In this special crossover episode with Regulatory Oversight podcast, Ashley Taylor is joined by Kim Phan and Kristen Eastman to discuss the Consumer Financial Protection Bureau’s (CFPB) proposed Rule 1033, also known as the Personal Financial Digital Rights rule. This rule, part of the Dodd-Frank Act, aims to restrict the sale or misuse of consumer data. It focuses on entities subject to the Truth in Lending Act (TILA) and Regulation Z, such as depository institutions, credit card companies, and payment processors. The rule requires these entities to make financial records available both to consumers and their authorized third parties.
The group discusses the rule’s lack of specificity regarding the “qualified industry standard” that companies must meet, and the potential for regulators to apply hindsight bias when judging incidents. They also discuss the potential of state attorneys general and plaintiffs’ lawyers using the rule for enforcement actions and litigation.
The CFPB has not yet issued guidance on the rule’s enforcement, and the group anticipates that the rule could be finalized as early as next year. However, they also note that the rule’s timeline could be affected by litigation surrounding the CFPB’s authority and funding.