SIFMA Recommends Changes to CFPB Data Rights Proposal

SIFMA recommended changes to the CFPB's proposed rule that would allow consumers to access their financial data and provide such data to others.

In comments on the proposed rulemaking, SIFMA recommended that the CFPB establish clear guidelines, fair liability allocation and extended compliance timelines. SIFMA raised a number of concerns on the proposal including its impact on access caps, the prohibition of fees and the lack of clarity around liability for data breaches.

SIFMA requested that the CFPB address the following:

• Liability for Shared Information: SIFMA urged the CFPB to ensure data providers are not liable for misuse of data after it leaves their control. SIFMA recommended that liability should fall on the party responsible for mishandling the data.
• Definition of Consumer: SIFMA suggested limiting the definition of "consumer" to include only current customers, due to differences in data maintenance between current and former customers.
• Access Caps: SIFMA recommended defining and imposing reasonable access caps to aid in data management and mitigate compliance costs.
• Data Field Scope: SIFMA highlighted the need for clarity on the scope of covered data.
• Recordkeeping and Costs: SIFMA opposed any recordkeeping requirements and argued for the allowance of fees to recover compliance costs.
• Standard-Setting Bodies: SIFMA urged the establishment of recognized standards well before the compliance date and suggested a two-year timeline for compliance after these standards are set.