Laws and Notices

Patents

Connect system technology and business processes are unique to the consumer data industry. Due to the proprietary nature of the Connect systems, they are protected by two separate registered US Patents; No. 7,877,322 B2 and No. 7,139,734 B2, as well as numerous US Trademarks and domain names on its systems, processes, products, brands, names, marks and logos.

Laws & Notices

The Fair Credit Reporting Act (“FCRA”) became effective on April 25, 1971. The FCRA is a group of acts contained in the Federal Consumer Credit Protection act, such as the Truth in Lending Act and the Fair Debt Collection Practices Act.

Congress substantively amended the FCRA upon the passage of the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”). The FACT Act created many new responsibilities for consumer reporting agencies and users of consumer reports. It contained many new consumer disclosure requirements as well as provisions to address identity theft. In addition, it provided free annual consumer report rights for consumers and improved access to consumer report information to help increase the accuracy of data in the consumer reporting system.

The identity theft rights summary includes the identity theft rights granted to consumers by FACTA, including the right to place fraud alerts on their credit reports, to block businesses and credit bureaus from reporting information in their credit files that is a result of identity theft, and to obtain from businesses information about accounts or transactions in their name that result from identity theft. The identity theft rights summary will be provided by consumer reporting companies to consumers who contact the agencies because they believe they are victims of fraud or identity theft.

The general consumer rights summary includes, among other things, consumers' right to see their credit files and know when they have been used against them, to correct inaccuracies, and to opt-out of unsolicited offers. The summary also notes that, in addition to identity theft victims, active duty military personnel have additional rights under the FCRA and FACTA. This general summary of rights updates the current summary, which credit reporting companies provide to consumers with their credit reports. The furnisher and user notices explain to businesses their duties under the FCRA.

The FCRA contains significant responsibilities for business entities that are consumer reporting agencies and lesser responsibilities for those that are not. Generally, financial institutions are not consumer reporting agencies.

In addition to the requirements related to financial institutions acting as consumer reporting agencies, FCRA requirements also apply to financial institutions that operate in any of the following capacities:

Procurers and users of information (for example, as credit grantors, purchasers of dealer paper, or when opening deposit accounts).
Furnishers and transmitters of information (by reporting information to consumer reporting agencies, other third parties, or to affiliates).
Marketers of credit or insurance products.
Employers.

Financial institutions are subject to a number of different requirements under the FCRA. The statute contains some of the requirements, while others are in regulations issued jointly by the FFIEC agencies or in regulations issued by the Federal Reserve Board and/or the Federal Trade Commission.

The Dodd-Frank Act granted rulemaking authority under the FCRA (except for §615(e) (identity theft) and §628 (disposal)) to the Consumer Financial Protection Bureau (“CFPB”) and, with respect to entities under its jurisdiction, granted authority to the CFPB to supervise for and enforce compliance with the provisions of the FCRA and the implementing regulations.

The CFPB structured the examination procedures as a series of modules, grouping similar requirements together. The modules contain general information about each of the requirements:

Module 1 Obtaining Consumer Reports.
Module 2 Obtaining Information and Sharing Among Affiliates.
Module 3 Disclosures to Consumers and Miscellaneous Requirements.
Module 4 Financial Institutions as Furnishers of Information.
Module 5 Consumer Alerts and Identity Theft Protections.

Fair Credit Reporting Act
Summaries of Rights and Notices of Duties Under the FCRA and FACT Act: Publication of Final Guidance on Model Disclosures
Consumer Financial Protection Bureau
Consumer Financial Protection Bureau Regulations
Consumer Financial Protection Bureau and the Fair Credit Reporting Act
The Consumer Financial Protection Bureau required that the standard Fair Credit Reporting Act notices that refer to the FTC must be updated by Jan. 1, 2013 to reflect the role of the Consumer Financial Protection Bureau under the Fair Credit Reporting Act. Part 1022 of the Code of Federal Regulations
Appendix I to Part 1022—Summary of Consumer Identity Theft Rights
Appendix I to Part 1022—Summary of Consumer Identity Theft Rights (Spanish)
Summary of Consumer Rights (Spanish)
Appendix K to Part 1022—Summary of Consumer Rights
Gramm-Leach-Bliley Act
Drivers Privacy Protection Act
Americans With Disabilities Act
Equal Credit Opportunity Act
Truth in Lending Act
Credit Reports for Collections Notice
New York City Salary History Inquiry Law
MicroBilt - UDAAP Procedure
New York City Credit Report Restrictions & FADV Sybersecurity Survey
State Laws Limiting Use of Credit Information For Employment

State Data Broker Laws (as of March, 2026)

CALIFORNIA

California Delete Act + Data Broker Registry

Cal. Civ. Code §§ 1798.99.80–1798.99.88

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB362

Summary: Requires annual registration, disclosure, and a centralized deletion mechanism.

VERMONT

Vermont Data Broker Regulation

9 V.S.A. § 2446 et seq.

https://legislature.vermont.gov/statutes/section/09/062/02447

Summary: Requires data brokers to register and maintain security standards.

TEXAS

Texas Data Broker Law

Tex. Bus. & Com. Code § 509.001 et seq.

https://statutes.capitol.texas.gov/Docs/BC/pdf/BC.509.pdf

Summary: Requires registration, security controls, and public notice; applies to companies whose primary revenue comes from selling personal data.

OREGON

Oregon Data Broker Law

ORS § 646A.593

https://olis.oregonlegislature.gov/liz/2023R1/Measures/Overview/HB2052

Summary: Requires registration and ties into broader consumer privacy rights, including disclosure of third-party recipients.

States With Comprehensive Consumer Privacy Laws (as of March, 2026)

CALIFORNIA

California Consumer Privacy Act (“CCPA”), amended by California Privacy Rights Act (“CPRA”)

Cal. Civ. Code §§ 1798.100 et seq.

https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5

VIRGINIA

Virginia Consumer Data Protection Act (“VCDPA”)

Va. Code §§ 59.1-571 et seq.

https://law.lis.virginia.gov/vacode/title59.1/chapter53/

COLORADO

Colorado Privacy Act (“CPA”)

Colo. Rev. Stat. § 6-1-1301 et seq.

https://leg.colorado.gov/sites/default/files/2021a_190_signed.pdf

CONNECTICUT

Connecticut Data Privacy Act (“CTDPA”)

Conn. Pub. Acts No. 22-15

https://www.cga.ct.gov/2022/ACT/PA/PDF/2022PA-00015-R00SB-00006-PA.PDF

UTAH

Utah Consumer Privacy Act (“UCPA”)

Utah Code § 13-61-101 et seq.

https://le.utah.gov/xcode/Title13/Chapter61/13-61.html

IOWA

Iowa Consumer Data Protection Act (“ICDPA”)

Iowa Code Ch. 715D

https://www.legis.iowa.gov/docs/code/715D.pdf

INDIANA

Indiana Consumer Data Protection Act (“INCDPA”)

Ind. Code §§ 24-15-1-1 et seq.

https://iga.in.gov/laws/2024/ic/titles/24#24-15

TENNESSEE

Tennessee Information Protection Act (“TIPA”)

Tenn. Code Ann. Title 47, Chapter 18

https://publications.tnsosfiles.com/acts/113/pub/pc0408.pdf

TEXAS

Texas Data Privacy and Security Act (“TDPSA”)

Tex. Bus. & Com. Code § 541.001 et seq.

https://statutes.capitol.texas.gov/Docs/BC/htm/BC.541.htm

OREGON

Oregon Consumer Privacy Act (“OCPA”)

Or. Senate Bill 619-B

https://olis.oregonlegislature.gov/liz/2023R1/Downloads/MeasureDocument/SB619/Enrolled

DELAWARE

Delaware Personal Data Privacy Act (“DPDPA”)

Del. Code Tit. 6 § 12D-101 et seq.

https://delcode.delaware.gov/title6/c012d/

FLORIDA

Florida Digital Bill of Rights (“FDBR”)

Fla. Senate Bill 262

https://www.flsenate.gov/Session/Bill/2023/262/BillText/er/PDF

NEW HAMPSHIRE

New Hampshire Privacy Act (“NHPA”)

N.H. Senate Bill 255-FN

https://gc.nh.gov/bill_status/legacy/bs2016/billText.aspx?id=865&txtFormat=html&sy=2024

NEW JERSEY

New Jersey Data Privacy Act (“NJDPA”)

NJ Senate Bill 332

https://pub.njleg.state.nj.us/Bills/2022/S0500/332_R6.PDF

KENTUCKY

Kentucky Consumer Data Protection Act (“KCDPA”)

Ky. Rev. Stat. § 367.3611 et seq.

https://apps.legislature.ky.gov/law/statutes/chapter.aspx?id=39092

MARYLAND

Maryland Online Data Privacy Act (“MODPA”)

Md. House Bill 0567

https://mgaleg.maryland.gov/2024rs/chapters_noln/ch_454_hb0567e.pdf

MINNESOTA

Minnesota Consumer Data Privacy Act (“MCDPA”)

Minn. Stat. § 325M.10 et seq.

https://www.revisor.mn.gov/statutes/cite/325M

NEBRASKA

Nebraska Data Privacy Act (“NDPA”)

Neb. Legislative Bill 1074

https://nebraskalegislature.gov/FloorDocs/108/PDF/Slip/LB1074.pdf

MONTANA

Montana Consumer Data Privacy Act (“MCDPA”)

Mont. Code § 30-14-2801 et seq.

https://archive.legmt.gov/bills/mca/title_0300/chapter_0140/part_0280/sections_index.html

RHODE ISLAND

Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”)

R.I. House Bill H 7787 Sub A2

https://webserver.rilegislature.gov/BillText24/HouseText24/H7787A.htm

California Consumer Privacy Act
CCPA - HIPAA Amendment
CCPA - HIPAA Amendment (09-28-20)