CFPB PUSHES FOR TIGHTER REGULATIONS ON DATA BROKERS AMID NATIONAL SECURITY CONCERNS
In a move aimed at increasing responsibility within the realm of prospective consumer data transactions, the U.S. Consumer Financial Protection Bureau (CFPB) is mulling the introduction of new regulations that would make it compulsory for data brokers to adhere to the provisions of the Fair Credit Reporting Act.
Should these changes be made, a pronounced shift in the data broking landscape is expected - a market that, until now, has had fairly light regulations in comparison to other sectors managing sensitive personal data.
Rohit Chopra, director of the CFPB, has revealed the agency's intent to heighten the level of accountability placed on firms that are engaged in buying and selling consumer data, ostensibly to safeguard consumers from inappropriate data use and shield U.S. national security interests.
A proposed approach to reach this goal involves the CFPB defining data brokers that sell certain classifications of data as “consumer reporting agencies.” This designation would then subject these entities to the regulations stipulated by the Fair Credit Reporting Act.
The dark underbelly of such a laxly regulated, yet crucial, sector has come under the CFPB's scrutiny, as it views the trading of consumer data as a salient national security issue. This stems from a series of unsettling incidents that transpired over the last few years, including the 2015 Anthem data leak, the 2017 Equifax security breach, and the 2018 Marriott breach - all of which resulted in personal data of millions of customers being compromised.
Chopra added a layer of gravity to these concerns, drawing attention to the possibility of data brokers selling elaborate personal data to countries or entities which are controlled by foreign governments. This can potentially serve as a conduit for threats to national security.
These concerns are echoed by the U.S. government too, especially in the wake of escalating apprehensions over foreign governments gaining access to American data. To address this, a bill has been proposed in the Senate that intends to ban data brokers from selling personally identifiable information of Americans to any entity under the control of a foreign adversary.
This issue, however, presents a complex challenge, given that U.S. government agencies have been known to tap into these services as well. Recent document disclosures have shown that the Department of Homeland Security used location data sourced from data brokers to track cell phone movements within the U.S.
Implementing new regulations would not only increase transparency and trust in the data broking industry but would also provide heightened security on a national level. The potential challenges ahead are many, and striking a balance between individual privacy, business needs, and national security will require careful consideration.
Continued discussions and forward-thinking regulatory measures are paramount in shaping an industry that respects consumer privacy while also understanding the needs of national security, thus contributing to a safer and more accountable future.