[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4604 Introduced in House (IH)]

113th CONGRESS
  2d Session
                                H. R. 4604

  To amend the Consumer Financial Protection Act of 2010 to create a 
  consumer opt-out list for data collected by the Bureau, to put time 
       limits on data held by the Bureau, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 7, 2014

Mr. Westmoreland (for himself, Mr. Duffy, Mrs. Bachmann, Mr. Long, Mr. 
 Posey, Mr. Bentivolio, and Mr. Luetkemeyer) introduced the following 
    bill; which was referred to the Committee on Financial Services

_______________________________________________________________________

                                 A BILL


 
  To amend the Consumer Financial Protection Act of 2010 to create a 
  consumer opt-out list for data collected by the Bureau, to put time 
       limits on data held by the Bureau, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``CFPB Data Collection Security Act''.

SEC. 2. COLLECTION AND DISPOSAL OF CONSUMER INFORMATION.

    Section 1022(c) of the Consumer Financial Protection Act of 2010 
(12 U.S.C. 5512(c)) is amended by adding at the end the following:
            ``(10) Opt-out list for data collection.--
                    ``(A) In general.--The Bureau shall establish an 
                opt-out list, which shall contain a list of consumers 
                who have notified the Bureau that they do not wish to 
                allow the Bureau to collect personally identifiable 
                information about them.
                    ``(B) Availability of list.--The Bureau shall 
                provide consumers with a method of adding and removing 
                their names from the opt-out list both over the phone 
                and on the website of the Bureau.
                    ``(C) Prohibition on data collection.--
                            ``(i) In general.--The Bureau may not 
                        collect personally identifiable information 
                        about a consumer if the consumer is listed on 
                        the opt-out list.
                            ``(ii) Exception for consumer complaints.--
                                    ``(I) In general.--This 
                                subparagraph shall not apply with 
                                respect to consumer complaints.
                                    ``(II) Use of data.--Personally 
                                identifiable information contained in a 
                                consumer complaint with respect to a 
                                consumer that is listed on the opt-out 
                                list may not be used for any purpose 
                                other than the consumer complaint, 
                                including supervisory functions or 
                                market monitoring.
            ``(11) Timing limitation on data held by the bureau.--The 
        Bureau shall delete or otherwise destroy--
                    ``(A) any information related to a consumer 
                complaint regarding consumer financial products or 
                services, not later than the end of the 60-day period 
                following the completion of any review into such 
                complaint where no further action will be taken;
                    ``(B) any reports issued by, or data collected 
                while conducting an examination of, any covered person, 
                depository institution, or credit union over which the 
                Bureau has supervisory authority, after three 
                examinations, except for enforcement actions that 
                specifically address payments to consumers; and
                    ``(C) any information collected by the Bureau about 
                a particular consumer or other person not described 
                under subparagraph (A) or (B), not later than the 60-
                day period following the date on which the Bureau 
                collected such information.
            ``(12) Requirement in event of privacy breach.--If the 
        Bureau experiences a data breach that exposes personally 
        identifiable information about a consumer, the Bureau shall 
        provide such consumer with one year of free credit monitoring 
        and publicly notify consumers of the breach on the front page 
        of the Bureau's website.
            ``(13) Requirement for senate-confirmed director.--
        Notwithstanding any other provision of law, the Bureau may not 
        collect any data or perform any market monitoring unless the 
        Bureau has a Senate-confirmed Director.''.

SEC. 3. PERSONNEL REQUIREMENT.

    Section 1013(a) of the Consumer Financial Protection Act of 2010 
(12 U.S.C. 5493(a)) is amended by adding at the end the following:
            ``(6) Confidential security clearance required for certain 
        employees.--No employee of the Bureau may access personally 
        identifiable information collected by the Bureau unless such 
        employee holds a `confidential' security clearance.''.
                                 <all>