It’s not just hackers that can get your data for scams and other nefarious purposes. The Consumer Financial Protection Bureau is aiming to regulate data brokers that are allowed to sell that personal information.
“Data brokers — the outfits that collect and sell — are making this data available to anyone willing to pay a price,” said Consumer Financial Protection Bureau Director Rohit Chopra in a media call.
The U.S. government agency, which described itself as “dedicated to making sure you are treated fairly by banks, lenders, and other financial institutions,” said this can lead to nefarious acts including scams on the elderly and financially vulnerable, as well as dangerous situations.
“In 2020, a federal judge’s son was murdered by an attacker who purchased their home address from a data broker,” Chopra said.
He also detailed studies examining how information bought from data brokers could be used to surveil military personnel who may be stationed at sensitive sites, such as nuclear waste facilities.
Researchers also “demonstrated how they could purchase location data to track federal law enforcement as they conducted confidential investigations,” Chopra said.
The proposed rule announced Tuesday would limit the sale of personal information, such as Social Security numbers, phone numbers and addresses collected by certain companies.
Data brokers would be treated just like credit bureaus and background check companies, under the Fair Credit Reporting Act passed in 1970.
Companies that sell data about income or financial tier, credit history, credit score or debt payments would be considered consumer reporting agencies required to comply with the Fair Credit Reporting Act, regardless of how the information is used.
“This would make it substantially harder for bad actors to improperly obtain sensitive information like social security numbers and home addresses that could be used for stalking, harassment or foreign surveillance,” Chopra said.
When consumer reporting agencies collect information like names, addresses, or ages for credit reports, any follow-up sale of that information would be covered by the Fair Credit Reporting Act’s protections.
The new rule would also require clear consumer permission for sharing data. Companies getting consumers’ consent to obtain or share a consumer’s credit report would need “separate, explicit authorization to do so, rather than burying permissions in fine print,” according to the agency.
The CFPB will receive public comments on the rule through March 3, 2025.
Get breaking news and daily headlines delivered to your email inbox by signing up here.
© 2024 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.
