Skip to main content

Director of Consumer Financial Protection Bureau (CFPB) Announces Potential Rule Changes at White House Roundtable

September 13, 2023

White House holds roundtable session on “Protecting Americans from Harmful Data Broker Practices”; CFPB Director Rohit Chopra announces potential rule changes for consumer data reporting 

With the prospect of Federal consumer privacy legislation like the American Data Privacy and Protection Act (ADPPA) increasingly dim in Congress in 2023, the Executive Branch and its agencies have recently suggested more direct measures toward regulating the US data broker marketplace.

During the White House session on August 16, 2023, the Consumer Financial Protection Bureau (CFPB) director announced two specific rule changes under consideration:

  • Redefining certain data brokers as “Consumer Reporting Agencies”, which would make them subject to Fair Credit Reporting Act (FCPA) rules restricting data sale only for purposes specified in the act; and 
  • Redefining “Credit Header Data” (which are basic descriptive personal identifiable info or PII, typically less-restricted than financial records/credit history themselves) as a “Consumer Report”, reducing the ability of companies to disclose people’s sensitive contact information unless in specific required circumstances.

Calls to regulate credit header data under FCRA have been made for over 20 years by privacy advocates, and recently reiterated by members of congress and consumer rights organizations. 

DeleteMe’s take: The proposed changes to rules would directly impact businesses of the major credit reporting agencies (Experian, Equifax, Transunion), as well as a range of industries who rely on credit header data for direct marketing and identity authentication purposes. 

But it would also cut off a major source of sensitive data used by less-scrupulous, less-regulated parts of the data broker landscape: “People Search”, “Private Investigator” and “Background Check Services” companies. Arguments that the changes would harm the ability of institutions to ‘prevent fraud’ is, in our view, one-sided and incomplete. The unregulated PII marketplace has allowed mass identity-based fraud to explode over the last decade, and forms of identity authentication relying on 3rd party PII verification have been in steady decline for years.

Learn more about DeleteMe and our work for privacy and cybersecurity at

DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…

Don’t have the time?

DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

Save 10% on DeleteMe when you use the code BLOG10.

Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records of personal data from the web

Special Offer

Save 10% on any individual and family privacy plan with code: BLOG10

Related Posts

We originally published this post on our Online Privacy Blog, but we’ve updated it here as the s…
You Give Away Tons of Information to Dating AppsPrivacy Comparison: Tinder, Bumble, Hinge, Grind…
Data Brokers Have Your InfoRemove personal information from Google with DeleteMe There is an…