Consumer Control, Security, and Access: Our Response to the CFPB

Truework was founded to change the way highly sensitive personal information is shared during important high-impact life events like buying a home, leasing an apartment, and getting a new job. Starting with employment and income verification, our goal is to provide consumers with real knowledge and easy-to-use control over how their personal identity information is shared in these kinds of transactions. In a digital-first marketplace where lenders increasingly compete on the basis of consumer experience, we firmly believe our consumer-first approach can directly accrue long-term benefits to not just consumers, but to the lenders, data providers, and other providers that use our services.

Our approach to verification does not exist in a vacuum. The law is increasingly providing consumers greater control over their personal data. The EU’s General Data Protection Regulation (GDPR), passed in 2016, implemented a dramatic raising of the bar of these requirements. In the United States this trend continued with the passage of the California Consumer Privacy Act (CCPA) in 2018, and the California Privacy Rights Act (CPRA) in 2020. Section 1033 of the Dodd-Frank Act predates these (2010), but is no less important. This law provides consumers access to their data maintained by consumer financial service providers. By providing consumers with this direct access, Section 1033 has the potential to create even greater benefits for consumers.

Section 1033 has spawned a tremendous amount of innovation in fintech, with a wide variety of businesses enabling consumers to use these rights to obtain a number of more efficient and interconnected consumer financial services. The Consumer Financial Protection Bureau (CFPB) is now looking to issue regulations that implement Section 1033. In the fall of 2020, the CFPB kicked-off this effort with an invitation to the public (an advance notice of proposed rulemaking) to provide them with information as to how the CFPB might most efficiently and effectively develop these regulations.

Given our consumer-orientated approach and practical experience in providing consumer-directed access to important financial information, we were excited to respond.

Our full letter can be seen here. While our comments are squarely based on what we’ve learned in building consumer-protective products for employment and income verification, we believe they may be useful to products that utilize consumer access to financial records more broadly. Below are the key principles we presented.

Key principles:

  1. Consumers must have meaningful control over their data
  2. Consumer trust is a precondition to consumers wanting to exercise that control

When we refer to “control” and “trust”, here’s what we mean:

Control:

  • Consumers should “own” access to their data at all times (regardless of who owns legal title) and data providers and aggregators should act as custodians, treating that data with the utmost care and acting in the best interest of consumers.
  • What does this mean as a practical matter? Consumers should be able to exercise control over their information via easy-to-use, in-product experiences that provide them with monitoring, contextual knowledge, and the ability to decide how their data is utilized on a real-time and on-going basis.

Trust:

  • Even if provided the opportunity to control and use their own financial data, consumers are unlikely to take advantage of this right without trust that the data will be used properly and secured on a consistent basis.
  • Consumer trust will be sustainable if data users use that data narrowly, with realistic time constraints, have an obligation both to provide accurate data and to correct inaccurate data, employ best-in-class security, and provide data transparency reporting.

We believe incorporating these kinds of principles can help regulators strike the right balance between accessibility, security, and innovation. By setting standards that give consumers meaningful control over their data, clarifying who is responsible for keeping data secure, and providing room for continued technology growth, we believe that regulators can create a system that creates value for business, builds trust, and empowers consumers to get full benefit from their data.

Learn More About Truework

Request a demo to learn more about Truework, the best in class employment and income verification service.