Page 26 - GS230201
P. 26
v
Co
o
St
y
r
CoverStory
er
or hybrid with resources anywhere as well as workers In October 2022, the CFPB published a 72-page outline
in any location," he wrote. "Zero Trust is a framework of proposals concerning consumer data portability in
for securing infrastructure and data for today's modern preparation for a February 2023 meeting and subsequent
digital transformation. It uniquely addresses the modern formal rulemaking. Among its concerns were data
challenges of today's business, including securing remote accuracy, security, third-party access and usage, and
workers, hybrid cloud environments, and ransomware consumer access and control. The report is available at
threats." https://assets.law360news.com/1544000/1544073/cfpb_data-
rights-rulemaking-1033-sbrefa_outline_2022-10.pdf
Transparent policymaking
With ransomware attacks occurring every 11 seconds, "In authorizing a third party to access consumer data,
according to recent reports, the European Union consumers engage in a broad and complex ecosystem
Commission enacted the Cyber Resilience Act on Jan. 18, that enables such access," the bureau wrote. "In addition
2023, legislation designed to hold firms accountable for to consumers themselves, the main participants in that
security. The law requires manufacturers, distributors system are data holders, data users, and data aggregators.
and importers to notify ENISA—the EU's cybersecurity A given participant, however, may play more than one—or
agency—within 24 hours of detecting a security even all—of these roles."
vulnerability or intrusion. If they do not, they face steep
fines and penalties. CFPB researchers noted the data access ecosystem has
the potential to power innovation and competition in the
Jan Wendenburg, CEO of cybersecurity firm ONEKEY, following three ways:
stated the EU will take a hard line with the regulation, 1. Improve existing products: A mortgage lender could
adding to supply chain pressures. "The time horizon is use authorized data access to digitally verify account
tight, considering that orders for IT products are already assets, speed the application process and spare the
being placed with OEM manufacturers this year for the applicant the burden of assembling this data.
next 12 to 18 months," he said. "Therefore, the timing
situation needs to be considered and resolved now, before 2. Foster competition: Lenders could use consumer
a product ends up not being launched or delayed due to data, such as account transaction history, to underwrite
defects." consumers who might otherwise face more costly credit
terms. Lenders could also use near real-time account
The digital-first payments ecosystem is highly visible to data to provide a consumer with short-term credit
policymakers worldwide, many of whom question if newer options.
payment methods do enough to protect consumer privacy
and data. The Electronic Transactions Association's 3. Develop new products and services: A company
government affairs division works closely with regulators could offer automated financial advice by consolidating
to create a positive policy environment that balances consumer data from across various transaction accounts
growth with strong consumer protections. The ETA works at multiple providers.
with state, federal and Canadian policymakers to help
shape policy that fosters payments industry innovation, Principled innovation
stated Jodie Kelley, CEO of the ETA. Jeff Patchen, director of government affairs at the ETA,
responded to the CFPB's request for comment in a Jan.
"The payments industry continues to face scrutiny by 25, 2023 letter. He advocated for a balance of consumer
federal and state policymakers," she said. "It is imperative data access and choice with service provider security,
that ETA's government relations team shares the value and transparency, control and disclosure.
importance the payments industry places on continued
innovation and consumer protection." "Access to financial data and information is an important
Transparent data sharing issue that involves consumers, traditional financial
institutions, financial technology companies (fintechs)
Scott Talbott, ETA senior vice president, government and other financial service providers, including data
affairs, has seen growing interest in open banking among aggregators and third-party application providers,"
regulators, including the Consumer Financial Protection Patchen wrote. "And, the ecosystem consists of multiple
Bureau, where Section 1033 of the Dodd-Frank Wall Street stakeholders, each with differing roles within data
Reform and Consumer Protection Act, which pertains to aggregation."
consumer data sharing, is currently under review.
Calling for an industry-led, principles-based framework
"Open banking is an exciting service that can strengthen that promotes innovation and competition in the financial
consumers' ability to manage their day-to-day finances," data marketplace, Patchen emphasized consumers must
Talbott said. "We encourage the CFPB to create a principle- be able to choose and control how their data is used and
based, comprehensive policy framework that relies on service providers must keep consumer protection top of
industry-led technology solutions." mind when innovating. In conclusion, he recommended
26
