The U.S. Senate Committee on Banking, Housing and Urban Affairs considered testimony on the impact of information resellers (i.e., companies that collect and resell individuals' information) on financial data privacy, credit, insurance, employment and housing.

World Privacy Forum Executive Director Pam Dixon urged Congress to regulate consumer scores and predictions that are being created and sold by information resellers without oversight. According to Ms. Dixon, these scores, which often use artificial intelligence ("AI") to make real-time predictions of consumer behavior, can create "risk, havoc, or diminished opportunities in a person's life."

Ms. Dixon stated that information resellers have avoided regulation due to a loophole in the Fair Credit Reporting Act ("FCRA") that applies only to individuals, not to households. She stated that these unregulated scores, which are supposed to be used only for marketing purposes, contain critical consumer information. For example, she said, credit scores like the Aggregate FICO include numerous detailed financial metrics, such as consumers' "neighborhood risk score." Ms. Dixon was critical of the so-called "adversity score," recently launched by the College Board, that uses a student's home, neighborhood and school background to score the problems a student may face gaining access to a good education. Ms. Dixon advised committee members to address these concerns by (i) expanding the FCRA to close the loophole on unregulated financial scores and (ii) introducing a standards law to ensure due process and fair standards setting regarding consumer data privacy.

GAO Financial Markets and Community Investment Director Alicia Puente Cackley highlighted existing deficiencies in the federal framework protecting consumer information privacy. Ms. Cackley based her testimony primarily on the GAO's recommendations to Congress following its 2013 report on privacy issues. Pursuant to the 2013 report, the GAO advised Congress to (i) strengthen the federal regulatory framework and (ii) address cybersecurity. According to Ms. Cackley, the current consumer privacy framework does not adequately address:

  • individuals' ability to review, control and correct their personal data;

  • the methods, sources and types from which resellers collect and aggregate personal information;

  • new technologies, such as facial recognition, and FinTech firm activities;

  • internet privacy issues, such as practices that track or collect consumers' activity on the internet or mobile applications; and

  • regulatory authorities' limited enforcement and regulation of related information reseller activity.

Commentary / Steven Lofchie

Ms. Dixon's statement is worth reading and offers a deep and, in many ways, nuanced understanding of the privacy issues and consequences of the selling of data driven products to the financial industry. She acknowledges that problems with the accuracy of the data may result in "diminished opportunities," even as there are good vendors using good data and, in fact, using it in a rational manner.

On one hand, Congress is well on its way to limiting consumer data usage (with good reason). On the other hand, Congress is well on its way to substantially increasing the amount of data collected so that it can be used to combat potential crimes (also with good reason). See, e.g., Senators Propose Requiring Reporting of Beneficial Ownership Information. Congress needs to strike a good balance between these objectives.

In contrast to Ms. Dixon's nuanced view and related prescriptions, Senator Brown opens the conference with a wholesale criticism of all (4,000) data vendors as "cowards" for declining to appear before the Committee. Those who decline to appear before the Committee may choose not to do so because they recognize the exercise as less a quest for information than of political theater.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.