Mon, Oct 23, 2017
The CFPB has released a set of consumer protection principles for credit unions and other financial institutions to use with third party data collectors (such as Equifax and other credit bureaus). The Bureau emphasized that these are not regulations, but guidelines the industry should utilize when using and retaining consumer data, and that the principles encourage coordination among financial institutions and credit reporting agencies. According to the CFPB, the principles were generated from comments solicited last year from stakeholders, including credit unions.
The principles relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for authorized access.
Under Dodd-Frank, CFPB does have the ability to regulate financial data access, but the bureau does not appear to be ready to start formal rulemaking. According to the CFPB, the goal of this announcement is to elevate the issue of security of shared data.
The consumer protection principles are available at: http://files.consumerfinance.gov/f/documents/cfpb_consumer-protection-principles_data-aggregation.pdf
A summary of stakeholder insights that informed the principles are available at: http://files.consumerfinance.gov/f/documents/cfpb_consumer-protection-principles_data-aggregation_stakeholder-insights.pdf