It could be banned for data brokers to sell your social security number.
They would also have to obtain your consent before selling your information.
The Consumer Financial Protection Bureau (CFPB) is considering new regulations that would restrict data brokers' ability to sell sensitive personal and financial information about Americans. This proposal stipulates that those brokers who market data on income, credit history, credit scores, or debt payments would be classified as consumer reporting agencies. This means they would be required to comply with the Fair Credit Reporting Act (FCRA), which regulates how these agencies can obtain and use the information contained in consumer reports, treating them similarly to credit reporting agencies and verification companies.
At a press conference, CFPB Director Rohit Chopra emphasized the significant data breach at National Public Data that occurred this year, exposing more than 200 million Social Security numbers that were put up for sale on the dark web. Chopra highlighted that these incidents are not isolated and demonstrate a systematic vulnerability in how our personal information is marketed. He also mentioned that foreign countries have shown interest in accessing this data, citing allegations from federal prosecutors about the involvement of members of the Chinese military in the 2017 Equifax data breach.
Chopra also warned that attackers do not need to conduct hacks to access sensitive information about Americans, as data brokers are facilitating access to this data for anyone willing to pay for it. This profit motive can lead to situations of fraud, harassment, and surveillance.
The proposal would not only require data brokers to comply with the FCRA, but it would also establish that consumers must give their explicit consent for their data to be shared. Thus, brokers would need to obtain clear permission before selling sensitive personal or financial information about consumers.
It is important to note that this regulation focuses on private companies and not governmental operations. The CFPB has requested comments on how to ensure appropriate access for government agencies to this information, with the comment period extending until March 3, 2025. There is a possibility that changes in political leadership could affect the CFPB’s ability to implement these rules; however, it has been recognized in a bipartisan manner that data brokers pose a threat to both Americans' privacy and national security. Some government agencies, such as Immigration and Customs Enforcement and the FBI, also rely on data brokers to bypass surveillance restrictions.
