/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
CFPB strengthens data privacy and cybersecurity with new rules

CFPB strengthens data privacy and cybersecurity with new rules

The Consumer Financial Protection Bureau (CFPB) has rolled out new regulations on cyber security and data privacy under the Fair Credit Reporting Act.

Companies will have to adjust how they use and share credit reports and background reports under the new regulation. The legislation will curb the exploitation of personal data in background screenings and credit reports.

The Fair Credit Reporting Act dictates how companies make reports on consumers and how they collect data on consumer reports for credit, insurance, housing, and employment. The Act aims to protect the privacy of consumers and ensure that companies make accurate credit reports. Under the new rules, additional layers of security will protect consumers and permit companies to collect data only when essential for their services.

In October 2021, the CFPB ordered big techs including Amazon, Apple, Facebook (Meta), and Google to hand over information on their payment system plans to examine their use of consumer data.

By June 2022, the US House of Representatives had proposed a privacy bill to Congress that would regulate how big tech companies, such as Meta and Google, collect customer data for their services. The bill has passed the vote by the House Energy and Commerce subcommittee, and will progress for another vote.

The CFPB plans to hold companies accountable for illegal debt collection and false identification of consumers in background reports. This is a step towards reining in big tech and safeguarding compliance that has been consistently taken on by Congress.

CFPB director Rohit Chopra commented on the need for the CFPB to defend consumer privacy and reduce criminal misconduct by credit reporting companies: “Americans are now subject to round-the-clock surveillance by large commercial firms seeking to monetize their personal data. While Congress and regulators must do more to protect our privacy, the CFPB will be taking steps to use the Fair Credit Reporting Act to combat misuse and abuse of personal data on background screening and credit reports.”

In April, the CFPB announced it would invoke the Dodd-Frank Act to monitor non-bank fintechs that could pose a threat to Americans.

Comments: (0)