The top consumer watchdog in the US wants to fight data brokers
The Consumer Financial Protection Bureau (CFPB) Sensitivities to Predator Practices in the Resilience of the 2017 Equifax Data Breach
The Consumer Financial Protection Bureau wants to limit the sale of Americans’ sensitive personal and financial information by data brokers in the wake of recent hacks.
The regulation is targeting private companies, not government operations. During a Monday press call, a CFPB spokesperson said the agency is requesting comment on how to ensure government agencies continue to have “appropriate access” to this information. The CFPB will be accepting comments on the proposed rule until March 3rd, 2025 — but it’s possible that Trump and his allies, who are reportedly looking at ways to rein in the agency’s powers, will defang the CFPB before then.
Passed in 1970 as the first US privacy law, the FCRA requires “credit reporting agencies” to adhere to certain standards of accuracy and privacy in their dealing with people’s financial information, including credit histories, credit scores, debt payment histories, and other related data. The CFPB’s proposal aims to treat data brokers like credit reporting agencies when they deal in this sensitive data. It would require data brokers to obtain “separate, explicit authorization” before acquiring or sharing people’s credit information, rather than burying these permissions in expansive legal documents that surveys show are often unread or impossible for the average person to parse.
Foreign countries have gone to great lengths to obtain that data, as federal prosecutors alleged that four members of China’s military carried out the 2017 Equifax breach, similar to the Office of Personnel Management breach a few years earlier. The adversaries don’t need to Hack anything to get Americans’ most sensitive data, said the boss on the call. “Data brokers—the outfits that collect and sell detailed information about our personal and financial lives—are making this data available to anyone willing to pay a price,” Chopra said.
During the Monday press call, the director mentioned that the National Public Data breach that leaked more than 200 million Social Security numbers on the dark web, was a recent occurrence. “These aren’t just isolated incidents: they represent a systemic vulnerability in how our personal data is bought and sold,” Chopra said.
The United States government’s leading consumer protection watchdog announced Tuesday the first steps in a plan to crack down on predatory data broker practices that the agency says help fuel scams, violence, and threats to US national security.