Supreme Court of the United States
On Writ of Certiorari To The United States
Court of Appeals for the Ninth Circuit
BRIEF AMICI CURIAE OF THE NATIONAL ASSOCIATION OF CONSUMER ADVOCATES, NATIONAL CONSUMER LAW CENTER, U.S. PUBLIC INTEREST RESEARCH GROUP, PRIVACY RIGHTS CLEARINGHOUSE, AARP AND CONSUMER FEDERATION OF AMERICA
IN SUPPORT OF RESPONDENT
Richard J. Rubin
(Counsel of Record)
Willard P. Ogburn, National Consumer Law Center
Deborah Zuckerman and Stacy J. Canan, AARP Foundation
Michael R. Schuster, AARP
INTEREST OF AMICI CURIAE 
Amici are public interest organizations with long-standing experience with the consumer reporting and privacy issues involved in this case. Amici are submitting this brief to provide the Court with information about the operations of the consumer reporting industry distinct from the arguments contained in the Brief for Respondent.
The National Association of Consumer Advocates (NACA) is a non-profit corporation whose members are private and public sector attorneys, legal services attorneys, law professors, and law students whose primary focus involves the protection and representation of consumers. NACAs mission is to promote justice for all consumers by maintaining a forum for information sharing among consumer advocates across the country and serving as a voice for its members as well as consumers in the ongoing struggle to curb unfair and abusive business practices. Compliance with federal consumer protection laws in general and the Fair Credit Reporting Act (FCRA) in particular has been a continuing concern of NACA since its inception.
The National Consumer Law Center, Inc. (NCLC) is a non-profit Massachusetts corporation, founded in 1969, specializing in consumer law issues, with a historical emphasis on consumer credit. The NCLC regularly provides legal and technical consultation and assistance on consumer law issues, including credit reporting, to legal services, government, and private attorneys representing consumers across the country. The NCLC prepares and publishes the Consumer Credit and Sales Legal Practice Series, consisting of thirteen practice treatises and annual supplements. One volume, Willard P. Ogburn, Fair Credit Reporting Act (4th ed. 1998 & Supp. 2000), is a standard resource on privacy and the FCRA that is cited by Petitioner throughout its Brief. The fairness, accuracy, and confidentiality of individuals credit information were a persistent problem for the NCLCs low income clients even before the passage of the FCRA; these problems unfortunately continue to date.
The U.S. Public Interest Research Group serves as the national lobbying office for state Public Interest Research Groups (PIRGs). PIRGs are non-profit, non-partisan consumer, environmental and government research and advocacy organizations active in 37 states. Since 1991, U.S. PIRG and the state PIRGs have published 7 investigative reports and surveys on credit bureau errors and identity theft problems, including one joint report with the Privacy Rights Clearinghouse. The reports have been used by Congress and state legislatures in the development of legislation, including both the 1996 comprehensive credit reporting amendments and the 1998 identity theft criminalization statute enacted by Congress. California PIRG also has founded and supports the efforts of Victims of Identity Theft, a Los Angeles-based support group for victims.
The Privacy Rights Clearinghouse (PRC) is a non-profit consumer information, research, and advocacy program based in San Diego, California. It was established in 1992 when it launched a hotline to take individuals' complaints and questions on consumer privacy issues. PRC was one of the first consumer organizations to provide assistance to victims of identity theft, which became its number one topic of hotline calls beginning in 1995. PRC's victim assistance guides have helped tens of thousands of identity theft victims regain their financial health. The PRC has participated in numerous public policy proceedings (legislative and regulatory hearings, workshops, conferences) at the state and federal level on identity theft.
AARP is a non-profit organization with 34 million members aged 50 and older. It is the largest membership organization dedicated to addressing the needs and interests of older Americans. AARP participates in proceedings aimed at improving consumer protection laws and assuring adequate redress when older consumers are harmed in the marketplace. AARP supports vigorous enforcement of the Fair Credit Reporting Act. It specifically advocates for stronger laws to protect the confidentiality of Social Security numbers, to protect and provide assistance to victims of identity theft, and to ensure that consumers have avenues for redress when they are harmed by an inappropriate disclosure or use of their personal information.
The Consumer Federation of America (CFA) is a non-profit association organized in 1967 to advance the interests of consumers through advocacy and education. CFA's current membership is comprised of over 280 national, state, and local consumer groups throughout the United States, which in turn represent more than 50 million consumers. CFA supports and promotes consumer credit protections to prevent fraud and provide redress to consumers.
SUMMARY OF ARGUMENT
Congresss findings and statement of purpose when it enacted the Fair Credit Reporting Act demonstrate the significance that it rightly placed on the integrity and confidentiality of the nations consumer reporting system. Unfortunately, the three major national consumer reporting agencies have shown an inadequate commitment over the last thirty years to conducting their business in a manner commensurate with the grave responsibilities entrusted to them.
As these consumer reporting agencies have struggled with their obligations to compile and report personal financial data completely and accurately, a relatively recent assault on the integrity of the consumer reporting system has emerged in the form of theft of identity. This phenomenon is a threat to which literally every American is vulnerable. In this area, the reporting agencies efforts are wholly insufficient. The industry has the capability to curtail these activities, if not to bar virtually all identity thieves from compromising individual consumer reports, the sine qua non of the offense. Instead, the consumer reporting system itself has become the vehicle through which these thieves operate.
Through this case, the industry now seeks an interpretation of the statute of limitations that would seriously undermine the paramount method chosen by Congress to provide the necessary incentive for reporting agencies to meet their obligations to protect the integrity and confidentiality of individual consumer reports - private enforcement by aggrieved consumers. Petitioner wishes to limit the FCRAs statute of limitations in a manner that, if sustained, would create a nearly all-encompassing exception to suits by the individuals who are the victims of the current identity theft epidemic. Petitioners supporting arguments are at odds with the plain language of the FCRA, and the balance which it purports to maintain is illusory.
A. Congress Has Determined That Accuracy and Respect for Privacy in Disseminating Personal Financial Information Are Essential in a Credit Economy
Congress enacted the Fair Credit Reporting Act (FCRA) in 1970 as Title VI of the Consumer Credit Protection Act, 15 U.S.C. §§ 1601-1693r (CCPA), the plenary regulation of the national consumer credit industry. Consumer credit has expanded exponentially in the last fifty years and is now one of the largest sectors of the national economy. Growing from $6 billion at the end of World War II, outstanding consumer credit debt rose to $116 billion in 1970 when Congress enacted the FCRA, reached over $700 billion by 1993 [S. Rep. 103-209, 103d Cong., 1st Sess. 2-3 (1993)], and most recently passed $1.5 trillion. See Federal Reserve Board Statistical Release, G.19, Consumer Credit, March 2001, Release Date: May 7, 2001, available at http://www.federalreserve.gov/Releases/G19/Current.
To support this phenomenal level of activity, only eight years ago the consumer reporting industry maintained 450 million credit files on more than 110 million individuals and processed almost 2 billion pieces of data per month. S. Rep. 103-209, supra, at 3. Now, the data base of just one of the three major consumer reporting agencies contains information on the personal financial habits of 190 million persons, virtually the entire adult population of the country, and that agency alone processes approximately 1.5 billion records per month. Trans Union Corp. v. Federal Trade Commission, 245 F.3d 809, 812 (D.C. Cir. 2001).
Congress adopted the FCRA with the explicit recognition that the health of the consumer banking system is dependent upon fair and accurate credit reporting and that [i]naccurate credit reports directly impair the efficiency of the banking system. 15 U.S.C. § 1681(a)(1); see Bryant v. TRW Inc., 689 F.2d 72, 79 (6th Cir. 1982). With particular relevance to the identity theft crisis which underlies this case, Congress focused on the need to insure that consumer reporting agencies exercise their grave responsibilities with fairness, impartiality, and a respect for the consumers right of privacy and confidentiality. 15 U.S.C. §§ 1681(a)(4) and (b). Accordingly, Congress has mandated that consumer reporting agencies follow procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates. § 1681e(b) (emphasis added).
A recurring theme at the heart of the CCPA is that prudent dissemination of credit information is essential to maintain the vitality of the credit granting system for the benefit of creditors and consumers alike. Just as Congress enacted the FCRA with the express purpose that credit grantors be in the best position to make reliable credit granting decisions, the Truth in Lending Act, 15 U.S.C. §§ 1601-1667e, Title I of the CCPA (TILA), establishes the corresponding principle through its disclosure requirements that consumers are best served through their own informed use of credit. 15 U.S.C. § 1601(a). In addition to the FCRA and TILA, Congress has included a further self-help checking mechanism within the CCPA as Title VII, the Equal Credit Opportunity Act, 15 U.S.C. §§ 1691-1691f (ECOA), providing yet another information-sharing standard through its core requirement that creditors disclose, and consumers receive, the specific reasons for any adverse action, such as credit denial. 15 U.S.C. § 1691d.
This Court succinctly stated the guiding principle of this congressional philosophy nearly thirty years ago in its seminal teaching under the CCPA: [B]lind economic activity is inconsistent with the efficient functioning of a free economic system such as ours. Mourning v. Family Publication Service, Inc., 411 U.S. 356, 364 (1973). The FCRA was adopted with the recognition that credit decisions made in ignorance, whether by credit grantors or consumers, undermine the vitality of the consumer economy.
Unfortunately, despite the intent of Congress in adopting the FCRA, accurate information is not being consistently provided by the consumer reporting system to its credit-granting clientele. In the deliberations that culminated with the 1996 FCRA amendments [Consumer Credit Reporting Reform Act of 1996, Title II, Subtitle D, Ch. 1, of the Omnibus Consolidated Appropriations Act for Fiscal Year 1997 (P.L. 104-208) (Sept. 30, 1996)], Congress was presented with staggering statistics that nearly half of all consumer reports (48%) maintained by the three major consumer reporting agencies contains inaccurate information and nearly one out of five (19%) contains errors that could adversely affect the consumer's eligibility for credit. S. Rep. 103-209, supra, at 3.
The successful operation of the consumer credit system is key to the performance of the national economy and the ability of all citizens to enjoy the fruits of this countrys material prosperity, the envy of the rest of the world. Failure within this system, on the other hand, is expensive as determined by the consequences of consumer default, with their resulting losses and significant personal toll [bankruptcies, marital instability, loss of jobs, and invasions of individual privacy (15 U.S.C. § 1692(a))], which Congress sought to prevent and deter through enactment of the Fair Debt Collection Practices Act, 15 U.S.C. §§ 1692-1692o, Title VIII of the CCPA (FDCPA). Despite the extraordinary economic and personal benefits at stake, the three major reporting agencies conduct their business with far too little regard for the inordinate personal price of their failure or for the mandates imposed by Congress to cure the agencies shortcomings. See Cushman v. Trans Union Corp., 115 F.3d 220, 224-26 (3d Cir. 1997) (criticizing inadequate reinvestigation procedures); Federal Trade Commission v. TRW Inc., 784 F.Supp. 361 (N.D. Tex. 1991) (comprehensive consent order attempting to correct massive FCRA noncompliance).
B. The Three Major Consumer Reporting Agencies Have Failed to Take Available Action to Abate the Current Theft of Identity Crisis
Theft of identity is the intentional and fraudulent practice whereby an impostor poses as someone else and applies for and receives credit on the basis of anothers good credit standing. The impostor then makes purchases, obtains credit cards, and takes out loans using the dishonestly obtained credit approvals and leaves the victim facially responsible for the resulting financial obligations. Worse yet, the scam saddles victims with the arduous process of ascertaining what has happened to them and of obtaining information to prove themselves innocent and to restore their good names.
The ease with which the impostor in this case stole the identity of Respondent Adelaide Andrews is all too common and illustrates the allure of the scam. Here, the impostor fraudulently used only Ms. Andrews Social Security number, while otherwise employing her own similar but different name and completely different remaining identifying information to obtain credit. Impostors use an alternate address (sometimes simply a mail drop) to receive the purchased items, credit cards, and billing statements. The victim therefore receives no notice that a problem exists until denied credit or dunned for payment for the impostors debts many months or even years later.
A savvy impostor will establish an evil profile never touching any of the true accounts of the victim. If the victims own accounts were to be accessed, the victim would find out earlier about the fraud. Often the impostor will obtain several credit lines to make minimum payments to keep the scam going for as long as possible so the victim does not find out there is a problem. Victims discover the identity theft on average after 15 months, and at least 20% learn of the problem only after two years. See Federal Trade Commission, Identity Theft Victim Complaint Data, Figures and Trends November 1999 through March 2001, available at http://www.consumer.gov/idtheft/reports/rep-mar01.pdf and http://www.consumer.gov/idtheft/charts/nov99-mar01.pdf. Even then, the victim still must determine what has transpired, often waiting weeks and months just to receive documents providing information about the accounts. This protracted process further delays taking remedial action and continues the nightmare as the victim deals with disbelieving debt collectors, annoyed creditors, and seemingly unconcerned reporting agencies.
Information received by the national reporting agencies almost always shows early evidence of obvious errors and indicia of fraud. The victims records contain conflicting information, with one set revealing their real accounts, accurate addresses, and continued positive credit usage, and the other showing overused accounts with a lack of payments in a short time span, as well as the ever present anomalous billing addresses. Nevertheless, Amici have seen no evidence that the three major reporting agencies have taken any action to use their comprehensive data bases and state of the art computing power to effectively combat this scourge. The agencies have products available to sell to creditors to detect changes of addresses (neural networks), however they do not make them available to consumers unless the consumer buys several products to monitor all three credit reporting agencies.
Unlike the recurrent errors that for years have afflicted the three major consumer reporting agencies reports, such as merging files of different consumers based on tenuous connections, see, e.g., Philbin v. Trans Union Corp., 101 F.3d 957, 960-67 (3d Cir. 1996), and Thompson v. San Antonio Retail Merchants Association, 682 F.2d 509, 510-13 (5th Cir. 1982) (per curiam), identity theft is purposeful sabotage. Just like those mismerge errors, however, theft of identity is a regular and predictable part of the credit reporting system; and the consumer reporting agencies whose lack of diligence facilitated the theft here are as unprepared and unsuccessful in combating this intentional misconduct as they are in maintaining the completeness and accuracy of their consumer reports. See, e.g., Cushman, 115 F.3d at 224-26.
Significantly, none of the three major reporting agencies discloses to consumers their own file contents based merely on a purported match of a Social Security number without additional indicia of proper identification. See § 1681h(a)(1). One would have expected that these agencies would follow protocols with a similar level of scrutiny to meet their parallel obligation pursuant to § 1681e(a) to provide reports only to users who have a legitimate purpose involving the subject consumer. See § 1681b(a). They do not. This weakest link creditor point of entry into the reporting system is all too well known to identity thieves.
C. Petitioners Claim that the Decision Below Undermines the Balance Established by Congress Is a Canard
Petitioner claims that a rule allowing victimized consumers to bring enforcement actions more than two years after the reporting agency reveals personal financial information to a complete stranger would upset the balance struck by Congress within the overall statutory scheme. Brief for Petitioner at 25. Its stated basis for this assertion includes the carefully crafted notice and access provisions in the FCRA [id. at 26] and the purported increase to the cost of doing business.[by] adding to the credit industrys already massive burden of storing information. Id. at 30-31.
To the contrary, it is Petitioners desire for an exclusionary reading of the FCRA, which as a practical matter would immunize consumer reporting agencies from effective private enforcement, that conflicts with Congresss handiwork. Indeed, these factors that Petitioner cites actually support the decision below and undermine its own self-serving view of how the FCRA should function.
It would be an injustice for victims to lose their right to enforce the provisions of the FCRA when in fact they have no idea they have even been harmed. Many victims have good credit and do not apply for a loan or credit card for several years. If the impostor has established several credit lines, is making minimum payments, and has not charged accounts to their limits, the charade can continue without the victims knowledge for years. When consumers finally learn of the fraud, they often experience further victimization from creditors who will not provide billing statements, from credit reporting agencies which delay sending the credit profiles, and from police who will not even take a report. To expect victims also to address the legal issues when they do not yet understand what has happened to them is unreasonable.
1. The Plain Language Chosen by Congress Belies Petitioners Argument
First, the plain language of § 1681p is the most reliable indicator of Congresss intent to reject Petitioners interpretation of this subsection. Petitioners contention is that the statute of limitations commences when it allegedly violates a statutory duty. Brief for Petitioner at 16 (it is at that point that the agency violates the Act). Congress expressly rejected that standard, however, when it adopted § 1681ps calculation of the start of the limitations period as the date on which the liability arises, as discussed in the Brief of Respondent. In doing so, Congress chose language different from the terminology that it employed in each of the five other Titles of the CCPA with private rights of action. The statutes of limitations in each of the other CCPA Titles specifically run from the time of the defendants violation of the law, the same language as in the version of the FCRA that was discarded before final enactment. See § 1640(e) (TILA) (from the occurrence of the violation), § 1679i(1) (Credit Repair Organizations Act) (same), § 1691e(f) (ECOA) (same), § 1693m(g) (Electronic Fund Transfers Act) (same), and § 1692k(d) (FDCPA) (from the date on which the violation occurs).
No federal appeals court which has adopted Petitioners position has considered this deliberate congressional choice of language. Instead, each has reached its conclusion without critical analysis of the CCPAs coordinated statutory scheme. See Houghton v. Insurance Crime Prevention Institute, 795 F.2d 322, 325 (3d Cir. 1986), and its progeny. These courts based their rulings on the erroneous belief that the result is mandated to avoid rendering the final portion of § 1681p superfluous. Id. This primary basis for affirmance of the decision below is the focus of Respondents argument and will not be repeated by Amici. 
2. Petitioner Relies on Notice Provisions Which Do Not Protect Victims of Theft of Identity
Petitioner erroneously contends that the FCRAs notice provisions make it unnecessary and inappropriate to affirm the decision below. The FCRAs notice requirements do not allow victims of identity theft to learn when their identities have been stolen or when a consumer reporting agency unlawfully has disclosed the personal financial information contained in their files. The only provision of the FCRA that could alert typical consumers to potential problems with their files is § 1681m(a), which requires transmittal of adverse action notices that necessarily are sent to the impostor. By the nature of the theft of identity scam, the victimized consumer never will receive such a notice because the single essential component of the successful scam is that the impostor establishes a billing address different from the victims - a discrepancy in itself sufficient to alert a consumer reporting agency to a possible impermissible purpose or theft of identity.
Each of the FCRAs notice provisions naturally presumes that the user and the agency correctly have identified the subject consumer in order to properly deliver notice. Petitioner itself conceded as much in its Petition for a Writ of Certiorari, at 13, when it recognized the limitations of consumer notification under non-fraudulent circumstances:
Because most of the conduct regulated by the Act involves the conduct of credit reporting agencies and their customers independent of consumers, see 15 U.S.C. §§ 1681b-1681f, consumers are not normally immediately aware of violations of the Act.
Through the interaction of the ECOA and the FCRA, in the normal course of consumer credit applications and denials, individuals will be given notice within 30 days of potential problems in their files. See Federal Reserve Board Regulation B to the ECOA, 12 C.F.R. § 202.9(a) (2001). There is no occasion for a proper delivery of notice where, as here, the problem arises from identity theft because the agencies unquestioningly accepted that a consumer suddenly has changed her address or is living in separate areas of the country simultaneously and ignored a radically altered pattern of credit transactions. In these situations, victims typically learn of the scam only when they eventually are dunned for payment or are denied credit based on the impostors activities, just as occurred in this case.
Inherent in Petitioners argument is its recognition that unless adversely affected consumers can readily discover when a reporting agency has violated their rights, then the statute of limitations impermissibly becomes an all-encompassing exception that eliminates the remedy. In the real world of identity theft victims, the inevitable result of Petitioners argument is nearly that. Accordingly, Petitioner is not seeking a reasonable interpretation of § 1681p but effective immunity from the remedies established by Congress for its own misconduct.
3. Consumer Reporting Agencies Convinced Congress to Eliminate the Very Access Provision Which Would Have Supported the Position Now Advanced Before This Court
Contrary to Petitioners current assertions, the FCRA contains no general access provision that would alert consumers to the presence of an identity thief who might be compromising their files. If consumers have reason to believe that they are victims of identity theft, they are entitled to see the contents of their files. § 1681j(c)(3). Otherwise, consumers receive the information only after having been notified of adverse action [§ 1681j(b)] or by paying the reporting agency for the disclosure. § 1681j(a). Therefore, access to the contents of ones report is limited to those who are not victims of identity theft and who properly receive an adverse action notice, to those who already have learned that they have been victimized, and to those who affirmatively request and pay for the report.
In the process leading to its adoption of the 1996 amendments, Congress included a provision that would have permitted all consumers to request and receive disclosure of the contents of their files free once each year. H. Rep. 103-486, 103d Cong., 2d Sess. 13, § 110, H.R. 1015, § 612(c). Petitioner and its industry, however, convinced Congress to delete that provision from the final bill. Had industry joined with consumer groups in urging passage of this general access provision, Petitioners representation to the Court that the FCRA enable[s] consumers to discover violations of the Act in a timely fashion [Brief for Petitioner at 27] would have been meaningfully correct. Instead, industry insisted on treating consumers access to their own personal financial information as a profit center, so that the timely discovery of an unwarranted disclosure at the behest of an impostor still is limited to those consumers for whom there are no violations to discover, those who already have reason to know that they have been victimized, or those who are clairvoyant.
This unwillingness by the three major reporting agencies to communicate with consumers continued long after adoption of the 1996 amendments. Most recently, each of the agencies confessed its noncompliance with § 1681g(c)(1)(B)s requirement to maintain a national toll-free telephone number accessible to consumers during normal business hours and agreed to the entry of remedial consent decrees with substantial civil monetary penalties and injunctive relief. United States v. Experian Information Solutions, Inc., No. 3-00CV0056-L (N.D. Tex. 2000), available at http://www.ftc.gov/os/2000/01/experianconsent.htm; United States v. Equifax Credit Information Services, Inc., No. 1:00-CV-0087 (N.D. Ga. 2000), available at http://www.ftc.gov/os/2000/01/equifaxconsent.htm; and United States v. Trans Union LLC, No. 00C 0235 (N.D. Ill. 2000), available at http://www.ftc.gov/os/2000/01/transunionconsent.htm. Therefore, the notion advanced by Petitioner that the consumer reporting industry is responsive to consumers is disingenuous at best.
4. Petitioners Claimed Record-Keeping Burden Is Unfounded
Petitioner and its industry are subject to no significant record maintenance burden as a result of the FCRAs statute of limitations, and no resolution of this case will have any substantial impact on its current practices in this regard. Mammoth compilation and maintenance of personal data is the business (not the burden) of this industry. If there were no private FCRA remedy at all, this industry would continue to maintain its records in the same manner that it currently does. Industrys record keeping is driven by its business model, not the duration of the limitations period. 
Petitioners records are electronically and digitally stored. The image evoked by Petitioners argument of warehouses of documents or banks of microfilm is from another century. Amici are aware of no practice in this industry of routinely or systematically deleting records after passage of a two year statute of limitations or at any time. Even current technology is capable of maintaining permanent data storage. In any event, memory and capacity are constantly evolving and the cost is decreasing at such rates that Petitioners assertion not only is unsupported but is a chimera.
Petitioner has provided no factual basis for its argument. To the contrary, Amici are informed that evidence in the sealed record in this case actually refutes it. See Declaration of Dr. Douglass Stott Parker, Jr., discussing Petitioners data retention policies. ER6: 287-88.
5. The Only Statutory Balance at Risk Is the Private Enforcement Remedy That Petitioner Now Seeks to Eliminate
It is unfortunately all too evident to Amici that the consumer credit reporting industry has insufficient incentives to effectively combat theft of identity. Its monetary customer base is not the victimized consumers whose lives are so devastatingly disrupted, sometimes for years, by their struggle to reverse the damage done to their finances and credit reputation. Instead, as Petitioner recognizes, its customers are credit grantors, who absorb the losses from theft of identity as a relatively small cost of doing business and who likewise have inadequate incentives to pressure reporting agencies to voluntarily engage in the simple computer-matching vigilance and occasional human file review that are needed to stem identity theft. Only the individual consumer whose financial integrity has been compromised has sufficient incentive to take action.
Congress clearly recognized the crucial role that consumers have in enforcing the CCPA when it adopted six Titles with private attorney general enforcement provisions. No one has a stake in the integrity of a credit report like the consumer to whom it relates. While the FTC deals as best it can with systemic issues [§ 1681s], Congress has not funded the army of regulators that would be necessary to review the nearly 600 million files that the three major reporting agencies maintain. Congress gave that role to each of the individuals whose tranquillity and material well-being are determined by these faceless, computer-generated reports.
Congress and the FTC both have reaffirmed the Commissions own limitations and this critical role played by consumers. During the 1996 amendment process, the FTC acknowledged that the FCRA was designed to be largely self-enforcing and expressed its position directly to Congress that any amendments maintain the capacity of consumers to bring private actions to enforce their rights under the statute. S. Rep. 103-209, supra, at 6. Congresss response was to strengthen private enforcement by encouraging consumer litigation through the adoption of a specific civil prohibition against unlawful access or use of consumer reports [§ 1681b(f)] and minimum statutory damages [§ 1681n(a)(1)] and creating for the first time a private right of action allowing a consumer to sue furnishers of information for failing to meet their duties in the reinvestigation process. § 1681s-2(b); DiMezza v. First USA Bank, Inc., 103 F.Supp. 2d 1296, 1300 (D.N.M. 2000); McMillan v. Experian Information Services, Inc., 119 F.Supp.2d 84, 88 (D.Conn. 2000); Whitesides v. Equifax Credit Information Services, Inc., 125 F.Supp.2d 807, 812-13 (W.D.La. 2000).
It is this statutory balance that is at risk in this case. If Petitioners position is sustained, the consumer reporting industry will be permitted to conduct its business, as it has been, with virtually no concern about possible private enforcement of its statutory duties relating to identity theft, so long as it can keep the victimized consumer in the dark for up to two years.
For the foregoing reasons, the decision of the Ninth Circuit should be affirmed.
Respectfully submitted,Richard J. Rubin
 The parties have consented to the filing of this brief. Counsel for a party did not author this brief in whole or in part. No person or entity, other than Amici Curiae, their members, or their counsel made a monetary contribution to the preparation and submission of this brief.
 The events here arose prior to the effective date of the 1996 amendments, which accordingly are inapplicable. This case therefore does not provide an opportunity for determining whether the date on which liability arises may be different under the current law in view of Congresss addition in § 1681n(a)(1) of statutory minimum damages without regard to actual damages sustained. Amici are not suggesting that a different result is warranted (and do not believe that it is) but wish only to alert the Court to a conceivably material change in the law.
 Further undermining Petitioners argument, the substantive statutory limit for reporting adverse information is seven years [§§ 1681c(a)(2)-(6)], with certain bankruptcy information lasting ten years [§ 1681c(a)(1)] and no limitation on relatively larger but still modest consumer transactions, such as purchasing a home. § 1681c(b).