New CFPB Leadership Has Opportunity to Address Consumer Privacy and Data Concerns

New CFPB Leadership Has Opportunity to Address Consumer Privacy and Data Concerns

WASHINGTON – The Financial Services Roundtable’s (FSR) Housing Policy Council (HPC), in conjunction with several financial industry trade associations, recently sent a letter to the Consumer Financial Protection Bureau (CFPB) raising concerns over the Bureau’s collection, protection and use of expanded data as it relates to the Home Mortgage Disclosure Act (HMDA). In the letter, FSR and the other associations called for the CFPB to withdraw its Proposed Guidance and instead follow the legally required notice-and-comment rulemaking process.

With the new Acting Director Mick Mulvaney in place, the Bureau could change course, electing to satisfy the statutory obligation to follow a formal rule-making process and also reconsider the CFPB’s position regarding the disclosure of loan-level data.

“Securing sensitive consumer data is a top priority for the financial industry,” said Ed DeMarco, President of FSR’s HPC. “The Bureau’s desire to expand public reporting of sensitive loan-level data raises major security concerns and opens the door for reverse-engineering of data to harm consumer privacy.”

FSR and the other trade associations offered a set of detailed concerns, including:

  • The CFPB has not engaged in the statutorily-required rulemaking process for modification, or “masking,” of sensitive, loan-level data. To rectify this, the CFPB must withdraw this Proposed Guidance and pursue formal rulemaking through the notice-and-comment process.
  • The CFPB’s balancing test fails to consider real threats to consumers, as re-identification under the Proposed Guidance would be a virtual certainty. Research has shown that re-identification only continues to become easier with advances in technology, and an increase in disclosures without sufficient masking exacerbates the problem. To protect consumers from invasions of privacy, identity theft, and fraud, the CFPB should disclose the new data only in aggregate form.
  • Data security is of the utmost importance, and the CFPB should take certain steps to ensure this sensitive data is protected, including providing a comprehensive update of its data security practices and allowing only government agencies and only authorized personnel access to the raw data.
  • The CFPB’s new data submission interface raises concerns about accessibility, functionality, data aggregation and storage, and culpability. The trade associations offered several suggestions for addressing these concerns, including providing the ability to submit data incrementally and permitting the appending of earlier data.
  • Finally, to improve the public understanding of HMDA, so that consumers understand why lenders ask for certain information and why lenders are obligated  to submit that information to CFPB, the trade associations asked  the CFPB to engage in public education initiative.


To read the full letter, click here.