NRMLA to CFPB: Guidance Doesn’t Go Far Enough to Protect Sensitive Data

In comments submitted to the Consumer Financial Protection Bureau, NRMLA requested that the consumer watchdog initiate formal public rulemaking that gives stakeholders the opportunity to adequately address consumer privacy dangers and data protection threats that the disclosure of expanded Home Mortgage Disclosure Act data poses.

“We believe that the Bureau should undergo further and formal rulemaking before releasing highly sensitive personal consumer financial information to the public at large,” commented NRMLA.

In October 2015, the CFPB published a 797-page final rule that expanded lenders’ data collection requirements by adding 25 data categories and 100 data fields. The CFPB proposed a “balancing test” to determine whether and how HMDA data should be modified prior to its disclosure to the public to protect applicant and borrower privacy, while also fulfilling the disclosure purposes of the statute.

When it adopted its final rule, the CFPB intended to provide a process for the public to provide input on the application of the balancing test to determine the HMDA data to be publicly disclosed. The Bureau has done that, not through proposed rulemaking, but through Proposed Policy Guidance published on September 25, 2017, which the association deemed inadequate.

NRMLA noted in its comments that “the Bureau has failed to outline in its Proposed Policy Guidance the steps it will take to ensure against data breaches into a massive collection of highly sensitive personal consumer financial information covering a large portion of the U.S. population.” Read NRMLA’s full comments by logging into