The Matrix

Last week, the Consumer Financial Protection Bureau (“CFPB”) took a significant step forward in enhancing consumer control over private financial data when it launched a rulemaking process under Section 1033 of the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Section 1033”). Section 1033 requires the CFPB to implement a rule to allow consumers to access their financial information. Currently, there is no duty under Section 1033 to maintain or keep any information about a consumer. The CFPB has yet to adopt a rule relating to data access, despite its authority to do so.

A number of U.S. federal agencies have authority to issue a type of administrative subpoena called a Civil Investigative Demand (“CID”) to obtain relevant information as part of an investigation. For example, both the Federal Trade Commission (“FTC”) and the Consumer Financial Protection Bureau (“CFPB”) have authority to issue CIDs to obtain documents and testimony in investigations related to privacy, data security, deceptive marketing, and financial fraud. This article identifies some items to consider when receiving a CIDs based on my experience issuing and reviewing hundreds of CIDs as an enforcement attorney in the Chicago office of the FTC.