What exactly is a PRM... Well, the statute says, that a PRM is any report which is limited to ONLY... So essentially the name and address of the consumer is provided with a 'tracking code' of sorts to enable the company to identify the consumer's batch (i.e. which CRA, and which criteria lead to that consumers selection in that PRM); and the THOUSAND DOLLAR limit in this case, any other information portaining to the consumer that doesn't provide any information on any specific trade line. This is the catch-all which would allow for the type of information provided, if there was a valid permissible purpose under Section 604(c); *AND* if Section 604(c) disclosures, weren't prohibited based on Section 604(e) status, which is what they were requesting. A logical catch-22.
Re: Re: No Such Thing As A Non-PP!?!?!? Well, as far as I know, they can figure this one of many ways... These are the ones that I could think of off the top of my head... Remember CRA's are for data manipulation and statistical analysis of financial data. 1) When you apply for credit, what is the one question always asked... INCOME... 2) They know your employer, they know or can discern what industry that employer is in, so they can approximate income based on that industry's averages. 3) They know how much you owe, how much your monthly payments are, and can reverse engineer using statistical averages on how much of an income those payment ratios convert to. Combine more of these (and things that I couldn't even begin to think of) and they can come out to a pretty good rough estimate as to what your income is.
Re: Re: No Such Thing As A Non-PP!?!?!? jam so in this PRM senerio would it be possible for a CRA to disclose a consumers SS# in addition to the name & address?
Re: Re: No Such Thing As A Non-PP!?!?!? Fun: If we read the third section literally, since the SSN & DOB don't portain directly to any specific trade line, if a company wanted to ask for that information under a PRM, the limit looks like, literally, it would be allowable. And if we take Company 2's position, that you can play "20 Questions" about a consumer's credit file, without a permissible purpose, "as long as it doesn't portain directly to any specific trade line", we're walking into a slippery slope, where any company could ask a CRA for all of our PII (Personally Identifying Information), without our knowledge or consent.
Re: Re: No Such Thing As A Non-PP!?!?!? A wide open opportunity for identity theft, even as businesses are under tightening regulations for safe disposal (with destruction) of employee and customer information containing personal identity data. Hmm... CRAs are also under Federal law about what they can disclose and to whom. You may have noticed recent CRs with truncated account numbers, to comply with FACTA. Did the company call the CRA and just say "We have a complaint from John Doe. Is his DOB 12-34-56 and his SSN 123-45-6789?" Or did they say "We have a complaint from John Doe at 123 Main St. Anytown ST. What is his SSN and DOB?"
Re: Re: No Such Thing As A Non-PP!?!?!? "(2) Limits on information received under paragraph (1)(B). A person may receive pursuant to paragraph (1)(B) only (A) the name and address of a consumer; (B) an identifier that is not unique to the consumer and that is used by the person solely for the purpose of verifying the identity of the consumer; and (C) other information pertaining to a consumer that does not identify the relationship or experience of the consumer with respect to a particular creditor or other entity." Item (B) above specifically rules out providing SSN in response to a PRM inquiry. Item (C) rules out TLs. Only name and address. If SSN can't even be provided by a PRM, which has a limited PP, how can it just generally be provided with no PP at all? The reasons for PP given in this section are the ONLY reasons for a CRA providing a consumer's information, including even his name and address.
Re: Re: No Such Thing As A Non-PP!?!?!? from what I understand here PRM's are shown by the CRA as soft hits? I have been reading that CRA sell data. some of this data was used by creditors to see if consumers matched their credit criteria."to solicit or extend credit offers. how much of that info is actually sold, according to your discussion here you mention name, address period. my question is ..as jam stated how do we know if or when the line has been crossed? creditors can call and ask 20 questions w/o our knowledge. and if the CRA doesn't list the iq its like no harm done but eventually they screw up somewhere and a consumer finds out then what opps sorry who cares if it caused the consumer any problems as long as the CRA make money. *** never mind facta laws what about privacy laws. CRA provide to much data on their reports and list consumers ss# all over every document they deal with. why is it necessary for a consumer to disclose their entire ss# why not the last 4 digits and a password or other ID info. the CRA should treat that info like an acct # and not display the entire SS#. that way ID theft wouldn't be as big of a problem. I personally feel uncomfortable giving my ss # to anyone unless its in person. since theifs steal mail its an instant jackpot for id theft when they find a CR or documentation from a CRA it just contains too much info in my opinion how about this one... A creditors claims they have my ss# therefore I owe a debt they have no proof but since they can verify my personal info with the CRA guess what they are free to report whatever they want . oh and I can even print out whatever I want on my computer to say someone owes me a debt how is that for security or proof, its not, its just a credit nitemare waiting to happen. now for the fun part .. trying to get the CRA to remove the invalid acct even if you can prove its not accurate, they refuse to delete it unless the creditor instructs them to.why they get paid to report it. so now we have the justice system, consumers flocking to the courthouse in droves clogging up the docket and tax $ to litigate an issue that could have been prevented or resolved w/o all the red tape. gee no wonder criminals go free. sorry for ranting here just tierd of all the drama bottom line laws need to be changed but won't unless we take action so write a letter to the FTC and express your opinion today stop the madness.
Re: Re: No Such Thing As A Non-PP!?!?!? ontrack: (B) doesn't preclude anything. It only states that they may include a small token identification code to identify where the consumer came from. For instance, if my 'original' PRM (The LEGITIMATE Credit Offer one which started this whole issue) had attached a token of PITA-535764435-335, the company could plug in that code to identify which CRA, and which parameters I matched to respond to my complaint. There was no need to go to the CRA for any additional information. The only thing they were asked to do in my complaint was to take 2 seconds, type my name and address, and identify the name and address of the CRA which provided them with my information. That is all they were authorized to do, and when they contacted that CRA for any reason, they violated the law. As soon as the company provided me the information on which CRA was involved, I was prepared to handle it like a big boy... Instead they chose to violate, and ask for information from the CRA without my permission, and without a permissible purpose under the FCRA, and now they've gotten themselves into the quicksand. In fact, I had already begun handling it like a big boy, by sending all four CRA's the permanate PRM opt-out reminder, which seems to have gotten the applicable CRA to begin their easter-egg hunt to start finding these missing PRMs. The FCRA doesn't allow for a company to create their own permissible purposes, on their whim. The law created only a specific few permissible purposes (and only one permissible purpose under the PRM section) for a reason. (C) opens it up for any information which is not specifically contained in any trade line. This is usually considered to be anything which is above-the-fold when they prepare our consumer report. I didn't say that in this case they *DID* ask for my SSN & DOB information, I will take the company on their self-detramental declaration that they only requested that one piece of information; the question asked was COULD THEY under this scenerio just have easily asked for more sensitive information, and since SSN & DOB are both above-the-fold information, the answer is yes. Do I believe that the CRA would answer that question if they would have asked that one? I hope not!
Re: Re: No Such Thing As A Non-PP!?!?!? The most valuable position to reinforce is that any information the CRA provides to others requires notice to the consumer in the form of an inquiry. If you can't see it, you can't do anything about it, short of stumbling across it during discovery. The next most valuable position to reinforce is that disclosures to users be in conformance with the requirement for a PP, and that the PP be correctly disclosed to the consumer. It looks like the CRA is CYA with their late reporting of inquiries, but without the company's separate information to you, you would never even know this. This does not look like reasonable procedures to ensure compliance with FCRA, if the consumer can't even audit their compliance.
Re: Re: No Such Thing As A Non-PP!?!?!? You might see if there is anything useful in the Gramm-Leach Bliley Act: http://www.ftc.gov/privacy/glbact/
Re: Re: No Such Thing As A Non-PP!?!?!? And the disclosure to the company after the fact, still is not being disclosed. So, I offered the CRA a 'reverse' on Dixie's CYA, and offered them a little bit of a hint that, from recent communications to the company which asked for the disclosure, it appears that they may have deceived them into believing that the company had a permissible purpose to ask for that information, but the only way that I can know for certain is to get it from them. Even with that break, the CRA is still on the hook for at least 5 failure to properly disclose violations, and I'ld be more than willing to settle for 50% on that, if they can provide documentation, evidence, and testimony, if needed, of how the company asked for the information disclosed... Whether they asked for it under their company's blanket PP, claimed a PP, claimed my written permission, or somehow else.
Ok... I have to try to keep laughing... If not, I may begin using colorful verbiage that I would probably get banned for, and end up doing a whole lot more harm than good... Anyway... Yesterday, I received from the CRA in question, a results report, I knew there had to be something a little bit off, because it looked thicker than it should... Well, I took time this morning to look over it with a fine tooth comb (see if any more inquiries were disclosed, etc.). And... On the back of page 9 of 9, was page 1 of 4! So after they got the letter from the BBB stating that I had not received a response yet, I was split... Not only that, but on the split file, the account that I'm currently fighting on my 'real' file wasn't there, but the file which was deleted by the DF, after they received my C&D, was there. I decide to try to do the two minute phone call, that I was able to do the last time that my file was split, "Hello, my file is split, please merge, thanks." "Ok, it's done, you'll have a copy of the corrected report in a few days." "Your file is being handled by another office, please hold." I've been PH 6068'ed. Ok, now, everyone, make me laugh, before I scream, and as Sassy pointed out, I can scream, and shout... What can I say, I've got part German, Part Irish, two big parts hot tempers... and they're getting them to boil...
Chuckling because I share much of your ancestry (German, Scottish, Irish and Welsh).... But confused... what is PH? (Got the defination but what does it mean?)
(NON)Priority Handling... In other words, when you call to do anything, you get stuck in voice mail ****, and never get anywhere... In other words, you're PITA factor has exceeded the levels which they are comfortable with, or think that you have one **** of a case against them, that they are afraid of having anyone talk to you, for fear that they'll say or do something which will bring forth litigation.
How does this meet their FTC mandated requirement to provide an 800 number with actual human response within an acceptable time, xx% of the time? Do they in fact call back? Can you train them to?
I didn't even leave a message... I was so tempted to call their BBB, and ask them if they had 3-way calling, so that they could document how the company retaliated against me for complaining to them about the company's policy, and inquiring as to whether that was consistent with the BBB's membership guidelines...
And you didn't?!?!?! hehe Tell me, is it common for those of in in the business of making our credit reports accurate to gain this distinguished title?
Do a search on it, you'll see that I'm in very distinguished company... Some people are probably surprised that it's taken me this long to be labeled... After all, I am usually as subtle as a sledgehammer...
