MEMORANDUM OPINION AND ORDER
DAVID L. HORAN, Magistrate Judge.
The Consumer Financial Protection Bureau has filed a Petition to Enforce Civil Investigative Demand. See Dkt. No. 1. Senior United States District Judge A. Joe Fish referred this petition to the undersigned United States magistrate judge for determination under 28 U.S.C. § 636(b). See Dkt. No. 5.
As the petition explains,
[o]n January 5, 2017, the Consumer Financial Protection Bureau (Bureau) issued a civil investigative demand (CID) to The Source for Public Data, L.P. (Public Data). The CID was issued as part of a nonpublic investigation to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer financial law. The CID required Public Data to produce documents and provide answers to interrogatories and a written report by February 16, 2017.
On January 25, 2017, pursuant to the Bureau's rules, Public Data filed a petition to set aside or modify its CID. The Bureau denied the petition on February 14, 2017, and the Bureau served the order on Public Data on February 16, 2017. That order directed Public Data to comply with the CID within 10 calendar days. The order also invited Public Data to engage in further discussions with Bureau staff about modifying the CID.
Public Data has not complied with the CID. Accordingly, the Bureau petitions this Court for an order requiring Public Data to comply with its CID.
Dkt. 1 at 1-2. More specifically, the Bureau's petition asks the Court to enter "[a]n order directing Public Data to show cause why it should not be required to comply with the CID" and, "[a]fter Public Data's response to the order to show cause, an order directing Public Data to comply with the CID within ten days of the order or at a later date as may be established by the Court or the Bureau." Id. at 3; see also Dkt. No. 2 at 5-6.
"In support of this petition, the Bureau has filed a memorandum of law with exhibits [Dkt. No. 2], including the Declaration of Erin Mary Kelly," who is "an Enforcement Attorney in the Consumer Financial Protection Bureau's (Bureau) Office of Enforcement" and "the lead attorney on an investigation to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq., Regulation V, 12 C.F.R. Part 1022, or any other `Federal consumer financial law' as defined by 12 U.S.C. § 5481(14)." Dkt. No. 2-1 at 1.
The Court issued an Order to Show Cause, and Public Data filed a response, see Dkt. No. 15, and a notice of supplemental authority in support of its opposition to the petition, see Dkt. No. 17, and the Bureau has filed a reply, see Dkt. No. 16.
The Court held a show cause hearing on April 26, 2017, at which the Bureau's counsel and Public Data's counsel appeared. See Dkt. Nos. 20, 24.
After the hearing, the Bureau filed a Notice of Supplemental Authority. See Dkt. No. 21. Public Data filed a response, see Dkt. No. 22, and the Bureau filed a reply, see Dkt. No. 23. The Bureau subsequently filed a Second Notice of Supplemental Authority. See Dkt. No. 25.
For the reasons and to the extent explained below, the Court GRANTS the Bureau's Petition to Enforce Civil Investigative Demand [Dkt. No. 1].
Background
The Bureau's petition explains that
[o]n January 5, 2017, the Bureau issued a CID to Public Data, a company that purchases or obtains public records from governmental entities and provides its users with access to these records via an internet website for a fee. The Bureau issued the CID as part of its investigation into possible violations of the Fair Credit Reporting Act (FCRA), 15 U.S.C. §§ 1681 et seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer-financial laws. The CID requires Public Data to respond to fifteen document requests, fourteen interrogatories, and one written-report request.
On January 25, 2017, Public Data petitioned the Bureau to set aside the CID (Petition). The Bureau denied the Petition on February 14, 2017, issuing an order that directed Public Data to produce "all responsive documents, items, and information within its possession, custody, or control that are covered by the CID" within 10 days. The order also invited Public Data to engage in further discussions with Bureau staff about modifying the CID. The Bureau served the order on Public Data on February 16, 2017.
Public Data has not responded to any of the CID requests. On March 6, 2017, Bureau counsel conferred with counsel for Public Data, Keith Barnett of Troutman Sanders, LLP. Counsel stated that Public Data did not intend to comply with the Bureau's CID. As of March 6, 2017, Public Data has not complied with the CID.
. . . .
The law is well-settled that administrative agencies should be given wide latitude in exercising their power to investigate by subpoena, including investigating by CID. It is also well-settled that the requirements for judicial enforcement are minimal. As a general rule, courts will enforce an administrative subpoena if (1) the subpoena is within the statutory authority of the agency, (2) the information sought is reasonably relevant, and (3) the demand is not unreasonably broad or burdensome. These three criteria are readily met here.
Dkt. No. 2 at 2, 3 (footnotes omitted).
The Bureau asserts that
[t]he Consumer Financial Protection Act of 2010 (CFPA) gives the Bureau authority to issue CIDs and to enforce them in federal district court. CIDs are a type of investigative, administrative subpoena. The Bureau may initiate a proceeding to enforce a CID by filing a petition to the federal district court where the CID recipient "resides, is found, or transacts business" for an order to enforce the CID. Because the Bureau has authority to issue the CID, and the Court has authority to enforce it, the Bureau respectfully requests that this Court order Public Data to show cause as to why it should not be required to comply with the CID and, thereafter, enter an order requiring compliance.
. . . .
[T]he CID falls squarely within the Bureau's authority. The CFPA broadly authorizes the Bureau to investigate violations of federal consumer-financial laws, including the Fair Credit Reporting Act and Regulation V, and to issue a CID to "any person" the Bureau "has reason to believe . . . may be in possession, custody, or control of . . . any information, relevant to a violation." Here, the Bureau followed all applicable procedural requirements for the issuance of a CID. The CID was issued by a Deputy Assistant Director of the Office of Enforcement and included a Notification of Purpose advising Public Data of the nature of the conduct being investigated. The CID was served by a Bureau investigator on Public Data's registered agent via certified US Mail, return receipt requested. The CID seeks information to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer financial law. Such an investigation is plainly an acceptable use of the Bureau's authority under the CFPA. Moreover, it is well-settled that "agencies should remain free to determine, in the first instance, the scope of their own jurisdiction when issuing investigative subpoenas." An agency such as the Bureau "has a power of inquisition . . . [and] can investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not."
Second, the information the Bureau seeks is relevant and material to its investigation. Courts traditionally give wide latitude in determining relevance in the context of an administrative subpoena, which must be enforced if the information sought could be pertinent to a legitimate agency inquiry. An agency request is relevant as long as it is "not plainly incompetent or irrelevant to any lawful purpose" of the agency. Here, the Bureau seeks materials as part of its investigation into whether the FCRA, Regulation V, and other federal consumer-financial laws have been violated in connection with the provision or use of public records information. Each request in the CID relates to Public Data's role in use or provision of public records. The information the Bureau seeks is relevant and material to the Bureau's inquiry into whether the laws the Bureau enforces have been violated in connection with the provision or use of public records information. Among other information, the Bureau has requested information about Public Data's: operations and structure; the products and services it offers; form contracts with its users; policies and procedures; data collection relating to the use or provision of public records information; databases and systems used in the provision of public records information; and information regarding consumer disputes about public records information.
Finally, the CID is not overly broad or unduly burdensome. The Bureau met with Public Data on January 17, 2017 for a meet-and-confer to discuss any possible modifications to the CID. Public Data did not make any specific requests to modify the requests, nor did it claim that the CID was overly burdensome. The Bureau fashioned the requests specifically to determine whether consumer reporting agencies, persons using consumer reports, or other persons may have violated the FCRA or other federal consumer-financial laws. The Bureau focused the requests on materials that should be readily producible and Public Data does not contend otherwise. Further, when the Bureau Director denied Public Data's Petition to Modify the CID, the order invited Public Data to engage with the Enforcement team to suggest modifications. To date, Public Data has not asked for any changes to reduce the breadth or burden of responding to the CID.
Dkt. No. 2 at 1, 3-5 (footnotes omitted).
In opposition to the petition, Public Data provides its own procedural history:
On January 5, 2017, the CFPB mailed its improperly issued CID to Public Data. The CID was received by Public Data on January 9, 2017. The CID provided the following inadequate and nonspecific Notification of Purpose under 12 C.F.R. § 1080.5:
The purpose of this investigation is to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer financial law. The purpose of this investigation is also to determine whether Bureau action to obtain legal or equitable relief would be in the public interest.
On January 17, 2017, Public Data's attorney met and conferred with the CFPB via teleconference about the defective CID in accordance with 12 C.F.R. § 1080.6(c). At this conference, Public Data's counsel advised the CFPB that it lacked jurisdiction over Public Data, that the Notification of Purpose stated in the CID was inadequate, and that the CID was grossly overbroad, especially since Public Data was not a CRA. Public Data also inquired into the factual basis for the CFPB's investigation as it had not received any client or employee complaints, and was unaware of any other grounds for such an invasive and sweepingly broad investigation. The CFPB refused to provide any substantive response and further would not consider any modifications to or narrowing of the CID. Accordingly, Public Data informed that it would be filing a petition to modify or set aside the CID, which it subsequently submitted on January 25, 2017.
On February 16, 2017, the CFPB's Director denied Public Data's Petition, seemingly as a matter of course, and issued a short, approximately three-page boilerplate decision and order directing Public Data to simply comply with the CID. On March 6, 2017, the CFPB conferred with Public Data's counsel who advised that Public Data would not comply with the CFPB's improperly issued CID.
On March 6, 2017, the CFPB filed the instant Petition to enforce the CID against Public Data.
Dkt. No. 15 at 7-8.
Public Data asserts that the Bureau
improperly issued an unwarranted and extremely invasive Civil Investigative Demand ("CID") to Respondent, The Source for Public Data, L.P. ("Respondent" or "Public Data"), seeking information on all of Public Data's employees, contractors, clients, databases, confidential and proprietary technologies, policies, procedures, products, and services, as well as its parent and related companies and subsidiaries.
However, to date, the CFPB has provided no reason or justification for issuing the sweepingly overbroad and thus burdensome CID. Public Data has requested that the CFPB provide any legal or factual basis for imposing such an enormous burden on Public Data's business, but the CFPB has refused to do so. The CFPB has not informed Public Data of any complaints filed against it (which the CFPB would generally disclose), and Public Data is not aware of any complaints or other grounds that would support the instant investigation, let alone the involvement of the CFPB which does not even have jurisdiction over Public Data. See, e.g., U.S. v. Morton Salt Co., 338 U.S. 632, 652 (1950) (CIDs should not be enforced if they demand information that is (a) not "within the authority of the agency," (b) "too indefinite," or (c) not "reasonably relevant to the inquiry.").
The only explanation provided to date is the vague and incomplete Notice of Purpose included by the CFPB in its CID stating that the investigation relates to the CFPB's jurisdiction under the Fair Credit Reporting Act ("FCRA") or "any other federal consumer financial law." The CFPB, however, fails to recognize Public Data is not subject to the FCRA, and therefore the CFPB does not have jurisdiction over Public Data. Indeed, the U.S. District Court for the Southern District of Texas has already ruled that Public Data is not a consumer reporting agency ("CRA") and therefore Public Data is not subject to the FCRA. Wilson v. The Source for Public Data, L.P., 4:12-cv-00185 (S.D. TX. 2013), Memorandum and Order (Dkt. No. 36). Specifically, the District Court in Wilson granted Public Data's Motion for Summary Judgment, after substantial discovery had been conducted in the case, finding that Public Data simply generates search results and does not have or prepare any consumer "files" subject to the FCRA. Id. at p. 8. Indeed, Public Data does not create, use, or maintain consumer reports or files, nor does it provide or participate in the provision of any financial product or service. Instead, Public Data is essentially a "Google-like" search engine for public records, no different from the access that courts provide to records through Pacer and the like. If Public Data is governed by the FCRA, then so too is Pacer and any other web-based access point offered by government agencies — a result clearly not intended by Congress. As such, there is no basis on which the CFPB may exercise jurisdiction over Public Data under either the FCRA or any other "federal consumer financial law."
Public Data has repeatedly advised the CFPB of these facts and of the U.S. District Court precedent. The CFPB still maintains, without any legal authority or further explanation, that it may nevertheless exercise unlimited jurisdiction over Public Data. The CFPB has completely failed to address this threshold issue in its Petition, and has not presented any evidence, argument, or other authority as to why the CFPB can ignore the Wilson court's holding that Public Data is not subject to the FCRA. Public Data's public records search functions have not materially changed since the court's holding in Wilson, thus the finding still holds true. The CFPB's Petition should be denied for this reason alone.
Notwithstanding the above jurisdictional defects, even if the CFPB could somehow exercise jurisdiction, the CID is fundamentally defective. The CID fails to adequately state the nature of the conduct underlying the investigation into Public Data as required by statute and is therefore too indefinite. Morton Salt, supra, 338 U.S. at 652 (CIDs should be quashed if "too indefinite.") The CID's requests are also grossly overbroad and demonstrate a misunderstanding of the nature of Public Data's business. Because Public Data is not a CRA, the requests which assume Public Data is a CRA are fundamentally flawed and are not reasonably relevant to any authorized inquiry.
Ultimately, this is an action involving the clear over-stepping of a federal agency outside the boundaries of its established authority. The CFPB's Petition and supporting memorandum concede this fact as not a single sentence therein substantively addresses the above-referenced issues, all of which were raised in the parties' prior meet and confer conference as well as in Public Data's prior Petition to Set Aside or Modify the CID. Instead, the CFPB's petition is comprised of only boilerplate and conclusory contentions that insist, without any legal or factual support or analysis, that Public Data must simply defer to the CFPB's authority and comply with the CID. This is not the law, especially in light of the U.S. District Court's holding in Wilson that Public Data is not subject to the FCRA. Wilson, supra, 4:12-cv-00185 (S.D. TX. 2013). For these reasons, the CID was improperly issued and the Petition to enforce the CID must be denied.
Id. at 1-3 (emphasis removed).
The Bureau replies that
[t]he question before the Court is whether to enforce the Bureau's civil investigative demand (CID). Respondent argues that the CID is unenforceable, primarily by raising premature substantive defenses about the Bureau's authority to enforce consumer protection laws against it — an issue that is irrelevant to the Court's inquiry. The Bureau may issue a CID to any person to gather facts to inform itself about whether unlawful conduct has occurred and whether the Bureau should take action to address it. Because the CID meets the applicable standard, and the Bureau's jurisdiction is not "plainly lacking," the Court should enforce the CID.
Dkt. No. 16 at 1.
In a notice of supplemental authority, Public Data submitted a copy of a decision of the United States Court of Appeals for the District of Columbia in Consumer Financial Protection Bureau v. Accrediting Council for Independent Colleges and Schools (ACICS), 854 F.3d 683 (D.C. Cir. 2017), and argued that, where "the Court of Appeals affirmed the District Court's denial of the CFPB's Petition to enforce a civil investigative demand (`CID') issued against ACICS" and "noted that the CID's `Notification of Purpose' did not comply with the governing statute, 12 U.S.C. § 5562(c)(2), and that it `fail[ed] to state adequately the unlawful conduct under investigation or the applicable law,'" and where "[t]he CFPB's defective Notification of Purpose in the ACICS CID is essentially identical to its Notification of Purpose in the CID in this action directed to Public Data," "the D.C. Circuit Court of Appeals' Opinion in the ACICS case supports its Opposition to the CFPB's Petition to enforce the CID in this action, and the CFPB's Petition should be denied in its entirety." Dkt. No. 17 at 1-2.
Legal Standards
The United States Court of Appeals for the D.C. Circuit very recently summarized the statutory background of a petition by the Bureau to enforce a civil investigative demand:
Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank Act") in the wake of the financial crisis of 2008 and 2009. State Nat'l Bank of Big Spring v. Lew, 795 F.3d 48, 51 (D.C. Cir. 2015) (citing Pub. L. No. 111-203, 124 Stat. 1376 (2010)). Title X of the Dodd-Frank Act—the Consumer Financial Protection Act ("CFPA") — established the Consumer Financial Protection Bureau to "regulate the offering and provision of consumer financial products or services under the Federal consumer financial laws," 12 U.S.C. § 5491(a), and "to implement and . . . enforce Federal consumer financial law," id. § 5511(a); see also id. §§ 5492(a), 5511(b)-(c). The "Federal consumer financial law" that the CFPB enforces includes the CFPA and eighteen pre-existing consumer protection statutes. Id. § 5481(12), (14); Morgan Drexen, Inc. v. CFPB, 785 F.3d 684, 686-87 (D.C. Cir. 2015). Relevant to our analysis, the CFPA prohibits "unfair, deceptive, or abusive act[s] or practice[s] under Federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service." 12 U.S.C. § 5531(a); see also id. § 5536(a)(1)(B). "Consumer financial product[s] or service[s]" include consumer loans and debt collection activities. See id. § 5481(5), (15).
The CFPA vests the Bureau with broad "rulemaking, supervisory, investigatory, adjudicatory, and enforcement authority. . . ." Morgan Drexen, 785 F.3d at 687 (citing 12 U.S.C. §§ 5512(b), 5514-5516, 5562-5564). One of the CFPB's "primary functions" is to "supervis[e] covered persons for compliance with Federal consumer financial law, and tak[e] appropriate enforcement action to address violations of Federal consumer financial law[.]" 12 U.S.C. § 5511(c)(4). Pursuant to its investigative authority, the Bureau may issue CIDs requiring the production of documents and oral testimony from "any person" that it believes may be in possession of "any documentary material or tangible things, or may have any information, relevant to a violation" of the laws that the Bureau enforces. Id. § 5562(c)(1); see also 12 C.F.R. § 1080.6. CIDs allow the Bureau to investigate and collect information "before the institution of any proceedings." 12 U.S.C. § 5562(c)(1). Each CID must "state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation." Id. § 5562(c)(2); see also 12 C.F.R. § 1080.5. Because "CIDs are not self-enforcing," John Doe Co. v. CFPB, 849 F.3d 1129, 1131 (D.C. Cir. 2017), the CFPB must file a petition in federal court to enforce a CID if a recipient refuses to comply, 12 U.S.C. § 5562(e)(1).
Consumer Fin. Prot. Bureau v. Accrediting Council for Indep. Colleges & Sch., 854 F.3d 683, 687-88 (D.C. Cir. 2017) ("ACICS"). More fully, 12 U.S.C. § 5562(c)(1) provides that, "[w]henever the Bureau has reason to believe that any person may be in possession, custody, or control of any documentary material or tangible things, or may have any information, relevant to a violation, the Bureau may, before the institution of any proceedings under the Federal consumer financial law, issue in writing, and cause to be served upon such person, a civil investigative demand requiring such person to — (A) produce such documentary material for inspection and copying or reproduction in the form or medium requested by the Bureau; (B) submit such tangible things; (C) file written reports or answers to questions; (D) give oral testimony concerning documentary material, tangible things, or other information; or (E) furnish any combination of such material, answers, or testimony." The courts — and the parties here — "have treated CIDs as a form of administrative subpoena." ACICS, 854 F.3d at 688.
"Under the `reasonable relevance' standard, courts will enforce an administrative subpoena issued in aid of an investigation if: `(1) the subpoena is within the statutory authority of the agency; (2) the information sought is reasonably relevant to the inquiry; and (3) the demand is not unreasonably broad or burdensome.'" United States v. Zadeh, 820 F.3d 746, 755 (5th Cir. 2016) (quoting United States v. Transocean Deepwater Drilling, Inc., 767 F.3d 485, 488 (5th Cir. 2014) (footnote omitted)). In previously affirming a district court's decision to enforce an administrative subpoena, the United States Court of Appeals has "noted that [t]he court's inquiry is limited to two questions: (1) whether the investigation is for a proper purpose and (2) whether the documents the agency seeks are relevant to the investigation, essentially a tracking of the reasonable relevance standard." Id. at 756 (internal quotation marks and footnote omitted).
The Fifth Circuit "has consistently recognized the summary nature of administrative subpoena enforcement proceedings, and has made clear that when reviewing an administrative subpoena, the court plays a strictly limited role. The government need only make a prima facie showing under the reasonable relevance standard, at which point the party opposing enforcement bears the heavy burden of demonstrating that the government has not met this standard." Zadeh, 820 F.3d at 757 (internal quotation marks and footnotes omitted). "The burden on the government . . . can be fulfilled by a simple affidavit of an agent involved in the investigation." Id. at 757-58 (internal quotation marks and footnote omitted). Thus, "`[i]t is settled that the requirements for judicial enforcement of an administrative subpoena are minimal.'" United States v. Chevron U.S.A., Inc., 186 F.3d 644, 647 (5th Cir. 1999) (quoting Burlington Northern Railroad Co. v. Office of Inspector General, Railroad Retirement Board, 983 F.2d 631, 637 (5th Cir. 1993)). "Courts will not enforce an administrative subpoena, however, if the above requirements are not met or if the subpoena was issued for an improper purpose, such as harassment." Burlington Northern, 983 F.2d at 638.
The Fifth Circuit has explained that "an administrative agency's power to issue subpoenas as it performs its investigatory function is a broad-ranging one which courts are reluctant to trammel. The agency `has a power of inquisition, if one chooses to call it that, which is not derived from the judicial function. It is more analogous to the Grand Jury, which does not depend on a case or controversy for power to get evidence but can investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not. When investigative and accusatory duties are delegated by statute to an administrative body, it, too, may inform itself as to whether there is probable violation of the law.'" Sandsend Fin. Consultants, Ltd. v. Fed. Home Loan Bank Bd., 878 F.2d 875, 878 (5th Cir. 1989) (quoting United States v. Morton Salt Co., 338 U.S. 632, 642 (1950)).
Where the party opposing enforcement contends that the agency had no authority to issue the administrative subpoenas because it lacks jurisdiction, the Fifth Circuit has noted that "[a]n administrative agency's authority is necessarily derived from the statute it administers and may not be exercised in a manner that is inconsistent with the administrative structure that Congress has enacted." Transocean, 767 F.3d at 489. But the inquiry focuses on whether the agency has jurisdiction to investigate the subject of the investigation, not the subject of the subpoena. See id. at 489-97; cf. Sandsend, 878 F.2d at 880, 881 ("[12 U.S.C. §] 481 limits only the class of people national bank examiners may examine; it does not, for example, limit the class of people from whom national bank examiners may request documents with a subpoena duces tecum. . . . . The FHLBB's subpoena power extends to the records of persons who, like Sandsend, are not directly associated with the target of the FHLBB's inquiry.").
Analysis
Public Data opposes enforcement of the CID on four grounds. First, Public Data argues that the Bureau exceeded its statutory authority in issuing the CID. Second, Public Data argues that the Bureau lacks jurisdiction to issue the CID and, specifically, that the Bureau does not have jurisdiction under either the Fair Credit Reporting Act ("FCRA") or any other federal consumer financial law. Third, Public Data argues that the CID must be quashed because it fails to identify the nature of the conduct under investigation as required by statute. Fourth, Public Data argues that the CID should be quashed because it is grossly overbroad. At oral argument, the dispute was narrowed to the issue of whether the Bureau has statutory authority to issue the CID.
An administrative agency's authority to issue subpoenas "is created solely by statute." ACICS, 854 F.3d at 690 (quoting Peters v. United States, 853 F.2d 692, 696 (9th Cir. 1988)). "Although the [Bureau] may define the boundary of its investigation `quite generally,' it must comply with the terms of 12 U.S.C. § 5562(c)(2)." Id. (quoting FTC v. Invention Submission Corp., 965 F.2d 1086, 1090 (D.C. Cir. 1992)).
Section 5562(c)(1) authorizes the Bureau to issue CIDs to "any person" who "may be in possession, custody, or control of any documentary material or tangible things, or may have any information, relevant to a violation" of federal consumer financial law. 12 U.S.C. § 5562(c)(1). "Federal consumer financial law" includes the Fair Credit Reporting Act. See 12 U.S.C. §§ 5481(12), (14).
Section 5562(c)(2) mandates that each CID "state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation." 12 U.S.C. § 5562(c)(2); see also 12 C.F.R. 1080.5. "Section 5562(c)(2) ensures that the recipient of a CID is provided with fair notice as to the nature of the Bureau's investigation. Because the validity of a CID is measured by the purposes stated in the notification of purpose, the adequacy of the notification of purpose is an important statutory requirement." ACICS, 854 F.3d at 690 (citation omitted).
The Bureau contends that Public Data waived its lack-of-specificity and notice arguments by not raising them during the mandatory meet and confer process or in its petition to set aside or modify the CID. As a general matter, courts have held that "[a] party waives arguments that are not raised during the administrative process." N. Plains Res. Council, Inc. v. Surface Transp. Bd., 668 F.3d 1067, 1081 (9th Cir. 2013); see also 12 C.F.R. § 1080.6(c)(3) (when reviewing petitions to set aside or modify a CID, the Bureau "will consider only issues raised during the meet and confer process."). While the parties disagree on what issues Public Data raised during the meet and confer process, Public Data challenged the specificity of the Notification of Purpose in the CID in its motion to set aside or modify, and the Bureau addressed that issue in its decision denying the order. See Dkt. No. 2-2 at 2. Public Data sufficiently alerted the Bureau to its position and contentions, and the specificity and lack-of-notice arguments were not waived.
Public Data relies heavily on the D.C. Circuit's recent ACICS case to support its argument that it is not subject to the FCRA. In that case, the Bureau issued a CID that was identical to the one at issue here except that it was directed to "any entity or person . . . engaged . . . or engaging in unlawful acts and practices in connection with accrediting for-profit colleges" in violation of the Consumer Financial Protection Act. ACICS, 854 F.3d at 690. The Court concluded that, "as written, the Notification of Purpose fails to state adequately the unlawful conduct under investigation or the applicable law." Id.
To begin with, the CID describes "the nature of the conduct constituting the alleged violation which is under investigation," 12 U.S.C. § 5562(c)(2), as simply "unlawful acts and practices in connection with accrediting for-profit colleges." Granted a notification of purpose may use broad terms to articulate an investigation's purpose, but § 5562(c)(2) mandates that the Bureau provide the recipient of the CID with sufficient notice as to the nature of the conduct and the alleged violation under investigation. . . . [T]he CID in this case does not inform ACICS of the investigation's purpose. The Notification of Purpose defines the relevant conduct as "unlawful acts and practices in connection with accrediting for-profit colleges." It never explains what the broad and non-specific term "unlawful acts and practices" means in this investigation. Tellingly, in attempting to explain the scope of its investigation, the Bureau merely repeats the broad language used in the Notification of Purpose. As we observed above, our review of the validity of a CID is governed by the Morton Salt analysis. While that review is narrow, it is not without content. As we noted in a subpoena enforcement proceeding involving a different federal agency, "broad language used to describe th[e] purpose makes it impossible to apply the other prongs of the Morton Salt test." . . . We cannot determine, for example, whether the information sought in the CID is reasonably relevant to the [Bureau's] investigation without knowing what "unlawful acts and practices" are under investigation. That is to say, where, as in this case, the Notification of Purpose gives no description whatsoever of the conduct the CFPB is interested in investigating, we need not and probably cannot accurately determine whether the inquiry is within the authority of the agency and whether the information sought is reasonably relevant.
Id. at 690-91 (citations omitted). The ACICS Court also noted the Bureau's recognition that it lacked statutory authority over the accreditation process of for-profit colleges. See id. at 691. The Court of Appeals found the Bureau's interest in a "possible connection" and "intersection" between the lending practices of ACICS-accredited institutions and the accreditation process too tenuous, and the D.C. Circuit held that, even if correct, the interest did not appear on the face of the Notification of Purpose. Id. The Court of Appeals explained that, "[w]hile the Bureau may be correct in noting that it need not speculate as to `the precise character of [the] possible violations' its investigation might uncover, it is required by statute to adequately inform ACICS of the link between the relevant conduct and the alleged violation" and that "the Notification of Purpose `says nothing' about this potential link." Id. (footnote and citation omitted). And, the ACICS Court determined,
[t]he CID's description of "the provision of law applicable to such violation," 12 U.S.C. § 5562(c)(2), is similarly inadequate. The Notification of Purpose identifies 12 U.S.C. §§ 5531 and 5536, as well as "any other Federal consumer financial protection law," as the applicable laws. Sections 5531 and 5536 set forth the CFPA's general prohibition of unfair, deceptive, or abusive acts and practices in connection with transactions involving consumer financial products and services. See id. §§ 5531(a), 5536(a)(1)(B). These provisions "stand[] broadly alone" in the Bureau's Notification of Purpose, especially considering the Bureau's failure to adequately state "the specific conduct under investigation," and thus tell ACICS nothing about the statutory basis for the Bureau's investigation. The CFPA provides detailed definitions of "Federal consumer financial law," 12 U.S.C. § 5481(12), (14), and "[c]onsumer financial product or service," id. § 5481(5), (15), yet the CID contains no mention of these definitions or how they relate to its investigation. The inclusion of the uninformative catch-all phrase "any other Federal consumer financial protection law" does nothing to cure the CID's defects. Congress limited the Bureau's CID authority with § 5562(c)(2)'s notice requirements, and framing the applicable law in such a broad manner does not satisfy Congress's clear directive.
Id. at 691-92 (citation omitted).
The D.C. Circuit concluded that the Notification of Purpose to ACICS did not meet Section 5562's statutory requirements and that, "were we to hold that the unspecific language of this CID is sufficient to comply with the statute, we would effectively write out of the statute all of the notice requirements that Congress put in." Id. at 692.
Public Data asserts that, just as in ACICS, based on the Notification of Purpose in the CID issued here — which Public Data asserts does not give fair notice of what the Bureau is investigating — the Court and Public Data are not in a position to meaningfully analyze and argue the Morton Salt factors.
The Bureau responds that the CID here does not present the same issue as in ACICS, where the Notification of Purpose in the CID to Public Data identifies specific persons and specific conduct under specific statutes and laws. The Bureau argues that the Notification of Purpose in ACICS, in contrast, did not provide notice of the nature of the investigation and conduct at issue.
The CID to Public Data presents a closer case than the one in ACICS. The CID's Notification of Purpose states:
The purpose of this investigation is to determine whether consumer reporting agencies, persons using consumer reports, or other persons have engaged or are engaging in unlawful acts and practices in connection with the provision or use of public records information in violation of the Fair Credit Reporting Act, 15 U.S.C. §§ 1681m et seq., Regulation V, 12 C.F.R. Part 1022, or any other federal consumer financial law. The purpose of this investigation is also to determine whether Bureau action to obtain legal or equitable relief would be in the public interest.
Dkt. No. 2-2 at 2.
Whereas, in ACICS, the D.C. Circuit noted the Bureau's "recognition that it lacks statutory authority over the accreditation process of for-profit colleges," 854 F.3d at 691, here the Bureau has broad statutory authority to investigate consumer reporting agencies, see 12 U.S.C. §§ 5481(12), (14). The FCRA defines a "consumer reporting agency" as
any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.
15 U.S.C. §1681(c)(f). And it defines a "consumer report" as
any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumers eligibility for (A) credit or insurance to be used primarily for personal, family, or household purposes; (B) employment purposes; or (C) any other purpose authorized under section 1681b of this title.
15 U.S.C. § 1681(c)(d)(1). The term "other persons" is not defined. See 15 U.S.C. § 1681(c).
Public Data's counsel may believe that the statutory definition of a "consumer reporting agency" is a mess and a lawyer's dream, but the Bureau's reference to it in context, along with the persons and specific laws at issue and other details identified in the Notification of Purpose, provides fair notice of an investigation with generally defined boundaries and a purpose articulated in broad terms and complies with the requirements that the Bureau adequately inform Public Data of the link between the relevant conduct and the alleged violation. The Notification of Purpose in the CID to Public Data therefore meets Section 5562(c)(2)'s statutory requirements.
Public Data further asserts that it is not subject to the FCRA because it is not a consumer reporting agency. And Public Data has relied heavily on Wilson v. The Source for Public Data, L.P., Civil Action No. H-12-0185, 2013 WL 12106128 (S.D. Tex. April 30, 2013), for support. The plaintiff in that case sued Public Data for a violation of Section 1681e(b) of the FCRA based on a search of her name through Public Data's website that revealed information concerning more than one person with the plaintiff's name. Section 1681e(b) "requires a consumer reporting agency preparing a consumer report to `follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.'" Wilson, 2013 WL 12106128, at *2 (quoting 15 U.S.C. § 1681e(b) (emphasis in original)). The district court in Wilson granted Public Data's motion for summary judgment because Plaintiff failed to present evidence that raised a genuine issue of material fact regarding whether the result of a search of Public Data's website contained "information concerning" Plaintiff, as opposed to other persons with the same name, for the purposes of her FCRA claim. See id. at *4. While instructive, Wilson arises in a different procedural context and is not controlling.
Public Data also asserts that the Bureau lacks authority to issue the CID because Public Data merely operates an internet website that allows users to conduct searches for public records using search criteria selected by the customer and the search results simply contain public record information for all public records that match the customer's search terms. Public Data further asserts that it does not alter, assemble, or merge any records or make any determination as to whether a public record is accurate or relates to a specific person. See Dkt. No. 15-2.
Although couched as a challenge to the Bureau's jurisdiction, this argument invites a fact-intensive inquiry into whether Public Data is a consumer reporting agency. Because Public Data's challenge concerns the "coverage" of the applicable consumer financial statutes and the company's compliance with the law, it cannot raise this issue to prevent enforcement of the Bureau's administrative subpoena. See Consumer Fin. Prot. Bureau v. Future Income Payments, LLC, Case No. SACV 17-00303-JLS (Ssx), 2017 WL 2190069, at *3 (C.D. Cal. May 17, 2017). Public Data is raising a premature defense to an enforcement action, rather than a challenge to the Bureau's investigative authority. See Consumer Fin. Prot. Bureau v. Harbour Portfolio Advisor, LLC, No. 16-14183, 2017 WL 631914, at *3 (S.D. Mich. Feb. 16, 2017). It would be premature for the Court to decide whether Public Data is a consumer reporting agency at this stage. See EEOC v. Karuk Tribe Hous. Auth., 260 F.3d 1071, 1076 (9th Cir. 2001) (stating that the Supreme Court has "consistently reaffirmed" that courts should not refuse to enforce an administrative subpoena when confronted by a fact-based claim regarding coverage or compliance with the law); FTC v. Texaco, 555 F.2d 862, 872 (D.C. Cir. 1977) (stating that courts considering petitions to enforce administrative subpoenas should not consider the ultimate question of whether the subpoenaed entity's activities are in fact covered by the statute); Future Income Payments, 2017 WL 2190069, at *2 ("[A] party cannot avoid complying with an administrative subpoena based on what would normally would be a defense to an action by the agency." (internal quotation and citation omitted)).
Instead, the question when an agency's investigative action is challenged is whether there is "some plausible ground for jurisdiction or, to phrase it another way, [whether] jurisdiction is plainly lacking." Karuk Tribe Hous. Auth., 260 F.3d at 1077 (internal quotation marks and citations omitted); see also EEOC v. Sidley Austin Brown & Wood, 315 F.3d 696, 700 (7th Cir. 2002) ("Only if . . . the information that the subpoenaed firm resists furnishing is not even arguably relevant . . . can the court resolve the issue then and there without insisting on further compliance with the subpoena." (internal citations omitted)); FTC v. Ken Roberts Co., 276 F.3d 583, 587 (D.C. Cir. 2001) ("[E]nforcement of an agency's investigatory subpoena will be denied only when there is a `patent lack of jurisdiction' in an agency to regulate or to investigate.").
Here, the Bureau's jurisdiction for issuing the CID is not plainly lacking because there are plausible grounds to believe that Public Data may have information related to a violation of the FCRA. Public Data may have information that is relevant to a violation of federal consumer financial law, and the Bureau "`can investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not.'" Harbour Portfolio Advisors, 2017 WL 631914, at *3 (quoting Morton Salt Co., 338 U.S. at 642-43).
In light of the foregoing, the Court concludes that the Bureau's authority to issue the CID — as opposed to any authority to undertake an enforcement action against, for example, Public Data, which the Bureau is seeking information to assess and which is not the issue before the Court on this petition — is not "plainly lacking." Karuk Tribe Hous. Auth., 260 F.3d at 1076. Without deciding the question of whether Public DataI is a consumer reporting agency, the Court finds that there are plausible grounds to believe that Public Data may have information related to violations of the FCRA.
Conclusion
For the reasons and to the extent explained above, the Court GRANTS the Bureau's Petition to Enforce Civil Investigative Demand [Dkt. No. 1].
SO ORDERED.