The Consumer Financial Protection Bureau (CFPB) is preparing to introduce a proposed rule regarding data brokers’ compliance with the Fair Credit Reporting Act (FCRA). Recent remarks by CFPB Director Rohit Chopra have shed light on the bureau’s intentions, emphasizing the heightened attention on how data brokers handle Americans’ personal information.
Background on the Upcoming Rulemaking
Director Chopra’s comments follow President Biden’s executive order aimed at preventing unauthorized access to Americans’ personal data. The CFPB’s focus on data brokers began with an inquiry launched in June last year, seeking public and market input on data brokers’ activities. The bureau’s goal was to gather insights into emerging business models that sell consumer data and determine whether these models fall within the FCRA’s definitions of “consumer report” and “consumer reporting agency.”
Chopra has confirmed that a proposed rule will be released soon. This proposed rule aims to address how data brokers operate, especially regarding their compliance with the FCRA’s privacy protections and the broader implications for consumers’ rights.
The Issue of Data Brokers and Credit Header Data
The bureau’s attention to data brokers has also highlighted the issue of credit header data, which includes key identifying details such as a consumer’s name and Social Security number. While the bureau’s proposed rule amending Regulation V of the FCRA addressed medical debt information, it did not fully tackle the regulation of data brokers and credit header data. This indicates that a more comprehensive FCRA rule is on the horizon.
Currently, the CFPB is reviewing over 1,000 public comments on its Regulation V proposal, which will guide the next steps in the rulemaking process.
National Security and the Risks of Data Brokers
During his public remarks, Chopra emphasized the potential national security risks posed by data brokers. He highlighted that data on Americans is frequently bought and sold, often involving third-party data brokers, and expressed concerns about foreign actors acquiring highly sensitive information.
Chopra pointed out that data breaches orchestrated by state and non-state actors overseas are not uncommon. For example, the Justice Department charged members of the Chinese People’s Liberation Army with orchestrating the 2017 Equifax data breach, which exposed personal data on nearly 150 million Americans. This incident demonstrated the potential dangers posed by foreign entities accessing Americans’ sensitive data.
Chopra stressed that non-compliance by data brokers with existing laws could put national security at risk. He emphasized how the availability of detailed personal data could be exploited by malicious actors to blackmail, dox, or otherwise threaten individuals who might hold strategic positions, particularly within the military or government sectors.
The Role of AI and the Growing Surveillance Industry
Chopra also warned about how artificial intelligence (AI) and predictive decision-making tools have increased the risks posed by data brokers. The surveillance industry has expanded, fueled by vast datasets compiled by these brokers. As AI becomes more embedded in the surveillance of Americans, the potential for misuse of personal data grows, making it more urgent to implement protective measures.
What the Proposed Rule Will Address
The upcoming proposed rule aims to provide consumers with more control over their sensitive data. Chopra indicated that the rule will ensure the FCRA’s privacy protections are applied to data brokers, limiting the unrestricted flow of sensitive data that could otherwise be exploited.
By addressing these concerns, the CFPB’s proposed rule aims to combat financial scams, identity theft, harassment, doxing, and the risks posed to servicemembers and national security.
Conclusion
Director Chopra’s recent remarks underscore the importance of regulating data brokers to protect consumers’ personal data and national security interests. The forthcoming CFPB rule will be a crucial step toward ensuring that data brokers operate within the bounds of existing laws and respect consumers’ rights. As the bureau prepares to release this proposed rule, the implications for data privacy and security remain a top priority for regulators and consumers alike.
Author: Jennifer Evancic
Jennifer.Evancic@ResourceManagement.com
Jennifer Evancic is a third-party auditor valued by creditors and large organizations for her knowledge in call monitoring within the collections industry. With meticulous attention to detail and a firm grasp of regulatory requirements, she ensures compliance with clients’ criteria and state and federal regulations.
Jennifer audits collections calls, ensuring they meet client-specific criteria and comply with regulations, providing valuable insights and maintaining industry standards.
Beyond her auditing responsibilities, Jennifer takes the lead in organizing and facilitating monthly call calibrations. These sessions serve as a collaborative forum where clients and their vendors come together to discuss call monitoring results and address any findings or areas for improvement. Jennifer’s guidance fosters open communication and ensures alignment between clients and vendors, driving continuous improvement in collections practices.
Jennifer stays up-to-date with compliance and industry best practices by participating regularly in peer meetings, regulatory updates and industry webinars. This keeps her informed about emerging issues and ensures she remains a knowledgeable leader in collections compliance.
Sign Up for the Twice Monthly Newsletter
Just enter your email address at the top orange bar at:
Collection Compliance Experts – “The Power of Expertise: Oversight Perfected”
It’s that easy! Twice a month – we provide blog updates and Resources for the Collection and Industry Professional.
Your email is just for this newsletter. We never sell your information. No fee. Opt-out at any time.