Senator Doubles Down On Data Privacy, Sends Letter to CFPB

Reporters question Sen. Ron Wyden, D-Ore., chair of the Senate Finance Committee, as he arrives for a vote at the Capitol in Washington, Wednesday, Nov. 3, 2021.

Reporters question Sen. Ron Wyden, D-Ore., chair of the Senate Finance Committee, as he arrives for a vote at the Capitol in Washington, Wednesday, Nov. 3, 2021. (AP Photo/J. Scott Applewhite)

Sen. Ron Wyden asked the Consumer Financial Protection Bureau to tighten its rules regarding data broker sales.

Fresh off of a Senate committee hearing on data broker restrictions, Sen. Ron Wyden, D-Ore., published an open letter to the Consumer Financial Protection Bureau requesting the agency stop credit agencies from selling the personal data of American citizens. 

In a letter addressed to CFPB Director Rohit Chopra, Wyden refers to data brokers as “shady middlemen” who sell personal and sensitive information of American citizens to various entities. He specifically denounces the federally-recognized credit unions Equifax, Experian and Transunion as examples of credit reporting agencies that sell personal information of clients who request financial data to data brokers.

He notes that federal law protects the privacy of Americans’ financial information, such as credit scores and credit lines, but data like home addresses, Social Security numbers and dates of birth are commonly harvested and sold to external data brokers, who can then sell it to other parties. 

“The data broker industry is out of control, in part because of vague and undefined regulations,” Wyden wrote. 

His request references Equifax’s sale of personal data of over 170 million people in a deal with the National Consumer Telecom and Utilities Exchange, an energy and telecommunications co-op. In the letter, Wyden notes company leaders on the NCTUE board and the utilities customers within NCTUE were not reasonably aware of the data purchase.

Wyden argues that updated legislation needs to rein in the sale of American data, building on the 1999 Gramm-Leach-Bliley Act, which requires companies handling personal financial information to be transparent about their data collection and safeguarding processes. 

He specifically notes that CFPB needs to issue stricter protocols surrounding customer data held by financial institutions and credit bureaus.

“To date, CFPB has issued no public guidance on this portion of the regulations … nor conducted any public investigations into the widespread sale of consumers’ personal credit-header data,” Wyden wrote, referring to the portion of a credit report that includes a person’s name, address and other personal information. 

This request follows Wyden’s remarks at a Senate Finance Committee hearing on Tuesday on both tech behemoth Amazon’s market monopoly and the data broker industry. Joined by Sens. Elizabeth Warren, D-Mass., and Bill Cassidy, R-La., the tone of the hearing broadly supported tighter data privacy protections regarding the sale of data and among enterprise technologies like biometrics and artificial intelligence. 

Regarding the CFPB’s business practices, he recommended the agency update and potentially tighten Regulation P, the rule that governs financial institutions privacy disclosures to consumers and limits the sale of customer data to external parties. 

“We want our businesses to do well, of course, we want them to be profitable, but they can also be accountable on key American values, like protecting people's privacy,” Wyden said at the hearing. “There's going to be accountability in this field.”