CFPB Rule Would Likely Impact Sale of Business Loan Applicant Data
A proposed rule by the CFPB aims to “Stop Data Brokers from Selling Sensitive Personal Data to Scammers, Stalkers, and Spies” by limiting “the sale of personal identifiers like Social Security Numbers and phone numbers collected by certain companies and make sure that people’s financial data such as income is only shared for legitimate purposes, like facilitating a mortgage approval, and not sold to scammers targeting those in financial distress.” Presented as a consumer-facing protection that would make parties selling data subject to the Fair Credit Reporting Act while prohibiting the sale of such data to third parties for “marketing,” the full 206-page proposal suggests that it would apply equally when individual information is used in the course of applying for business loans.
“The CFPB expects that the proposal may have a limited impact on the cost of credit for small entities. One small entity representative stated during the SBREFA process that the proposed rule may affect the cost and ease of accessing credit for small entities. In particular, the written instructions provision may slow down the application process for small business loans because creditors lending to small businesses check the personal credit of the small business owner and may need to rely on the small business owner’s written authorization to do so. In theory, the proposed rule could increase the cost of credit for small businesses if the compliance costs discussed above are passed on to small businesses in the form of higher on loans from lenders.”
“Data brokers sell lists of financially vulnerable individuals to predatory lenders for targeted marketing campaigns,” the CFPB wrote in a summary of the propsal. “This practice is compounded by the widespread sale of personal identifiers collected by consumer reporting agencies, also known as ‘credit header’ data—including names, addresses, and Social Security numbers—which has created a thriving market for sensitive personal information that puts Americans’ privacy and financial security at risk.”
Anyone can officially comment on this proposal until March 3, 2025.
Last modified: December 3, 2024
