Keypoint: As leadership at the CFPB shifts, responses to the CFPB’s Notice of Proposed Rulemaking to implement Section 1033 of the Dodd Frank Act looms.

More than a decade ago, the Dodd Frank Act created the Consumer Financial Protection Bureau (CFPB) and gave it authority to promulgate rules implementing Section 1033 of the Act. Under Section 1033, upon request, a financial services provider “shall make available to a consumer information in its control or possession concerning the product or service that the consumer has obtained, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.”

Generally, one hears the term “big data” and, in the next breath, about the host of privacy issues implicated by that big data. Indeed, a quick google search confirms that in many of the top links appearing in a google search of “big data” include the word “privacy.”

There is a reason for this, of course: big data often contains a lot of information aggregated from different sources about individuals. Many times, consumer do not know in the first place that different pieces of information about them have been collected (or, if they know it has been collected, they do not know the information has been retained); they do not know that such information has been aggregated; and they do not know the aggregated information has been (and is being) further disseminated. Single pieces of information on their own pose a privacy risk. The aggregation of the information, which is then disseminated, poses a greater and different privacy risk.