On October 18, the Consumer Financial Protection Bureau (the CFPB) released the Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation (the Principles).
The Principles represent a cautious step forward by the CFPB in providing guidance on how institutions holding customer accounts (such as banks) should share information with service providers, including “fintech” companies that obtain customer authorization to access their account information in order to provide services to such customers. Such data aggregation-based service providers can provide useful products and services to consumers, such as fraud screening, identity verification, personal financial management and bill payment, and promote competition in the financial services market.
With respect to fraud screening and identity verification services in particular, in the aftermath of the recent Equifax breach, the appeal of such services is obvious. However, with additional sharing of data comes additional risks—the increase in data access points, albeit consumer-authorized, presents new challenges from a cybersecurity and privacy perspective, increasing the possibility of consumers inadvertently losing control of their information.
To read the full post, visit the Cleary Cybersecurity and Privacy blog.