The Consumer Financial Protection Bureau (CFPB) has introduced a proposal that could prevent data brokers from selling your personal information without a valid reason. This comes after it was disclosed that a data broker was hacked, compromising the personal information of individuals across the US, UK, and Canada during the summer.
The suggested update aims to restrict the dissemination of sensitive information such as names and social security numbers by holding data brokers accountable to the same regulations that govern credit reporting agencies.
The Fair Credit Reporting Act (FCRA) imposes strict limitations on when credit agencies can share sensitive data. Currently, data brokers—businesses that profit by purchasing and then reselling personal information—are not required to adhere to this law, which is a key focus of the CFPB’s initiative.
The Hill has reported on this significant proposed modification.
During a press conference discussing the proposal, CFPB Director Rohit Chopra stated that the new rule would clarify that many data brokers, similar to credit bureaus and background check companies, would be subject to federal regulations as outlined in the FCRA.
“This implies they can no longer evade their responsibilities and must comply with the same consumer protections as prominent credit bureaus, which include accuracy standards and allowing consumers access to their own data.”
This change would categorize any sensitive personal data sold by a broker as equivalent to selling a consumer credit report, making it subject to the same legal constraints. A key restriction would be that data could only be sold for legitimate reasons, such as verifying credit eligibility.
“This would stipulate that consumer reporting agencies could only distribute such information—what is known as ‘credit header’ data—if the user had an allowable purpose under the FCRA,” the CFPB further clarified, citing examples such as “assessing a consumer’s credit, insurance, or employment eligibility.”
The CFPB asserts that there is considerable backing for this initiative. One major concern is that personal data can be acquired by shell companies linked to criminal activities, which can then exploit this information for identity theft and various scams.
While this new regulation wouldn’t eliminate incidents like the data breach from the summer, it would substantially decrease the sale of personal information, potentially driving some brokers out of the market.
Photo by Hack Capital on Unsplash
FTC: We utilize income-generating auto affiliate links. More.
