Newsroom
NAFCU provides insights on data broker practices to CFPB
NAFCU Friday sent a letter to the CFPB in response to the bureau’s request for information (RFI) seeking to better understand data broker practices.
The RFI defined data brokers as firms that collect, aggregate, sell, resell, license, or otherwise share consumers’ personal information with other parties, such as those that specialize in preparing employment background screening reports and credit reports. Credit unions rely on data aggregators to help understand members better, alternative data, verifying personal information, and detecting fraud. The industry complies with strong data security standards to ensure our members remain protected.
“Attention to potential supervisory gaps among data aggregators, brokers, and other entities engaged in the collection and sale of consumer financial information is commendable and necessary to ensure a level playing field exists within the financial services industry,” wrote NAFCU Senior Counsel for Research and Policy Andrew Morris in the letter. “However, the CFPB’s application of the Fair Credit Reporting Act (FCRA) to specific types of information collection should neither impair credit unions’ access to data which is necessary to remain competitive, nor increase regulatory burdens for institutions already subject to the Gramm-Leach-Blilely Act (GLBA), the FCRA, and the bureau’s regulations,” added Morris.
In the letter, NAFCU highlighted:
· national data security standards;
· implementation of Section 1033 of the Dodd-Frank Act must account for gaps in data aggregator supervision; and
· the CFPB should not pursue policies that impair financial institution access to data markets or introduce additional regulatory burdens for credit unions.
Last year, NAFCU and other trades raised concerns about data aggregators as they “hold a tremendous amount of consumer financial data” and consumers are likely unaware of how data is collected, stored, or shared. The groups called on the CFPB to subject data aggregators to similar supervision as financial institutions to ensure they are complying with applicable laws.