Is the CFPB Putting More Personal Financial Data at Risk?

by Sarah Grotta 0

In an opinion column in the Washington Examiner, readers are reminded that the CFPB will be issuing new rules for alternative financial services aimed at protecting consumers who use payday lenders and other entities that provide short term loans.  The goal of the new rules, in part, is to ensure that lending decisions are made based on the individuals’ ability to repay the debt and also to help these individuals develop a credit history:

In the coming weeks, the CFPB will issue a series of new rules aimed at curtailing payday, vehicle title, and certain high-cost installment loans that will cut nearly 30 million customers off from critical forms of credit. Even more significant, however, is that it will begin mandating the collection of huge volumes of unnecessary financial information, and in the process expose people who use these products to a potential hack.

Under the new rule, customers applying for a small-dollar loan – the average being a mere $350 – will be required to submit extensive personal financial information in support of their applications. Lenders will determine a customer’s ability to repay the loan, but they will also be required to share this financial information with numerous credit reporting agencies (CRAs) registered with the Bureau. Before the recent Equifax breach, the CFPB boasted that the new rule would prescribe “requirements for furnishing loan information to and obtaining consumer reports from those registered information systems,” as if such reporting benefited consumers.

Setting aside the part of the conversation regarding if all the data is actually needed, is now the time to require more organizations to collect, store and report personal financial data at a time when companies across industries cannot figure out how to secure data?

In this age of hacking, data breaches have become commonplace. Massive cyberattacks on Equifax, Target, and Wells Fargo – as well as smaller breaches at companies like Deloitte – have put many consumers at risk. And a recent cyberattack at the Securities and Exchange Commission demonstrates our government agencies also remain a target. Who doesn’t remember the massive breach at the Office of Personnel Management? The big difference, of course, is that consumers affected by the Equifax breach can take legal recourse against the company – the same cannot be said for consumers should a breach occur against this unaccountable agency.

Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group

Read the full story here