Senate Banking Committee Chairman Mike Crapo (R-Idaho) and Ranking Member Sherrod Brown (D-Ohio) are seeking public feedback on the collection, use, and protection of sensitive personal information by financial regulators and private companies.

“Given the exponential growth and use of data, and corresponding data breaches, it is worth examining how the Fair Credit Reporting Act should work in a digital economy, and whether certain data brokers and other firms serve a function similar to the original consumer reporting agencies,” Crapo said in a Feb. 13 statement. “I am particularly interested in what data is contained in modern consumer reports, how the information is gathered, who compiles it, how it is protected, how consumers can access it and correct it, and how privacy is respected.”

“In the year and a half since the Equifax breach, the country has learned that financial and technology companies are collecting huge stockpiles of sensitive personal data, but fail over and over to protect Americans’ privacy,” Brown added. “Outdated privacy laws don’t address the complex surveillance schemes these businesses profit from today.”

Brown urged Congress to “make it easy for consumers to find out who is collecting personal information about them, and give consumers power over how that data is used, stored and distributed.”

The joint statement notes that the collection, use, and protection of personally identifiable data and other sensitive information by financial regulators and private financial companies (including third-parties that share information with financial regulators and private financial companies) deserves close scrutiny. The collection and use of personally identifiable information, the two legislators say, will be a major focus of the Banking Committee moving forward.

Crapo and Brown invited responses from interested stakeholders to a variety of questions:

  • What could be done through legislation, regulation, or by implementing best practices that would give consumers more control over and enhance the protection of consumer financial data, and ensure that consumers are notified of breaches in a timely and consistent manner?
  • What could be done to ensure that financial regulators and private financial companies (including third-parties that share information with financial regulators and private financial companies) provide adequate disclosure to citizens and consumers about the information that is being collected about them and for what purposes?
  • What could be done to give citizens and consumers control over how financial regulators and private financial companies (including third-parties that share information with financial regulators and private financial companies) use consumer data?
  • What could be done by credit bureaus to protect consumer data and to make sure that information contained in a credit file is accurate?
  • What could be done so a consumer can easily identify and exercise control of data that is being (a) collected and shared by data brokers and other firms and (b) used as a factor in establishing a consumer’s eligibility for credit, insurance, employment, or other purposes?

Responses will be collected until March 15, 2019. Commenters should submit electronic copies of their responses to Committee staff at submissions@banking.senate.gov. Responses will be made public on the Senate Banking Committee’s website.

Topics