US Agency Proposes New Rules to Curb Sale of Customer’s Personal Data

US watchdog, Consumer Financial Protection Bureau (CFPB) has proposed new rules under the Fair Credit Reporting Act (FCRA). According to TechCrunch, the new rules are intended to bar data brokers from selling financial or personal information belonging to Americans. Under the new US agency rules, this information will include phone numbers and Social Security numbers.

Curbing Legal Evasion

The new rules on US data come just months after President Biden’s executive order, curbing the sale of private data. The US watchdog says the purpose of the new rules is to rein in data brokers who circumvent the FCRA by claiming that they are not subject to it.

The Fair Credit Reporting Act is a federal privacy law that seeks to protect personal data which consumer reporting agencies like tenant screening firms and credit bureaus collect from consumers. Rohit Chopra, CFPB’s Director said the proposed rules seek to curtail widespread evasion of this law.

The new rules will “make it clear that many of these data brokers, like credit bureaus and background check companies, are subject to federal protection under the FCRA,” Chopra said.

The move by the US agency to block data brokers by closing the regulatory gap at the federal level has come at a time when the brokers are under high scrutiny for benefiting from the sale of personal data belonging to Americans. US data brokers have also been criticized for the loss of huge amounts of customer data.

By recognizing widespread evasion of the privacy law, the US data watchdog acknowledges that data brokers have been taking advantage of the legal loophole for a long time. The CFPB warned that data brokers who make personal data accessible to anyone who’s ready to pay the price could cause serious problems.

Blocking the Sale of Sensitive Information

Once new data rules take effect, US data brokers will be subjected to regulatory processes that are similar to what background check firms and credit bureaus go through. Companies that sell data about customer credit scores, incomes, debt payments, and histories go through similar processes and are subject to the FCRA.

The proposed rules limit data brokers from the sale of sensitive data that can be used to identify individuals. Such data includes phone numbers and Social Security Numbers.

“Today’s proposed rule is a major step forward to ensure that companies trafficking in Americans’ most sensitive information face real consequences for violating long standing law and for putting people and our country at risk,” Chopra added.

Congress’ Data Protection Goal

The CFPB made it clear that its proposal for new data rules is in line with Congress’ goal of safeguarding the personal data belonging to Americans. The CFPB says this was the intention of the Congress when it passed the FCRA bill in 1970. Since that time, the US has grown to become the only democracy in the west that has not passed a national data protection law.

In the European Union, the General Data Protection Regulation (GDPR) took effect in May 2018. This law was enacted to curb widespread data breaches that exposed personal data, putting the security and trust of citizens at risk. With non-compliance fines exceeding €20 million, the GDPR is perhaps the most strict data privacy protection law in the world.

The proposed rules have been published on the Federal Register and will remain there until March 2025. It remains unclear whether the incoming Trump administration will sustain the rules considering that it has said it will undertake widespread deregulation across government.

The CFPB said it was proposing the new rule to “further Congress’ goal” of protecting Americans’ personal data, as intended when it voted to pass the FCRA in 1970. Since then, the United States has become the only Western democracy to not have passed nationwide data protections into law. The proposed rule will remain public in the Federal Register until early March 2025.