CFPB Issues Final Rule Regarding Consumer Rights to Personal Financial Data

Last week the CFPB issued its final rule on Personal Financial Data Rights, which establishes the required attributes a financial services body must meet to comply with Section 1033 of the Dodd Frank Act.

According to the rule, financial institutions, including banks and credit unions, must safely and reliably make personal financial data available to consumers and authorized third parties upon request.  Covered data that must be made available includes account balance information, available terms and conditions regarding a consumer’s account, upcoming bill information and account verification information.

The rule also lists the data privacy protections required of third parties accessing consumer data, including limiting the duration of the third parties’ access to the consumer data and requiring the data be deleted should the consumer’s authorization expire or be revoked by the consumer.