 


113 HR 4604 IH: CFPB Data Collection Security Act
U.S. House of Representatives
2014-05-07
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I 
113th CONGRESS
2d Session
H. R. 4604 
IN THE HOUSE OF REPRESENTATIVES 
 
May 7, 2014 
Mr. Westmoreland (for himself, Mr. Duffy, Mrs. Bachmann, Mr. Long, Mr. Posey, Mr. Bentivolio, and Mr. Luetkemeyer) introduced the following bill; which was referred to the Committee on Financial Services
 
A BILL 
To amend the Consumer Financial Protection Act of 2010 to create a consumer opt-out list for data collected by the Bureau, to put time limits on data held by the Bureau, and for other purposes. 
 
 
1.Short titleThis Act may be cited as the CFPB Data Collection Security Act. 
2.Collection and disposal of consumer informationSection 1022(c) of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5512(c)) is amended by adding at the end the following: 
 
(10)Opt-out list for data collection 
(A)In generalThe Bureau shall establish an opt-out list, which shall contain a list of consumers who have notified the Bureau that they do not wish to allow the Bureau to collect personally identifiable information about them. 
(B)Availability of listThe Bureau shall provide consumers with a method of adding and removing their names from the opt-out list both over the phone and on the website of the Bureau. 
(C)Prohibition on data collection 
(i)In generalThe Bureau may not collect personally identifiable information about a consumer if the consumer is listed on the opt-out list.  
(ii)Exception for consumer complaints 
(I)In generalThis subparagraph shall not apply with respect to consumer complaints. 
(II)Use of dataPersonally identifiable information contained in a consumer complaint with respect to a consumer that is listed on the opt-out list may not be used for any purpose other than the consumer complaint, including supervisory functions or market monitoring. 
(11)Timing limitation on data held by the BureauThe Bureau shall delete or otherwise destroy— 
(A)any information related to a consumer complaint regarding consumer financial products or services, not later than the end of the 60-day period following the completion of any review into such complaint where no further action will be taken; 
(B)any reports issued by, or data collected while conducting an examination of, any covered person, depository institution, or credit union over which the Bureau has supervisory authority, after three examinations, except for enforcement actions that specifically address payments to consumers; and 
(C)any information collected by the Bureau about a particular consumer or other person not described under subparagraph (A) or (B), not later than the 60-day period following the date on which the Bureau collected such information. 
(12)Requirement in event of privacy breachIf the Bureau experiences a data breach that exposes personally identifiable information about a consumer, the Bureau shall provide such consumer with one year of free credit monitoring and publicly notify consumers of the breach on the front page of the Bureau’s website. 
(13)Requirement for Senate-confirmed DirectorNotwithstanding any other provision of law, the Bureau may not collect any data or perform any market monitoring unless the Bureau has a Senate-confirmed Director. . 
3.Personnel requirementSection 1013(a) of the Consumer Financial Protection Act of 2010 (12 U.S.C. 5493(a)) is amended by adding at the end the following: 
 
(6)Confidential security clearance required for certain employeesNo employee of the Bureau may access personally identifiable information collected by the Bureau unless such employee holds a confidential security clearance. .  
 
