One of the country’s largest police associations met with the director of the Consumer Financial Protection Bureau (CFPB) in October in an effort to ensure the agency’s forthcoming proposed rule governing data brokers allows police to continue to access sensitive personal data for investigative purposes.

The CFPB is currently honing the hotly anticipated proposed rule. Depending on its final form, it could both significantly rein in many data brokers buying and selling consumer data and make it harder for law enforcement to obtain data.

That tension played out at a recent and previously unreported meeting between one of the National Association of Police Organizations (NAPO) and CFPB Director Rohit Chopra on October 7.

Founded in 1978, NAPO represents more than 1,000 police units and associations and more than 241,000 sworn law enforcement officers, according to its website.

“NAPO’s goal in the meeting was to ensure that the proposed rules protect not only officer’s private information from being sold and made public, but also safeguard law enforcement’s access to certain publicly available data that is vital to aiding victims and preventing and solving crimes,” the group said in a newsletter published last month.

The credit header debate

The CFPB has signaled that it could define many data brokers as consumer reporting agencies, a designation that would force them to comply with strict data accuracy and privacy regulations outlined in the Fair Credit Reporting Act (FCRA). 

So-called “credit header” information, like individuals’ names, ages, addresses, former addresses and places of employment, could be deemed consumer reports, meaning the data can only be sold for “permissible purposes” such as employment background checks.

Some data brokers now sell additional credit header data, including telephone and Social Security numbers, for marketing or law enforcement use, which are not considered “permissible purposes” under FCRA.

The rule may close a loophole which has allowed police to obtain individuals’ Social Security and telephone numbers without judicial oversight. CFPB has signaled that it could require a court order or a search warrant for law enforcement to continue to access that information as they do now, said John Davisson, director of litigation at the Electronic Privacy Information Center.

Law enforcement has opposed the idea.

The CFPB’s decision on whether to designate credit headers as a consumer report “could change the information that is available to data brokers, and consequently, the data available to law enforcement to help identify and pursue leads,” the NAPO newsletter said.

At the heart of the debate over the rule is the conflict between how to better protect law enforcement from data brokers while still preserving their access to data in order to investigate suspects.

Information contained in so-called credit headers is exactly what many data brokers are now peddling on the open market, allowing anyone to access personal data belonging to anyone else, including law enforcement officers, judges and prosecutors whose lives could be endangered when their home addresses are made public.

Chopra was receptive to NAPO’s arguments, according to the newsletter, which claimed he “indicated they share our goals of protecting officer personal identifying information as well as ensuring law enforcement still has the tools available to quickly and efficiently solve crimes.”

“The meeting ended with a commitment to open channels of communication and working together to find a compromise proposal,” it added. 

A spokesperson for the CFPB said in a statement that the agency has met with stakeholders in the national security, law enforcement and privacy advocacy communities as part of the rulemaking process, which Chopra announced at a White House event in August 2023.

“The CFPB agrees that protecting the privacy of consumers — including law enforcement, military, and intelligence personnel — is essential,” the statement said. 

The statement did not directly address NAPO’s contention that Chopra is receptive to maintaining law enforcement access to some sensitive personal data belonging to consumers.

Data broker experts said that even if the rule changes, law enforcement will still be able to get the data it needs for investigations.

“The new rule likely won’t keep law enforcement from solving crimes with data,” said Jeff Jockisch, cofounder of ObscureIQ, a digital footprint deletion and audit company. “But it might make it more expensive if they can't buy cheap reports from data brokers."

An 'unfettered flow' of data

Leadership from the data deletion service Atlas Data Privacy Corporation joined NAPO at its meeting with Chopra. Atlas is suing 118 data brokers in New Jersey on behalf of its law enforcement clients and is alleging that the brokers violated a state law safeguarding their personal data by posting it online and ignoring take-down requests. 

“We work with tens of thousands of law enforcement officers and almost never hear concerns about privacy reforms limiting access to warrantless commercial surveillance data,” a spokesperson for Atlas said via email when asked about the meeting. 

“In our experience this narrative is pushed by data broker lobbyists who work through front groups which are often used to misrepresent the interests of rank and file law enforcement.”

Chopra has gone after data brokers zealously. Last week, the CFPB warned industry that using third party companies — some of whom are data brokers — to analyze and compile information gleaned from electronic workplace surveillance tools could violate the law.

At an event last month, Chopra highlighted how CFPB’s forthcoming proposed rule will protect consumers’ sensitive data from data brokers whom he portrayed as responsible for a range of social ills.

“By ensuring that the Fair Credit Reporting Act’s longstanding privacy protections apply to these so-called data brokers, it will limit the unfettered flow of sensitive data that fuels the targeting of servicemembers and puts our national security at risk, while also combating financial scams, identity theft, stalking, harassing and doxing,” he said.

The details of the proposed rulemaking have been closely held, according to Justin Sherman, an expert on the industry who conducted a landmark study showing data brokers sold military members’ sensitive health and financial data for pennies. 

Sherman called the police association’s meeting with Chopra on the data broker issue “noteworthy” at a time when industry and advocates are eagerly anticipating the highly consequential rulemaking which could reshape the data broker marketplace.

“Data brokers have completely coopted and weaponized narratives about who they're benefiting, and public safety, to say that all these companies should be allowed to sell all kinds of data because it supposedly helps people and communities,” Sherman said in an interview. “In fact, they ignore all of the risk that it creates to groups like these law enforcement officers in New Jersey, as well as the military and others.”

This article was updated at 3:15 p.m. with comments from Jeff Jockisch, cofounder of ObscureIQ.