Page 26 - GS230201
P. 26

v
                                                      Co
                                                                  o
                                                              St
                                                                     y
                                                                    r
                                                      CoverStory
                                                           er
        or hybrid with resources anywhere as well as workers    In October 2022, the CFPB published a 72-page outline
        in any location," he wrote. "Zero Trust is a framework   of proposals concerning consumer data portability in
        for securing infrastructure and data for today's modern   preparation for a February 2023 meeting and subsequent
        digital transformation. It uniquely addresses the modern   formal rulemaking. Among its concerns were data
        challenges of today's business, including securing remote   accuracy,  security,  third-party  access  and  usage,  and
        workers, hybrid cloud environments, and ransomware      consumer access and control. The report is available at
        threats."                                               https://assets.law360news.com/1544000/1544073/cfpb_data-
                                                                rights-rulemaking-1033-sbrefa_outline_2022-10.pdf
        Transparent policymaking

        With ransomware attacks occurring every 11 seconds,     "In  authorizing  a  third  party  to  access  consumer  data,
        according  to  recent  reports,  the  European  Union   consumers engage in a broad and complex ecosystem
        Commission enacted the Cyber Resilience Act on Jan. 18,   that enables such access," the bureau wrote. "In addition
        2023,  legislation  designed  to  hold  firms accountable  for   to consumers themselves, the main participants in that
        security. The law requires manufacturers, distributors   system are data holders, data users, and data aggregators.
        and  importers to  notify ENISA—the  EU's cybersecurity   A given participant, however, may play more than one—or
        agency—within  24  hours  of  detecting  a  security    even all—of these roles."
        vulnerability or intrusion. If they do not, they face steep
        fines and penalties.                                    CFPB researchers noted the data access ecosystem has
                                                                the potential to power innovation and competition in the
        Jan Wendenburg, CEO of cybersecurity firm ONEKEY,       following three ways:
        stated the EU will take a hard line with the regulation,   1. Improve existing products: A mortgage lender could
        adding to supply chain pressures. "The time horizon is    use authorized data access to digitally verify account
        tight, considering that orders for IT products are already   assets, speed the application process and spare the
        being placed with OEM manufacturers this year for the     applicant the burden of assembling this data.
        next 12 to 18 months," he said. "Therefore, the timing
        situation needs to be considered and resolved now, before   2.  Foster competition: Lenders could use consumer
        a product ends up not being launched or delayed due to    data, such as account transaction history, to underwrite
        defects."                                                 consumers who might otherwise face more costly credit
                                                                  terms. Lenders could also use near real-time account
        The digital-first payments ecosystem is highly visible to   data  to  provide  a  consumer  with  short-term  credit
        policymakers worldwide, many of whom question if newer    options.
        payment methods do enough to protect consumer privacy
        and data. The Electronic Transactions Association's       3.  Develop  new  products  and  services:  A  company
        government affairs division works closely with regulators   could offer automated financial advice by consolidating
        to create a positive policy environment that balances     consumer data from across various transaction accounts
        growth with strong consumer protections. The ETA works    at multiple providers.
        with state, federal and Canadian policymakers to help
        shape policy  that fosters  payments industry innovation,   Principled innovation
        stated Jodie Kelley, CEO of the ETA.                    Jeff Patchen, director of government affairs at the ETA,
                                                                responded to the CFPB's request for comment in a Jan.
        "The payments industry continues to face scrutiny by    25, 2023 letter. He advocated for a balance of consumer
        federal and state policymakers," she said. "It is imperative   data  access  and  choice  with  service  provider  security,
        that ETA's government relations team shares the value and   transparency, control and disclosure.
        importance the payments industry places on continued
        innovation and consumer protection."                    "Access to financial data and information is an important
        Transparent data sharing                                issue that involves consumers, traditional financial
                                                                institutions, financial technology companies (fintechs)
        Scott Talbott, ETA senior vice president, government    and other financial service providers, including data
        affairs, has seen growing interest in open banking among   aggregators and third-party application providers,"
        regulators, including the Consumer Financial Protection   Patchen wrote. "And, the ecosystem consists of multiple
        Bureau, where Section 1033 of the Dodd-Frank Wall Street   stakeholders, each with differing roles within data
        Reform and Consumer Protection Act, which pertains to   aggregation."
        consumer data sharing, is currently under review.
                                                                Calling for an industry-led, principles-based framework
        "Open banking is an exciting service that can strengthen   that promotes innovation and competition in the financial
        consumers' ability to manage their day-to-day finances,"   data marketplace, Patchen emphasized consumers must
        Talbott said. "We encourage the CFPB to create a principle-  be able to choose and control how their data is used and
        based,  comprehensive  policy  framework  that  relies  on   service providers must keep consumer protection top of
        industry-led technology solutions."                     mind when innovating. In conclusion, he recommended
        26
   21   22   23   24   25   26   27   28   29   30   31