CFPB Data Collection Security Act - Amends the Consumer Financial Protection Act of 2010 to direct the Consumer Financial Protection Bureau (CFPB) to: (1) establish an opt-out list of consumers who have notified the CFPB that they do not wish to allow it to collect personally identifiable information about them, and (2) give consumers a method of adding and removing their names from the opt-out list via telephone or the CFPB website.
Prohibits the CFPB from collecting: (1) personally identifiable information about a consumer listed on the opt-out list (except in the case of consumer complaints), or (2) any data or performing any market monitoring unless it has a Senate-confirmed Director.
Prescribes time limitations for the holding of data by the CFPB.
Directs the CFPB, if it experiences a data breach that exposes personally identifiable information about a consumer, to give that consumer one year of free credit monitoring. Requires the CFPB to notify consumers publicly of such a breach on the front page of its website.
Prohibits CFPB employees from accessing personally identifiable information collected by the CFPB unless they hold a "confidential" security clearance.
[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4604 Introduced in House (IH)]
113th CONGRESS
2d Session
H. R. 4604
To amend the Consumer Financial Protection Act of 2010 to create a
consumer opt-out list for data collected by the Bureau, to put time
limits on data held by the Bureau, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 7, 2014
Mr. Westmoreland (for himself, Mr. Duffy, Mrs. Bachmann, Mr. Long, Mr.
Posey, Mr. Bentivolio, and Mr. Luetkemeyer) introduced the following
bill; which was referred to the Committee on Financial Services
_______________________________________________________________________
A BILL
To amend the Consumer Financial Protection Act of 2010 to create a
consumer opt-out list for data collected by the Bureau, to put time
limits on data held by the Bureau, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``CFPB Data Collection Security Act''.
SEC. 2. COLLECTION AND DISPOSAL OF CONSUMER INFORMATION.
Section 1022(c) of the Consumer Financial Protection Act of 2010
(12 U.S.C. 5512(c)) is amended by adding at the end the following:
``(10) Opt-out list for data collection.--
``(A) In general.--The Bureau shall establish an
opt-out list, which shall contain a list of consumers
who have notified the Bureau that they do not wish to
allow the Bureau to collect personally identifiable
information about them.
``(B) Availability of list.--The Bureau shall
provide consumers with a method of adding and removing
their names from the opt-out list both over the phone
and on the website of the Bureau.
``(C) Prohibition on data collection.--
``(i) In general.--The Bureau may not
collect personally identifiable information
about a consumer if the consumer is listed on
the opt-out list.
``(ii) Exception for consumer complaints.--
``(I) In general.--This
subparagraph shall not apply with
respect to consumer complaints.
``(II) Use of data.--Personally
identifiable information contained in a
consumer complaint with respect to a
consumer that is listed on the opt-out
list may not be used for any purpose
other than the consumer complaint,
including supervisory functions or
market monitoring.
``(11) Timing limitation on data held by the bureau.--The
Bureau shall delete or otherwise destroy--
``(A) any information related to a consumer
complaint regarding consumer financial products or
services, not later than the end of the 60-day period
following the completion of any review into such
complaint where no further action will be taken;
``(B) any reports issued by, or data collected
while conducting an examination of, any covered person,
depository institution, or credit union over which the
Bureau has supervisory authority, after three
examinations, except for enforcement actions that
specifically address payments to consumers; and
``(C) any information collected by the Bureau about
a particular consumer or other person not described
under subparagraph (A) or (B), not later than the 60-
day period following the date on which the Bureau
collected such information.
``(12) Requirement in event of privacy breach.--If the
Bureau experiences a data breach that exposes personally
identifiable information about a consumer, the Bureau shall
provide such consumer with one year of free credit monitoring
and publicly notify consumers of the breach on the front page
of the Bureau's website.
``(13) Requirement for senate-confirmed director.--
Notwithstanding any other provision of law, the Bureau may not
collect any data or perform any market monitoring unless the
Bureau has a Senate-confirmed Director.''.
SEC. 3. PERSONNEL REQUIREMENT.
Section 1013(a) of the Consumer Financial Protection Act of 2010
(12 U.S.C. 5493(a)) is amended by adding at the end the following:
``(6) Confidential security clearance required for certain
employees.--No employee of the Bureau may access personally
identifiable information collected by the Bureau unless such
employee holds a `confidential' security clearance.''.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Financial Services.
Hearings Held by the Subcommittee on Financial Institutions and Consumer Credit Prior to Referral.
Committee Consideration and Mark-up Session Held.
Ordered to be Reported (Amended) by the Yeas and Nays: 32 - 27.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line