-Blilely Act of 1999 mandated the new rules to protect consumers' privacy in an era of increasing consolidation among banks, insurers, and brokers. Seven federal agencies have issued rules to implement the new law.
Under the rules, information provided by a customer is considered nonpublic, and therefore protected, unless the company has a "reasonable basis" for concluding the data is publicly available. Banks are not allowed to share that information with outside companies - such as credit bureaus - without first getting the customer's permission. This would add an extra step for credit bureaus and could reduce the number of names they could use.
