a man in a suit and tie

15 USC 1681b: Understanding Permissible Purpose

a red and white sign with a check mark and arrow

Are you aware of your rights to privacy when it comes to your personal information? In the age of data breaches and identity theft, understanding “permissible purpose” is more critical than ever. From credit reporting to marketing and employment screening, companies must have a legal justification for accessing and using your personal information. In this blog, we’ll explore what permissible purpose is, how it relates to federal regulations, and why it matters for protecting your privacy.

Permissible Purpose: What It Is and Why It Matters

As individuals, we’re often asked to provide personal information for a variety of reasons, from applying for credit to signing up for a new service. However, it’s essential to understand that there are limits to how companies can use that information. That’s where “permissible purpose” comes in. In this blog, we’ll explore what permissible purpose is, how it relates to the Fair Credit Reporting Act (FCRA), and why it’s important to understand in the context of credit reporting, marketing, and employment screening.

What is Permissible Purpose

Under 15 USC 1681 b two, it’s clear that creditors and financial institutions can only pull your credit report for certain permissible purposes. If they’ve pulled your report without your permission or outside of those permissible purposes, you can use a permissible purpose letter to get those inquiries deleted. Permissible Purpose in Credit Reporting.

When it comes to credit reporting, permissible purpose is a critical concept. The FCRA outlines several permissible purposes for accessing credit reports, including obtaining credit or insurance, for employment purposes, or in connection with a business transaction. For example, a lender may access an individual’s credit report to determine whether they are eligible for a loan. Similarly, an employer may access an individual’s credit report as part of a background check for employment purposes.

However, there are limits to how companies can use credit reports. For example, a company can’t access an individual’s credit report without their consent, except in certain circumstances, such as when the company is conducting a background check for employment purposes. Additionally, companies must follow specific procedures when accessing credit reports, such as providing a copy of the report to the individual if adverse action is taken based on the report.

Consequences of Violating Permissible Purpose

Companies that violate permissible purpose can face severe consequences, including fines, legal action, and damage to their reputation. For example, in 2017, credit reporting agency Equifax was fined $700 million for a data breach that exposed the personal information of millions of individuals. The breach occurred because the company failed to implement adequate security measures, but it also violated permissible purpose by accessing credit reports for individuals who had not authorized it.


Other consequences of violating permissible purpose can include lawsuits from individuals whose personal information was accessed without their consent, as well as damage to a company’s reputation. As more individuals become aware of their rights to privacy and the importance of protecting personal information, companies that violate permissible purpose are likely to face greater scrutiny and potential backlash from consumers.

Let’s wrap up

In a world where personal information is increasingly valuable, understanding permissible purpose is essential for protecting our privacy rights. Companies that violate permissible purpose can face significant penalties and damage to their reputation, while individuals may suffer the consequences of data breaches and identity theft. By remaining informed and vigilant about how our personal information is used, we can ensure that companies respect our privacy rights and hold them accountable when they don’t. So the next time you’re asked to provide personal information, remember to ask yourself: does this company have a permissible purpose for accessing it?

So remember, without permissible purpose anything on your consumer report that you did not give written permission to be there must be deleted. For more information contact Consumer Law Expert, Daraine Delevante.

Want a Permissible purpose Letter???


Translate »