You are reading: CFPB 1033: Does It Affect Your Data?

May 28, 2024

CFPB 1033: Does It Affect Your Data?

Daniel Berlind

The Consumer Financial Protection Bureau’s (CFPB) Section 1033 is set to change the way consumers interact with their financial data.

This provision, outlined in the Dodd-Frank Act, states that consumers have the right to access their financial information in a usable electronic format, empowering them with unprecedented control and insight into their financial lives.


After the 2008 crash, the Dodd-Frank Act was enacted to establish regulations and entities like the CFPB. Its aim was to enhance the financial stability of the United States by bolstering accountability and transparency within the financial services industry.

Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act states:

“…a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges, and usage data.” 

Who will be impacted?

Although the focus is primarily on banks and card issuers, some fintech companies – such as digital payment providers or budgeting apps – will also be subject to the expected regulation.

What will it do?

The proposed rule would…

  • Specify the responsibilities for third parties accessing consumer data on their behalf
  • Establish guidelines for data access, encompassing the requirements that data providers must adhere to
  • Promote fair, transparent, and inclusive industry practices
  • Institutions must provide consumers and third parties access to specific transaction and account data to enhance transparency and accessibility

One of the expected outcomes is a significant increase in Information Security requirements, which would supplement the rules already established by FCRA and GLBA. This would require financial institutions and other data providers to implement robust security measures to protect consumer data from unauthorized access or misuse.

What should businesses do to prepare?

Businesses need to ensure that their payment vendors have a plan for how to adopt the increased protections expected under this proposal. Although this proposal is fairly limited in scope, companies handling sensitive financial data are expected to continue to face increased scrutiny and regulation.

Companies can prepare by reviewing their current security measures and identifying areas where they may need to enhance protections. This could include implementing multi-factor authentication, regularly updating software and systems, and conducting routine security audits.

In addition, businesses should also educate their employees on best practices for handling sensitive data and ensure that all necessary safeguards are in place. This includes limiting access to sensitive information only to those who need it for their job responsibilities and regularly training employees on how to identify potential security threats.

Businesses should also have a plan in place for responding to potential data breaches, including notifying affected individuals and implementing remediation measures.

Overall, the proposed regulations aim to improve the overall security of consumer financial data while promoting transparency and accessibility.

Ready to protect your properties?

Chat with our sales team to learn about our comprehensive fraud solution

Let’s Talk