Retreating from an aggressive stance on data aggregation implicit in an earlier request for input (RFI), the CFPB has laid out principles that will guide its thinking about the extent to which third-party data aggregators can access personally-identifiable information (PII) housed at banks and other financial institutions. Most importantly for the long run is a principle establishing that consumers own their PII and thus have rights to its use, distribution, storage, and security. The extent to which this principle is established in actual law and rule will determine the degree to which traditional banks “actually own” the customers they acquire or if consumers can dictate that banks share data with aggregators or others the consumers believe provide them with desired products and services.
The full report is available to retainer clients. To find out how you can sign up for the service, click here.