Drew v. Equifax Information Services, LLC

690 F.3d 1100, 2012 WL 3186110, 2012 U.S. App. LEXIS 16378

• Court: Court of Appeals for the Ninth Circuit
• Decided: August 7, 2012
• Docket: 11-15008
• Status: Published

Opinion

OPINION

McKEOWN, Circuit Judge:

This case lends credence to the old adage that bad things come in threes. Eric Drew is a cancer survivor, who required experimental leukemia treatment. During his treatment, Drew’s identity was stolen by a hospital worker. Finally, when Drew attempted to remedy the identity theft, the banks and credit rating agencies were allegedly uncooperative, and continued to report the fraudulently opened accounts, and in the case of one bank, the thief s address was tagged as Drew’s.

The district court granted summary judgment in favor of Chase Bank on Drew’s false-reporting claims under the Fair Credit Reporting Act, 15 U.S.C. § 1681s-2(b) (FCRA). Because issues of material fact remain as to Chase’s alleged violations of the FCRA, we reverse the judgment as to these claims. We also reverse the district court’s dismissal of similar claims against FIA Card Services (“FIA”) on statute of limitations grounds. We affirm the denial of Drew’s motion to amend to reinstate his claims under California law.

Background 1

Nearly a decade ago, in September 2003, Eric Drew began receiving experimental treatment for leukemia in Seattle. After this treatment was unsuccessful, Drew was hospitalized in Minnesota from July 2004 to January 2005 for an experimental program that proved effective. 2 Soon after starting his treatment in Seattle, Drew received letters and calls from banks and other financial institutions, which initially thanked him for recent credit application requests, but soon began demanding payments on Seattle-based accounts he had never opened. Drew filed a police report alleging identity theft with the police department in Santa Clara, California, where he resided. The identity thief, who was a phlebotomist at a Seattle hospital, was arrested and convicted a few months later, after news media publicized Drew’s predicament.

Unfortunately for Drew, his saga was not at an end. Drew had to close bank accounts, block credit reporting, and get Automated Consumer Dispute Verification forms (ACDVs) issued to various banks that furnished information regarding the fraudulent accounts the thief had opened. Drew’s claims relate to only two actors in this credit dispute: Chase Bank and FIA Card Services.

I. Interactions With Chase

Along with other banks, Chase sent a letter to Drew at his California address thanking him for applying for the credit card, and issued him a card on November 12, 2003. Drew called Chase to dispute the account in late November 2003. A fraud department employee informed Drew that the account had not yet been opened or reported, and that Chase would contact other issuing banks and credit reporting agencies (“CRAs”) so that Drew would not be associated with the fraudulent Seattle address and the fraudulent accounts. Chase immediately closed the account and reported it to the credit agencies as lost or stolen. It is undisputed that as a result, no charges could be added to the account. Chase also faxed a copy of the fraudulent application to the police.

In the meantime, Drew reviewed his credit report in mid-January 2004. He discovered multiple fraudulent accounts had been opened in his name. On January 20, 2004, he contacted various CRAs to report the fraudulent accounts. The next day, TransUnion, one of the credit agencies, deleted various accounts, including the Chase account, from its credit file. TransUnion also forwarded a block notice communication to the various banks, including Bank One, Chase and Citibank, advising them that the accounts were presumed to be fraudulent and that the banks must contact the consumer and take measures to block any future reporting of the accounts. Chase did not take any action in response to the block notice from TransUnion. The remaining banks blocked reporting of the account.

In early 2005, Drew returned to California, ordered and obtained an Old Republic Credit Services credit report (“Old Republic Report”), and discovered that Chase had continued to report the account as lost or stolen in Fall 2004. He again eom plained to the CRAs. The second time was the charm: Chase deleted the account in February 2005, and sent a notice to the CRAs to delete the account. However, in October 2005, Chase also followed up with letters sent to the thiefs address with the account number, and allegedly re-reported the identity thiefs Seattle address as Drew’s address.

II. Interactions With FIA

FIA first issued a card in Drew’s name on January 6, 2004, and so did not receive the January 21, 2004 TransUnion block notice. 3 Drew wrote to TransUnion to dispute the FIA account on March 4, 2004. TransUnion forwarded notice of the dispute to FIA on March 8, 2004; FIA received the dispute on March 11, and verified the account the very next day. Drew claims he was not aware, until January 2005, of FIA’s investigation and verification of the account, nor that the account was still being reported to CRAs.

In April and May 2004 Drew received several collection calls and account statements from FIA concerning the fraudulent account; he called FIA on April 21, May 6 and July 14, 2004, to dispute the account as fraudulent. In May, FIA informed Drew that an investigation had begun, but that the account could not be closed pending investigation. In a July 14 conversation with FIA, Drew alleges that he was promised that collection efforts would stop, the fraudulent account would be deleted, and all records corrected if he completed a fraud affidavit form and sent it to the bank. FIA received the fraud affidavit from Drew on July 19, 2004 and closed the account on July 28, 2004, crediting the charges.

From July 2004 to January 2005, Drew was hospitalized in Minnesota. Upon reviewing the Old Republic Report, Drew discovered that the FIA account was reported as a derogatory item, and his credit score had been affected. Drew disputed the account again. FIA discontinued reporting the account in October 2005, but one CRA continued reporting the account. Drew disputed it once more, but FIA again verified the account as belonging to Drew with the thiefs address as Drew’s former address. As of February 19, 2008, FIA’s computer system continued to list the thiefs phone number as the home phone number for Drew.

III. Procedural History

Drew’s First Amended Complaint alleged violations of the FCRA as well as various California law claims with respect to Chase and FIA. Upon challenge from the banks, Drew dropped certain California law claims early in the litigation. In 2009, the district court initially denied the banks’ motions for summary judgment on the FCRA claims. Drew then sought to revive his California law claims and Chase and FIA filed motions for reconsideration. In 2010, the court reversed course and granted the banks’ motions for summary judgment, but denied Drew’s motion for leave to amend. Drew appeals both rulings.

As evidenced by the district court’s change of heart, the issues in this appeal are complex and present close questions of first impression, primarily because of disputed factual issues. “We review the district court’s grant of summary judgment de novo,” and reverse. Vander v. United States Dep’t of Justice, 268 F.3d 661, 663 (9th Cir.2001) (citation omitted). We affirm the court’s denial of leave to amend, which we review for abuse of discretion. Jackson v. Bank of Hawaii, 902 F.2d 1385, 1387 (9th Cir.1990).

Analysis

I. FCRA Claims Against Chase

Drew claims that Chase fell short of its FCRA duties by reporting an account that was actually fraudulent as a “lost or stolen account” that belonged to Drew. He argues that Chase should have blocked reporting of the account altogether. Drew also alleges that Chase reported the thief s address as his own.

The FCRA sets out a series of procedures that dictate how a furnisher must investigate and correct erroneous information. Upon being notified of a dispute by a CRA, a furnisher must investigate and, if necessary, correct the information it reports. Failure to do so renders it liable to the consumer for damages. Here, Chase’s duties were triggered by the January 2004 block notice from TransUnion. Although Chase’s investigation was sufficient, factual issues remain as to whether reporting the account as lost or stolen may have violated the FCRA. An issue of fact also remains as to whether Chase violated the FCRA by allegedly misreporting the identity thiefs address as belonging to Drew.

A. Triggering Notice from TransUnion

For Chase to owe any duty to Drew, Chase must be notified through the appropriate channels under the FCRA. Chase first disputes whether its duties were triggered at all, because it never received proper notification of Drew’s dispute as required by subsection (b). 15 U.S.C. § 1681s-2(b). This question is one of first impression.

Chase’s duties under subsection (b) are triggered only after “receiving notice pursuant to” § 1681i(a)(2), under which a CRA provides a “notification” to a furnisher which includes “all relevant information” regarding the dispute. Thus, Drew’s direct complaint to Chase in November 2003 would not have triggered any duty since it was unaccompanied by CRA notification. See Gorman v. Wolpoff & Abramson, LLP, 584 F.3d 1147, 1154 (9th Cir.2009) (“These duties arise only after the furnisher receives notice of dispute from a CRA; notice of a dispute received directly from the consumer does not trigger furnishers’ duties under subsection (b).”). Chase, however, received a notice from TransUnion, a CRA, in January 2004 that would have triggered its statutory duties. Chase disputes that this was a triggering notice, claiming that it was simply a “fraud block notification” rather than an “automated consumer dispute verification,” and TransUnion “did not expect” Chase to perform any action. Unlike Chase, the statute appears more concerned with substance than nomenclature. Section 1681i concerns the duty of a CRA if a consumer disputes information in a report. In particular, § Í681i(a)(2)(A) provides:

Before the expiration of the 5-business-day period beginning on the date on which a consumer reporting agency receives notice of a dispute from any consumer or a reseller ... the agency shall provide notification of the dispute to any person who provided any item of information in dispute [in this case, Chase], at the address and in the manner established with the person. The notice shall include all relevant information regarding the dispute that the agency has received from the consumer or reseller.

What Chase disparagingly refers to as TransUnion’s “fraud block notification” was just that — a “notification” within the meaning of § 1681i(a)(2), sufficient to trigger Chase’s FCRA duty. TransUnion’s letter to Chase stated that Drew “has advised our office that a fraudulent application was submitted to your company with the consumer’s identification, but without, his/her knowledge and consent.” Even if the statute required the notification to tell Chase what TransUnion “expected]” Chase to do — which it does not — the letter noted that TransUnion had blocked the account, and suggested that Chase should do the same: “You ... must ensure that the account is unblocked only if ... [i]t was blocked due to fraud [or] [t]he consumer agrees that the blocked information was blocked in error. Additionally, please take all of the necessary steps to ensure that this account is not reported by you.... ” (emphasis added). Ultimately, as we have noted in Gorman, an inadequate CRA notification may limit the scope of a furnisher’s § 1681s — 2(b) duty, for example, by excusing a more limited investigation; it does not, however, eliminate the duty altogether. Gorman, 584 F.3d at 1157 n. 11. Accordingly, although Drew’s communication with Chase had no statutory impact, TransUnion’s notification was sufficient to trigger Chase’s duties under the FCRA.

B. Statutory Duties

Chase’s statutory duties required it to engage in an investigation. If the investigation found a problem with the . previously reported information, the FCRA then dictates that Chase must rectify past misreporting by informing the CRAs of the problem. The statute also obligates Chase to prevent future misreporting by modifying, deleting, or blocking the inaccurate item, as appropriate. Each of these duties is laid out in a separate subparagraph of § 1681s — 2(b)(1):

After receiving notice pursuant to section 1681i(a)(2) of this title of a dispute with regard to the completeness or accuracy of any information provided by a person to a consumer reporting agency, the [furnisher] shall—

(A) conduct an investigation with respect to the disputed information;

(D) if the investigation finds that the information is incomplete or inaccurate, report those results to all other consumer reporting agencies to which the person furnished the information and that compile and maintain files on consumers on a nationwide basis; and

(E) if an item of information disputed by a consumer is found to be inaccurate or incomplete or cannot be verified after any reinvestigation under paíagraph (1), for purposes of reporting to a consumer reporting agency only, as appropriate, based on the results of the reinvestigation promptly—

(i) modify that item of information;

(ii) delete that item of information; or

(iii) permanently block the reporting of that item of information.

Drew claims that Chase failed in its duties because: (1) its investigation in response to the TransUnion notification was deficient; (2) Chase continued to report the account as belonging to Drew, albeit as lost or stolen, instead of blocking it; and (3) Chase reported the thief s address as Drew’s. The first of these claims fails as a matter of law but, as to the remaining two allegations, Drew has sufficiently raised material factual issues that permit his claim to survive summary judgment.

Chase’s investigation was legally sufficient under subparagraph (A). Drew had already spoken directly to Chase about the fraud in November 2003; Chase conducted an investigation and was already one step ahead of TransUnion by the time it received the fraud notification in January 2004. Chase’s investigation had in fact yielded the correct result — the bank concluded that the account was fraudulent and reported the fraud to the police. TransUnion’s report did not “indicate] ... that the initial investigation lacked reliability or that new information was available to discover,” and therefore, Chase was under no duty to repeat its investigation. Gorman, 584 F.3d at 1160. Thus, Chase complied with its investigatory duties under subparagraph (A).

The most thorough investigation means nothing, however, if the results of the investigation are not put to good use. Sub-paragraphs (D) and (E) of § 1681s — 2(b)(1) required Chase to rectify past misreporting and prevent future misreporting of information that is “incomplete” and “inaccurate.” Drew raises a material issue of fact as to whether reporting that the fraudulent account was lost or stolen constituted “incomplete” and “inaccurate” reporting in violation of subparagraphs (D) and (E).

“[A]n item on a credit report can be ‘incomplete or inaccurate’ ... ‘because it is patently incorrect, or because it is misleading in such a way and to such an extent that it can be expected to adversely affect credit decisions.’ ” Carvalho v. Equifax Info. Svcs., LLC, 629 F.3d 876, 890 (9th Cir.2010) (quoting Gorman, 584 F.3d at 1163) (emphasis added). Although we have never squarely addressed the issue, our precedent suggests that, at the very least, information that is inaccurate “on its face,” is “patently incorrect.” Id. at 891 (noting that there was no “patent error” because the information reported was “correct on its face”); see also Koropoulos v. The Credit Bureau, Inc., 734 F.2d 37, 40 (D.C.Cir.1984) (suggesting that under § 1681e, a CRA is liable for reporting information that is “technically untrue,” as well as in various other circumstances). A jury may well find that reporting the fraudulently opened account as a lost or stolen account belonging to Drew was untrue or facially inaccurate.

The district court’s dismissal of Drew’s claim appears to flow largely from its exclusion as hearsay of a key piece of evidence, the Old Republic Report, which shows that Chase reported the item as Drew’s lost or stolen account. Without this report, there was scant evidence that Chase had engaged in misreporting. However, the court’s ruling was in error.

In Gorman, MBNA Bank asserted that a credit report offered in support of plaintiff Gorman’s claim regarding the bank’s failure to report a dispute was hearsay. As we explained:

Gorman does not rely on the credit reports for the truth of the matter asserted therein; in fact, as he notes, he disputes the truth of their contents. Instead, Gorman offers them to prove that no statement noticing the dispute was made. ‘If the significance of an offered statement lies solely in the fact that it was made ... the statement is not hearsay.’

584 F.3d at 1164 (quoting United States v. Dorsey, 418 F.3d 1038, 1044 (9th Cir.2005) (ellipsis in original)). Similarly here, Drew offers the report only to show that the “statement ... was made” rather than for its truth. Like Gorman, Drew claims the report is inaccurate. 4 Finally, even if the report were inadmissible, like the plaintiff in Gorman, Drew represents that “he had reviewed [the] ... report[ ]” and discovered the disputed information; under Gorman, Drew’s “statement [itself] is admissible evidence” of the misreporting. Id.

A jury may also conclude that reporting the identity thiefs address as Drew’s violated Chase’s duty under the statute to correct inaccurate reporting. Subparagraph (E) requires Chase to modify, block or delete any inaccurate “infor mation.” Nothing in the statute suggests that an incorrect address falls outside the purview of the “information” that must be verified and corrected. Indeed, the statute elsewhere recognizes the sensitivity of a consumer’s address. In 15 U.S.C. § 1681c(h), Congress provides that if a CRA receives a “request [that] includes an address for the consumer that substantially differs from the addresses in the file of the consumer ... the consumer reporting agency shall notify the requester of the existence of the discrepancy,” and goes on to prescribe regulation requirements so that the user of the report can confirm the identity of the consumer. 5

C. Damages

Finally, Chase paradoxically faults Drew for failing to allege sufficient damages under the statute, while at the same time admitting that Drew provides evidence of his emotional distress due to the alleged misreporting. The FCRA permits “recovery for emotional distress and humiliation.” Guimond v. Trans Union Credit Info. Co., 45 F.3d 1329, 1333 (9th Cir.1995). As Drew and his psychological expert explained, the identity theft caused Drew grave post-traumatic stress due to his weakened condition and his continued association with the fraudulent accounts exacerbated his condition. Because Drew supplies evidence of emotional distress experienced as a result of the misreporting, we therefore decline to dismiss on this ground. Chase also disputes Drew’s claim that repeated inquiries about his account may have affected his credit score. Because we conclude that Drew has alleged sufficient cognizable damages to survive summary judgment, we leave this issue for the district court to resolve.

We conclude that TransUnion’s notification triggered Chase’s duties under the FCRA, that material issues of fact remain as to whether Chase violated those duties, and that Drew’s claim of emotional damages is cognizable under the FCRA.

II. Claims Against FIA and the Statute of Limitations

Instead of arguing, like Chase, that it satisfied its statutory duties, FIA raises a statute of limitations defense. Section 1681p(l) of the FCRA, a deceptively simple provision, sets the statute of limitations at “2 years after the date of discovery [or constructive discovery] by the plaintiff of the violation that is the basis for such liability.” 15 U.S.C. § 1681p; see Merck & Co., Inc. v. Reynolds, — U.S.-, 130 S.Ct. 1784, 1794, 176 L.Ed.2d 582 (2010) (constructive discovery generally read into discovery statutes). The statute also provides that all claims arising from the alleged violation will repose “5 years after the date on which the violation that is the basis for such liability occurs.” 15 U.S.C. § 1681p(2).

There is no dispute about the date of filing or the length of the limitations period after tolling. Drew filed his action on December 18, 2006. He was hospitalized from July 2004 to January 2005. Accordingly, “drawing all reasonable inferences” in his favor, the district court tolled the statute of limitations for 5.5 months, a ruling that FIA does not challenge.

The harder question centers around when Drew’s cause of action arose. For Drew’s action to have been timely, his cause of action could not have arisen more than 2 years and 5.5 months before December 18, 2006, that is, before June 3, 2004. Drew offers two routes to support the timeliness of his action. First, he argues that he did not discover the alleged violation before June 3, 2004. Alternatively, he suggests that the statute of limitations was restarted by independent violations FIA committed in 2005. Because we hold that Drew could not have discovered the violations before June 3, 2004, we do not consider Drew’s alternate argument or FIA’s claim that Drew waived this second argument.

“[T]he ultimate burden is on the defendant to demonstrate that a reasonably diligent plaintiff would have discovered the facts constituting the violation.... [FIA must] demonstrate how a reasonably diligent plaintiff ... would have discovered the violations.” Strategic Diversity, Inc. v. Alchemix Corp., 666 F.3d 1197, 1206 (9th Cir.2012). Summary judgment is defeated if FIA fails to meet this burden and material issues of fact remain as to “whether plaintiffs knew or had reason to know of the specific” violation. NormanBloodsaw v. Lawrence Berkeley Lab., 135 F.3d 1260, 1266 (9th Cir.1998).

In March 2004, after Drew disputed the FIA account, TransUnion contacted FIA to inform it of the fraud, and FIA incorrectly verified the account in response. FIA must show that Drew knew before June 2004 that FIA had failed to comply with its duties under the FCRA, in particular, its duty to investigate.

As Gorman explains, an FCRA violation is tied to the reasonableness of an investigation rather than the accuracy of its results. In Gorman, over a furnisher’s objection, we held that upon receiving notice of a dispute from a CRA, a furnisher’s investigation must be “reasonable.” 584 F.3d at 1155-57. In so concluding, we did not hold the furnisher to an impossible standard that rendered it liable anytime its investigation did not reach the correct result. We recognized that factors beyond a furnisher’s control may doom the most conscientious investigation to an erroneous result: for example, we noted that in Gorman, a CRA had provided the furnisher with “scant information,” to carry out the investigation. Id. We therefore concluded that the furnisher’s inaccurate reporting after an investigation was not dispositive proof that its investigation was unreasonable, as despite reasonable efforts, it may not have been given sufficient information to reach the correct conclusion despite reasonable efforts. Id. at 1157. In short, “[a]n investigation is not necessarily unreasonable because it results in a substantive conclusion unfavorable to the consumer, even if that conclusion turns out to be inaccurate.” Id. at 1161. Thus, Gorman imposes fault, not for an investigation that produces incorrect results, but for an unreasonable investigation.

Gorman’s approach, which favored the furnisher in that case, cuts against FIA here. Drew notes that he had no knowledge of what TransUnion relayed to FIA, or “even if the credit agency passed on the relevant information.” Even if the CRA had “passed on the relevant information,” Drew did not know what information was available to the bank for its investigation, and had no basis in June 2004 to judge whether the investigation was reasonable. In fact, the record falls short of showing even that Drew knew that FIA’s investigation had concluded.

According to FIA’s chronology, Drew must have discovered the violations between April 21 and June 3, 2004, because on April 21, and again in May, Drew received collection calls from FIA, and in those calls, Drew disputed the accounts on which FIA sought collection. FIA argues that these calls should have made Drew aware both that an investigation was completed, and that the investigation was faulty. Yet, the record does not show how Drew could have known either fact. In April, Drew received his first collection call; in May, Drew was informed only that the charges could not be removed from his account “until [the] investigation [was] ov[e]r.” 6 There is no indication that Drew could have divined from these calls that a previous investigation had already occurred and been completed when he was told there was an ongoing investigation. Drew says as much, noting that he “was unaware of the prior investigation.” Indeed, Drew could have reasonably concluded that the May investigation was an ongoing response to TransUnion’s March correspondence as the record suggests that three months would not have been an unreasonable time for an investigation: the May investigation itself only concluded in July.

Thus, FIA does not show how Drew should have guessed that its previous, undisclosed investigation failed to meet Gorman’s reasonableness standard. This is not to say that a plaintiff may never become aware of facts allowing him to conclude that an investigation was insufficient. As Drew noted, by 2005, Drew had provided FIA with relevant information himself; since he knew that FIA had this information, he also knew by that time that incorrect results could only be attributable to an unreasonable investigation.

FIA fails to meet its burden to conclusively show that Drew knew or should have known of the deficiencies in FIA’s investigation before June 3, 2004. Because material factual disputes remain, the district court erred in barring Drew’s claim under the statute of limitations.

III. Leave to Amend

In his initial complaint, Drew made a false start and alleged a violation under a non-existent California law subsection, Cal. Civ.Code § 1785.25(5). He then dropped this claim in June 2007, because he incorrectly believed that it was precluded by district court precedent that held that the FCRA preempted state law. In 2009, Drew advised the district court of our holding in Gorman in which we held that the FCRA did not preempt certain state claims, but he did not seek to amend his complaint to reinstate the claim. In fact, he made no effort to amend until the eve of the then-trial date. The district court’s denial of Drew’s motion to amend was not an abuse of discretion.

AFFIRMED in part; REVERSED in part. Each party shall bear its own costs on appeal.

1 . A portion of the record is under seal. This Opinion does not reference any of the sealed materials.

2 . Ordinarily we would not need to recount each date with such precision. We do so here because the timing matters both to the claims and FIA’s statute of limitations defense.

3 . The card was issued by Fleet prior to its merger with Bank of America, FIA’s predecessor in interest. We refer to FIA’s predecessors in interest as FIA for the sake of simplicity.

4 . Chase asks us to ignore the error in the district court's ruling because Drew failed to make his hearsay argument below and on appeal. Chase is mistaken. The argument was made both before the district court and in Drew's opening brief to this court.

5 . Although Chase challenges the evidence Drew offers, it does not challenge two letters Chase sent to the identity thief's address in October 2005, which discuss the credit inquiries into the account, and note that Chase “sent a request to each Credit Reporting Agency that we report information to,” regarding the inquiry. This evidence is sufficient to raise a material issue of fact as to Chase's liability under § 160Is — 2(b)(1)(E).

6 . FIA takes this argument as an equitable estoppel argument. However, this is not Drew’s argument: his point is simply that, because he believed that an investigation was ongoing, his claim did not accrue at least until he had reason to believe the investigation was over.