With the recent massive data breaches, Congress, regulators and others in public policy roles are considering not just the safety of personal financial information, but also who owns that data and how can it be accessed and used commercially. Politico’s article on the topic discusses the various parties in Washington that are involved and what is at stake:
Yes, it’s your money. But the data, from savings balances to your history of car payments, belong to whatever institution holds the account. And just who has the rights to see that data has become a pitched battle, with Washington as a front.
There’s a consumer-rights angle, with public-interest advocates and politicians such as Sen. Elizabeth Warren (D-Mass.) weighing in for stronger consumer protections. But as is typical in Washington, the battle is really between two sectors of the financial industry.
What they’re arguing over is a vast trove of information on Americans’ cash flows. The average American household has several financial accounts – not just checking and savings, but credit cards, retirement savings and loans. And the recent Equifax hack, in which the credit-reporting company revealed that a whopping 145.5 million Americans might have had their information hacked, revealed just how widely our data can spread across the landscape – and just how little control we have over where it goes.
It appears that directionally, the U.S. is headed down the path of creating its own version of the EU’s PSD2 where your data is up for grabs by anyone certified to have access:
In a letter for the request for information that the CFPB completed earlier this year, CFSI laid out broad principles it hopes will become industry standard: availability of data on third-party applications in a timely and reliable manner, with permission of the customer, and sharing only the minimum data necessary. A similar model is already being tried in the European Union, where a 2015 rule that will fully phase in next year mandates that banks and other payment services providers like Venmo and PayPal grant the means for secured access, authorized by customers, for transaction history and account balances. They’re required to provide it through APIs, a form of online interface that allows for controlled sharing of information, and avoids less-secure mechanisms like scraping.
“What is happening there is something we point to as a positive,” says Brian Peters, executive director of FIN.
Many of the new financial firms and banks say they’d prefer to work out a standard on their own rather than by government mandate, and to an extent that’s already underway. JPMorgan and Wells Fargo, both of which had restricted or cut off access to account information to third-party firms, have started to reach individual deals. JPMorgan announced an agreement with Mint, which software firm Intuit owns, and for access to JPMorgan accounts for its applications like QuickBooks and TurboTax. Wells Fargo announced a similar deal with Xero, a New Zealand company that provides accounting software for businesses. But the consumer advocate Mierzwinski is skeptical of industry-driven approaches: If companies set the standard themselves, he says, it “will ultimately prove to be the least common denominator.”
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here