The Consumer Financial Protection Bureau today proposed a new rule to expand existing federal protections for consumer data to certain activities by data brokers.
The proposed rule would define data brokers as “consumer reporting agencies” under the Fair Credit Reporting Act when they sell certain sensitive information about consumers, such as Social Security numbers and phone numbers, according to the CFPB. As a result, data brokers would be required to comply with FCRA requirements on ensuring the accuracy of the data they sell, providing consumers access to their information and maintaining safeguards against unauthorized access to the data.
Earlier this year, CFPB Director Rohit Chopra announced his intention to draft the proposed rule after President Biden issued an executive order “encouraging” the CFPB “to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.” The rule will not be finalized before President-elect Trump takes office, and it is unclear whether his administration will prioritize the issue.
In a statement accompanying the proposed rule, the CFPB alleged that countries such as China and Russia currently can purchase detailed information about military service members and government employees “for pennies per person,” and that the data could be used to perpetuate scams or collect detailed information about domestic violence survivors. The proposed rule would ensure that data brokers are treated like credit bureaus and background check companies that already must comply with the FCRA, the agency said.
Comments on the proposed rule must be received by March 3, 2025.
