Section 1033 of the Dodd-Frank Act is intended to ensure consumers can access their own personal information held by their financial services provider. It is fundamentally centered on a consumer’s right to obtain “information in the control or possession of” their financial services provider, including information “relating to any transaction, series of transactions, or to the account including costs, charges and usage data.” Such information should “be made available in an electronic form usable by consumers.”
Although the clear statutory language is centered on a consumer’s access to their information, regulators have relied on Section 1033 to facilitate “open banking.” This concept refers to the ability of consumers to share their financial data among different financial services providers, including nonbanks, for purposes of obtaining new and different products and services. As part of this data access ecosystem, there will be greater amounts of consumer data shared with a significantly larger number of parties, not all of which are subject to the same rigorous data security and privacy standards as well-regulated and supervised financial institutions, putting consumers and their sensitive financial information at risk.