CFPB Director Announces Possible Rule Changes at White House Roundtable

White House holds roundtable session on “Protecting Americans from Harmful Data Broker Practices”; CFPB Director Rohit Chopra announces potential rule changes for consumer data reporting 

With the prospect of Federal consumer privacy legislation like the American Data Privacy and Protection Act (ADPPA) increasingly dim in Congress in 2023, the Executive Branch and its agencies have recently suggested more direct measures toward regulating the US data broker marketplace.

During the White House session on August 16, 2023, the Consumer Financial Protection Bureau (CFPB) director announced two specific rule changes under consideration:

• Redefining certain data brokers as “Consumer Reporting Agencies”, which would make them subject to Fair Credit Reporting Act (FCPA) rules restricting data sale only for purposes specified in the act; and 
• Redefining “Credit Header Data” (which are basic descriptive personal identifiable info or PII, typically less-restricted than financial records/credit history themselves) as a “Consumer Report”, reducing the ability of companies to disclose people’s sensitive contact information unless in specific required circumstances.

Calls to regulate credit header data under FCRA have been made for over 20 years by privacy advocates, and recently reiterated by members of congress and consumer rights organizations. 

DeleteMe’s take: The proposed changes to rules would directly impact businesses of the major credit reporting agencies (Experian, Equifax, Transunion), as well as a range of industries who rely on credit header data for direct marketing and identity authentication purposes. 

But it would also cut off a major source of sensitive data used by less-scrupulous, less-regulated parts of the data broker landscape: “People Search”, “Private Investigator” and “Background Check Services” companies. Arguments that the changes would harm the ability of institutions to ‘prevent fraud’ is, in our view, one-sided and incomplete. The unregulated PII marketplace has allowed mass identity-based fraud to explode over the last decade, and forms of identity authentication relying on 3rd party PII verification have been in steady decline for years.

Learn more about DeleteMe and our work for privacy and cybersecurity at joindeleteme.com