CFPB Proposes Rule to Crack Down on Data Brokerage | Global News Avenue

Consumer Financial Protection Bureau (CFPB) proposed a rule Tuesday that would limit data brokers’ access to consumers’ financial data.

The CFPB defines data brokers as companies that collect, aggregate, sell or share consumer information such as credit, criminal and rental history. Creditors, insurance companies, employers, and marketers often use information collected by data brokers to make decisions about consumers.

Congress passed FRCA in 1970, one of the world’s first data privacy laws, to protect consumer privacy. The CFPB said there are now more data brokers emerging who circumvent the regulations outlined in the FRCA, often collecting and selling consumer information without their consent.

Consumer information is highly sensitive

Many data brokers can collect sensitive and private consumer information from retailers, websites, financial services providers and technologies such as cookies. The information is often used for targeted marketing campaigns, but can also be used for more nefarious purposes, the CFPB said.

The CFPB said foreign adversaries have the ability to purchase personal information about military members or government employees that could be used for coercion, extortion or espionage.

Scammers can also use data brokerage information to create financial profiles for vulnerable consumers. This can make it easier for fraudsters and identity thieves to target low-income individuals and the elderly.

Current addresses and phone numbers are also available through data brokers. This can provide sensitive contact information to those who may be potential career targets, such as judges, police officers, or government employees. Survivors of domestic violence are also at risk of being stalked or harmed because their abusers purchase their information from data brokers.

Effect of Proposed Rule

National consumer reporting agencies such as Equifax, TransUnion Experian and a number of other data brokers are already protected by the FCRA. However, other data brokers have sidestepped the regulations set by the FRCA and claim that they are not consumer reporting agencies.

The CFPB’s proposed rule would clarify the definition of a consumer report, which includes a collection of personal identifiers such as name, address, date of birth, Social Security number and telephone number. Data brokers that sell consumer reports will be considered CRAs and face regulation under the FCRA.

The proposed rule would also clarify that consumer report information can only be used to prevent identity theft or fraud, or if law enforcement needs to report it for a criminal investigation.

“While this data can be used to detect fraud, it can also be used to commit fraud,” CFPB Director Rohit Chopra said on a conference call with reporters. “Congress enacted the Fair Credit Reporting Act , to ensure law enforcement officials have the data they need to conduct criminal investigations and pursue domestic and international offenders.”

Currently, the FCRA allows the use of consumer reports if the company has a “legitimate business need for the information.” The proposal said marketing would not be considered a legitimate business need.

Data brokers must also provide clear and conspicuous disclosures in order for consumers to consent to the sharing of their information. The FRCA will limit how consumer reports are obtained, used, and retained, and consumers can revoke their consent at any time.