Securiti AI Recognized as a Customers’ Choice For DSPM By Gartner Peer Insights


CFPB’s Personal Financial Data Rights Proposed Rule

Last Updated on June 6, 2024

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The Consumer Financial Protection Bureau (CFPB) has proposed Personal Financial Data Rights Rule (the proposed rule) to implement section 1033 of the Consumer Financial Protection Act of 2010 (Title X of the Dodd-Frank Act) which requires data providers to make available to consumers, upon request, transaction data and other information concerning a consumer financial product or service.


The proposed rule primarily applies to data providers that control or process covered data concerning a covered consumer financial product or service. However, the data providers that are depository institutions and that do not have a consumer interface are exempt from the requirements of the proposed rule.

In addition, authorized third parties accessing covered data on behalf of consumers are also subject to specific obligations under the proposed rule.

Key Compliance Obligations

Major obligations of the covered entities under the proposed rule include the following:

(a) Establishing and maintaining interfaces to receive and respond to data access requests from consumers and authorized third parties;

(b) Ensuring transparency, including the provision of identifying information, developer interface documentation, contact information, and information about the right to revoke authorization and the revocation mechanism;

(c) Providing the consumers with authorization disclosures and obtaining express informed consent for accessing the consumer’s covered data;

(d) Complying with the principles of Collection Limitation, Purpose Specification, and Storage Limitation;

(e) Ensuring data accuracy and data security; and

(f) Maintaining compliance records and managing vendor compliance.

The Solution

Securiti enables organizations to comply with the proposed rule through AI-driven DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

CFPB’s Solution

Assess Proposed Rule Readiness

Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with the requirements of the proposed rule, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against the proposed rule.

CFPB Readiness
Utah Map Data to Discover Sensitive Personal Information

Auto Compliance Management

Automated compliance with the proposed rule using Securiti’s common controls and tests.

Automate Notice Creation & Management

Sections: 1033.341, 1033.421

Securiti's Privacy Notice Creation and Management module can be utilized to fulfill the transparency requirements under the proposed rule i.e., making available identifying information, developer interface documentation, etc.

CFPB notice Creation
CFPB Consent

Manage Consent

Sections: 1033.401, 1033.411

Securiti's Universal Consent Management module can be utilized to provide the consumer with authorization disclosures and obtain express informed consent to access and process their data. Covered entities can also track consent to prevent the collection or processing of covered data without authorization.

Automate Information Requests

Sections: 1033.201, 1033.301, 1033.311, 1033.321, 1033.331

Securiti's Data Subject Rights Fulfillment module can be utilized to create customized web forms and accept verified information requests in compliance with the proposed rule.

Utah Map Data to Discover Sensitive Personal Information
Data Security

Ensure Data Security

Sections: 1033.131, 1033.301, 1033.311

Securiti’s Data Security Posture management module can be leveraged to identify the necessary security controls and implement appropriate security measures in compliance with the proposed rule.

Maintain Records of Data

Sections: 1033.351, 1033.441

Securiti’s Data Mapping module can be utilized to catalog the data, document business process flows, and maintain records of consumer data processing activities.

CFPB Maintain Records of Data
CFPB Vendor Risk Assessment

Vendor Risk Assessment

Sections: 1033.431

Securiti’s Vendor Risk Management module can be leveraged to track, monitor, and manage the privacy and security readiness of third parties and data aggregators in compliance with the proposed rule. It also allows organizations to manage all vendor contracts and compliance documents.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report