M-RCBG Associate Working Paper No. 135

The New Frontier of Consumer Protection: Financial Data Privacy and Security

Marshall Lux
Matthew Shackelford



This working paper focuses on the US regulatory framework for consumer financial data privacy and security. It begins with a discussion of the foundational definition of financial data and a review of existing federal regulations impacting the treatment of financial data. The paper then turns to a reflection on recent state-level legislative and regulatory efforts regarding consumer data protection, including the California Consumer Protection Act of 2019 and the Colorado Protections for Consumer Data Privacy Act of 2018, as well as proposed changes that contain unique provisions or requirements. We detail a cross-effort analysis of the key issues and tradeoffs that policymakers must resolve when designing the regulatory framework for consumer financial data privacy and security, focusing primarily on the impacts on consumers, businesses, and societal innovation. The paper concludes with our proposal of the Comprehensive Consumer Financial Data Act, which is holistic federal legislation that establishes the Consumer Financial Data Bill of Rights, simplifies the existing web of regulations to reduce business frictions, and fosters innovation for privacy- and security-focused technologies and financial products.

Download the paper in PDF format