The opinion of the court was delivered by: Hon. Harry D. Leinenweber
MEMORANDUM OPINION AND ORDER
Pending before the Court are Plaintiff's Motion for Class Certification and his Motion to Compel Discovery Responses from Defendant. For the reasons stated herein, both motions are granted in part and denied in part.
This simplified background is based on the parties' pleadings to date, but does not constitute findings of fact. In early 2008, Plaintiff David Osada ("Osada") applied for, but did not close on, a mortgage loan. However, in October 2008, he discovered that two mortgage loans had been taken out in his name on properties that he knew nothing about. Each loan exceeded $300,000.
Plaintiff contacted Defendant Experian Information Solutions ("Experian"), a credit reporting agency, on October 27, 2008 to discuss his credit report. By then, both mortgages were listed as past due, and the report listed the fraudulent addresses as his. The next day, Plaintiff filed a police report with the Niles Police Department, but did not send it to Experian.
One of the mortgages evidently went into foreclosure in November 2008, and the other in July 2009. The courts in both actions apparently recognized, at some point, that the mortgages were the product of identity theft.
Plaintiff executed a Federal Trade Commission ("FTC") Identity Theft Victims' Complaint and Affidavit in October 2009. He then wrote to Experian in January 2010, requesting that both mortgages be blocked -- that is, removed from his credit report. He attached his FTC affidavit, the Niles police report, and proof of his residence. Experian wrote back on January 26, 2010, telling Plaintiff that his submissions were insufficient. (Experian has since admitted that the materials were not insufficient under its policies.) Experian's letter (the "Does Not Meet Guidelines Letter") states, in part:
We are responding to your request that information in your personal credit report be blocked due to alleged fraud.
The identity theft report that you sent us does not meet the guidelines established by the federal Fair Credit Reporting Act; therefore, we are unable to honor your request to block information. However, if you provided specific information, we are investigating the information you questioned with the sources. If you still wish to have this information blocked, please send us a valid identity theft report.
The letter goes on to list what Experian looks for in such a report, but does not specify what was missing from the materials submitted. Experian claims that its policy of not specifying what information is missing strikes an important balance; it does not provide a roadmap for fraudsters or credit repair organizations, but does enough to ensure that identity theft victims can discover what they need to do to successfully block any improper credit information.
Plaintiff alleges that Experian merely "verified" the disputed accounts with the lenders, who maintained that the accounts were valid. On February 17, 2010, Experian sent Plaintiff another letter and an updated credit report, showing the "verified" accounts. Plaintiff claims that as of January 24, 2011, both mortgages remained on his Experian credit report.
In 2011, Plaintiff resubmitted his materials to Experian. Plaintiff filed this suit on April 28, 2011. Experian responded to his letter on May 5, 2011, writing: "We are unable to honor your request. Our records indicate that the police report we have on file is more than a year old. Due to your ongoing fraud situation, you will need to submit a new/amended police report, obtained within the past year." The letter (the "One Year Letter") goes on to list Experian's requirements for such a police report. Experian claims that, in its experience, many block requests submitted with a police report older than one year are fraudulent, but that individuals with genuine claims will obtain a new police report when asked.
There is no dispute that Experian sent the January 2010 and May 2011 letters. There is extensive dispute over whether Plaintiff received and/or read them. At deposition, Plaintiff reviewed the letters, and reported no specific recollection of when and if he received them, as he had received a large volume of correspondence during that time. He had, however, reviewed them with his counsel.
Plaintiff brings a claim on behalf of two putative classes, as well as two individual claims. In the class claim, Plaintiff alleges that Experian willfully failed to block information that class members identified as identity theft-related, instead treating such requests as ordinary credit disputes. The proposed "One Year" class consists of:
All persons from whom (1) Experian received an identity theft report and written request to block information in that person's consumer report alleged to result from identity theft; and (2) in response to which Experian, between April 28, 2009 and May 18, 2011, sent a letter [containing the language from the One Year Letter set out above].
The proposed "Does Not Meet Guidelines" class includes:
All persons from whom (1) Experian received an identity theft report and written request to block information in that person's consumer report alleged to result from the identity theft; (2) in response to which Experian sent a letter between April 28, 2009 and May 18, 2011 stating at least in part [the language from the Does Not Meet Guidelines Letter quoted above]; and (3) to which Experian responded further by sending that person his or her consumer report to the same address identified in the written request.
Plaintiff seeks statutory and punitive damages, as well as fees and costs, on the behalf of both classes. In his individual claims, he also seeks compensatory damages.
To certify a class under FED. R. CIV. P. 23 ("Rule 23"), a court must find: (a) that the class is definite enough that its members are identifiable, and (b) that it satisfies not only the requirements of Rule 23(a), but also one of the three subsections of Rule 23(b). Jamie S. v. Milwaukee Pub. Sch., 668 F.3d 481, 493 (7th Cir. 2012). Rule 23(a) requires that class members be so numerous that joining each is impracticable (numerosity); that there be class-wide questions of law or fact (commonality); that the named parties' claims or defenses be typical of the class (typicality); and that the representative be able to protect the class's interests adequately (adequacy). Rule 23(a).
Here, Plaintiff proceeds under Rule 23(b)(3), which provides that certification is only appropriate if the common questions of law or fact "predominate over any questions affecting only individual members, and . . . a class action is superior" to other available adjudication methods. Rule 23(b)(3). The Court must conduct a rigorous analysis to determine whether Plaintiff has shown, by a preponderance of the evidence, that the class meets the Rule 23 criteria. Messner v. Northshore Univ. Health Sys., 669 F.3d 802, 2012 WL 129991, at *4 (7th Cir. 2012). In doing so, the Court must resolve material disputed facts. Id.
In 2003, Congress amended the Fair Credit Reporting Act ("FCRA"), 15 U.S.C. 1681 et seq., to increase protection for victims of identity theft. See Pub. L. 108-159 (December 4, 2003). One new provision generally requires "consumer reporting agencies" ("CRAs") such as Experian to block information in a consumer's credit report that resulted from identity theft within four days of receiving certain documentation of the identity theft. 15 U.S.C. § 1681c-2(a). That documentation includes: proof of the consumer's identity; a copy of "an identity theft report"; identification of what information should be blocked; and the consumer's statement that the disputed information does not relate to any transaction that she made. Id. Once a CRA receives the necessary information and places the block, it must inform the "furnisher" of the blocked information about the block, as well. 15 U.S.C. § 1681c-2(b).
The FCRA defines "identity theft" and "identity theft report" and authorizes the FTC to add to those definitions by regulation. 15 U.S.C. § 1681a(q). Thus, for our purposes, an "identity theft report" is a report that: (1) alleges identity theft with as much specificity as the consumer can offer; (2) is a copy of "an official, valid report" that the consumer filed with a federal, state, or local law enforcement agency, and which subjected the consumer to criminal penalties if the report is false; and (3) "may include additional information or documentation that . . . [a CRA] reasonably requests for the purpose of determining the validity of the alleged identity theft[.]" 16 C.F.R. § 603.3(a).
However, if a CRA requests additional information, it must do so within 15 days of receiving the consumer's block request or identity theft report, and generally must make any additional requests and its final decision on whether to place the block within 15 days after its first request for additional information. Id.
The regulation also provides examples of when it would or would not be reasonable to request additional information or documentation. 16 C.F.R. § 603.3(b,c). One such example provides that, if a CRA receives a police report containing detailed information as well as the signature, badge number, or other identifying information for the officer taking the report, it is not reasonable for the CRA to request additional information without "an identifiable concern," such as an indication that the report was fraudulent. 16 C.F.R. § 603.3(c)(1).
The FCRA gives CRAs some authority to decline or rescind requested blocks. 15 U.S.C. § 1681c-2(c). A CRA may do so if it "reasonably determines that[:]" (a) the block was requested or placed in error; (b) the block or request was based on a material misrepresentation of fact by the consumer; or (c) the consumer received goods, services, or money as a result of the blocked transaction. 15 U.S.C. § 1681c-2(c)(1). If a CRA declines or rescinds a block, it must "promptly" notify the consumer "in the same manner as . . . under Section 1681i(a)(5)(B) of this title." 15 U.S.C. § 1681c-2(c)(2). Section 1681i(a)(5)(B), as applicable here, requires that a CRA notify the consumer in writing (or by other consumer-approved means) within five days. 15 U.S.C. § 1681i(a)(5)(B)(ii). "[A]s part of, or in addition to" that notice, the CRA must tell the consumer what has been ...