Disclosure of Consumer Complaint Narrative Data, 42765-42769 [2014-17274]

Download as PDF mstockstill on DSK4VPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 141 / Wednesday, July 23, 2014 / Notices ‘‘Debt Collection Survey from the Consumer Credit Panel.’’ DATES: Written comments are encouraged and must be received on or before August 22, 2014 to be assured of consideration. ADDRESSES: You may submit comments, identified by the title of the information collection, OMB Control Number (see below), and docket number (see above), by any of the following methods: • Electronic: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: Consumer Financial Protection Bureau (Attention: PRA Office), 1700 G Street NW., Washington, DC 20552. • Hand Delivery/Courier: Consumer Financial Protection Bureau, 1275 First Street NE., Washington, DC 20002. Please note that comments submitted by fax or email and those submitted after the comment period will not be accepted. In general, all comments received will be posted without change to regulations.gov, including any personal information provided. Sensitive personal information, such as account numbers or social security numbers, should not be included. FOR FURTHER INFORMATION CONTACT: Documentation prepared in support of this information collection request is available at www.reginfo.gov (this link active on the day following publication of this notice). Requests for additional information should be directed to the Consumer Financial Protection Bureau, (Attention: PRA Office), 1700 G Street NW., Washington, DC 20552, (202) 435– 9575, or email: PRA@cfpb.gov. Please do not submit comments to this email box. SUPPLEMENTARY INFORMATION: Title of Collection: Debt Collection Survey from the Consumer Credit Panel. OMB Control Number: 3170–XXXX. Type of Review: New Collection (Request for a new OMB Control Number). Affected Public: Individuals and households. Estimated Number of Respondents: 3000. Estimated Total Annual Burden Hours: 1,000. Abstract: The CFPB plans to conduct a mail survey of consumers to learn about their experiences interacting with the debt collection industry. The survey will ask consumers about their experiences with debt collectors, such as whether they have been contacted by debt collectors in the past, whether they recognized the debt that was being collected, and about their interactions with the debt collectors. The survey will also ask consumers about their VerDate Mar<15>2010 17:33 Jul 22, 2014 Jkt 232001 preferences for how they would like to be contacted by debt collectors, opinions about potential regulatory interventions in debt collection markets, and about their knowledge of their legal rights regarding debt collections. The information collected through this survey will be used to inform a CFPB rule making concerning debt collection and research purposes. Request for Comments: The Bureau issued a 60-day Federal Register notice on March 7th, 2014, 79 FR 13043. Comments were solicited and continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the Bureau, including whether the information will have practical utility; (b) the accuracy of the Bureau’s estimate of the burden of the collection of information, including the validity of the methods and the assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. Comments submitted in response to this notice will be summarized and/or included in the request for Office of Management and Budget (OMB) approval. All comments will become a matter of public record. Dated: July 15, 2014. Ashwin Vasan, Chief Information Officer, Bureau of Consumer Financial Protection. [FR Doc. 2014–17272 Filed 7–22–14; 8:45 am] BILLING CODE 4810–AM–P BUREAU OF CONSUMER FINANCIAL PROTECTION [Docket No. CFPB–2014–0016] Disclosure of Consumer Complaint Narrative Data Bureau of Consumer Financial Protection. ACTION: Notice of proposed policy statement with request for public comment. AGENCY: The Bureau of Consumer Financial Protection (‘‘Bureau’’) currently discloses certain complaint data it receives regarding consumer financial products and services via its web-based, public-facing database (‘‘Consumer Complaint Database’’). The Bureau proposes to expand that disclosure to include unstructured consumer complaint narrative data SUMMARY: PO 00000 Frm 00011 Fmt 4703 Sfmt 4703 42765 (‘‘narratives’’). Only those narratives for which opt-in consumer consent had been obtained and a robust personal information scrubbing standard and methodology applied would be subject to disclosure. The proposed policy (‘‘Proposed Policy Statement’’) would supplement the Bureau’s existing Policy Statements establishing and expanding the Consumer Complaint Database. DATES: Comments regarding the Proposed Policy Statement are due on or before August 22, 2014. ADDRESSES: You may submit comments regarding the Proposed Policy Statement, identified by Docket No. CFPB–2014–0016, by any of the following methods: • Electronic: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552. • Hand Delivery/Courier: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1275 First Street NE., Washington, DC 20002. Instructions: The Bureau encourages the early submission of information and other comments. Because paper mail in the Washington, DC area and at the Bureau is subject to delay, commenters are encouraged to submit comments electronically. In general, all submissions received will be posted without change to https:// www.regulations.gov. In addition, submissions will be available for public inspection and copying at 1275 First Street NE., Washington, DC 20002, on official business days between the hours of 10 a.m. and 5 p.m. Eastern Standard Time. You can make an appointment to inspect the documents by telephoning (202) 435–7275. All submissions, including attachments and other supporting materials, will become part of the public record and will be subject to public disclosure. Do not include sensitive personal information, such as account numbers or Social Security numbers. Comments will not be edited to remove any identifying or contact information, such as name and address information, email addresses, or telephone numbers. FOR FURTHER INFORMATION CONTACT: Scott Pluta, Assistant Director, Office of Consumer Response, Bureau of Consumer Financial Protection, at (202) 435–7306. Authority: 12 U.S.C. 5492(a), 5493(b)(3)(C), 5496(c)(4), 5511(b)(1), (5), 5512(c)(3)(B). SUPPLEMENTARY INFORMATION: E:\FR\FM\23JYN1.SGM 23JYN1 42766 Federal Register / Vol. 79, No. 141 / Wednesday, July 23, 2014 / Notices I. Background mstockstill on DSK4VPTVN1PROD with NOTICES A. Previous Policy Statements Regarding the Consumer Complaint Database On December 8, 2011, the Bureau published in the Federal Register a proposed policy statement describing its plans to disclose certain data about the credit card complaints that consumers submit to the Bureau (‘‘December 2011 Proposed Policy Statement’’).1 After receiving and considering a number of comments, the Bureau finalized its plans for publically disclosing data from consumer credit card complaints and published the final policy statement on June 22, 2012 (‘‘June 2012 Policy Statement’’).2 Also on June 22, 2012, the Bureau concurrently published in the Federal Register a proposed policy statement describing its plans to disclose data from consumer complaints about financial products and services other than credit cards (‘‘June 2012 Proposed Policy Statement’’).3 After receiving and considering a number of comments, the Bureau published the final policy statement on March 25, 2013 (‘‘March 2013 Policy Statement’’).4 In the June 2012 Proposed Policy Statement, the Bureau did not propose including narratives in the Consumer Complaint Database. Notwithstanding this, the Bureau received a significant number of comments specific to narrative disclosure. Consumer, civil rights, and open government groups supported disclosure on the grounds that disclosing narratives would provide consumers with more useful information on which to base financial decisions and would allow reviewers to assess the validity of the complaints. Two privacy groups, while acknowledging privacy risk stemming from publication of ‘‘non-identifiable’’ data and calling for further study, supported disclosure on an opt-in basis. Trade groups and industry commenters nearly uniformly opposed disclosure of consumer complaint narratives. In the March 2013 Policy Statement, the Bureau noted that it would not post narratives to the Consumer Complaint Database at least until it could assess whether there were practical ways to disclose narrative data submitted by consumers without undermining consumer privacy. 1 76 FR 76628, Dec. 8, 2011. FR 37616, June 22, 2012. 3 77 FR 37616, June 22, 2012. 4 78 FR 21218, April 10, 2013. 2 77 VerDate Mar<15>2010 17:33 Jul 22, 2014 Jkt 232001 B. Policy Considerations of Disclosing Narratives The purpose of the Consumer Complaint Database, as stated in the Bureau’s two previous policy statements, is to provide consumers with timely and understandable information about consumer financial products and services, and improve the functioning, transparency, and efficiency of markets for such products and services. As a general matter, the Bureau believes that adding additional information to the Consumer Complaint Database, such as narratives, is consistent with and promotes this purpose. In specifically examining the incremental benefits and risks of disclosing narratives, the Bureau focused on the direct and indirect benefits to consumers, the benefit to the Bureau, and the advancement of open government principles. In terms of the direct benefit provided to consumers, for some consumers a primary reason for submitting a complaint may be to share their experience with other consumers. Complainants may desire to do so as a means of providing information they deem useful to others who may be considering doing business with a particular financial institution or as a means of letting others who may be experiencing a similar situation know that they are not alone. These needs cannot be served by the Bureau simply by disclosing the non-narrative portions of the complaint. Indeed, some consumers may choose to submit a complaint only if they will have the opportunity to share their story and other consumers may overcome their reticence to submit a complaint by reading the experiences of others. By increasing the direct benefits to consumers of submitting a complaint, publishing complaint narratives may expand the number of complaints submitted to the Bureau and thereby enhance the value of the Consumer Complaint Database. Indirect benefits to consumers and the marketplace would include the effect narratives can have on consumer purchasing decisions. Research has shown that consumer word of mouth (which includes consumer reviews and complaints) is a reliable signal of product quality that consumers consult and act upon when making purchasing decisions. Companies, responsive to the effect word of mouth can have on sales, adjust prices to match product quality and improve customer service in order to remain competitive. PO 00000 Frm 00012 Fmt 4703 Sfmt 4703 Publishing narratives would also be impactful by making the complaint data personal (the powerful first person voice of the consumer talking about their experience), local (the ability for local stakeholders to highlight consumer experiences in their community), and empowering (by encouraging similarly situated consumers to speak up and be heard). The Bureau believes that the utility of the overall Consumer Complaint Database would greatly increase with the inclusion of narratives. This could lead to increased use by advocates, academics, the press, and entrepreneurs, which itself would lead to increased consumer contacts with the Bureau. The Bureau believes that the aforementioned increase in benefits and utility would lead to an increase in consumer contacts, which would have a positive effect on Bureau operations. As a critical mass of complaint data is achieved and exceeded, the representativeness of Bureau complaint data increases. Thus, narratives would not only enhance the above consumer benefits but also the many Bureau functions that rely, in part, on complaint data to perform their respective missions including the Offices of Supervision, Enforcement, and Fair Lending, Consumer Education and Engagement, and Research, Markets, and Rulemaking. The Bureau also would benefit by further establishing itself as a leader in the realm of open government and open data. On December 8, 2009, the Office of Management and Budget (‘‘OMB’’) issued its Open Government Directive requiring agencies to ‘‘take prompt steps to expand access to information by making it available online.’’ 5 Although agencies have historically withheld data from the public due to privacy and cost controls, with new technology comes new opportunities for openness without significant increases to privacy risk and costs. Moving forward ‘‘the presumption shall be in favor of openness.’’ 6 While there is no requirement to publish ‘‘all’’ information, as a matter of policy and ‘‘to the extent permitted by law and subject to valid privacy, confidentiality, security, or other restrictions,’’ agencies should ‘‘proactively use modern technology to disseminate useful information, rather than waiting for specific requests under FOIA.’’ 7 Although an independent agency, the Bureau shares OMB’s commitment to open and transparent government. The 5 Peter Orszag, Director, Office of Management & Budget, Open Government Directive, Dec. 8, 2009. 6 Id. 7 Id. E:\FR\FM\23JYN1.SGM 23JYN1 mstockstill on DSK4VPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 141 / Wednesday, July 23, 2014 / Notices ‘‘presumption of openness’’ is quickly becoming a governmental best practice. Agencies from the Department of Health and Human Services (‘‘HHS’’), to the Federal Trade Commission (‘‘FTC’’) are moving quickly to expand open data offerings. Projects like HealthData.gov, Regulations.gov, and the Green Button form a new vanguard of government engagement with the public and the marketplace through open data. OMB Memorandum M–13–13, Open Data Policy—Managing Information as an Asset, usefully grounds the ‘‘presumption of openness’’ in utilitarian and economic terms. It describes information as ‘‘a valuable national resource and a strategic asset to the Federal Government, its partners, and the public,’’ and points out that ‘‘[m]aking information resources accessible, discoverable, and usable by the public can help fuel entrepreneurship, innovation, and scientific discovery—all of which improve Americans’ lives and contribute significantly to job creation.’’ Always subject to legal obligations such as those to protect privacy and confidentiality, the government can treat information as a public asset which, when made available to its public owners, creates public value. Publishing narratives, however, is not without risks. A principal risk of publishing narratives is the potential harm associated with the possible reidentification of actual consumers within the Consumer Complaint Database. To de-identify data is to remove personal information from a dataset, thereby obscuring individual identities. Re-identification generally occurs when separate datasets are combined to reestablish some number of individual identities. Individuals with personal knowledge of events described in a narrative may also be able to identify consumers using de-identified narratives. Some within the research community question the sufficiency of de-identification and suggest that the risks generally outweigh the benefits of sharing data.8 On the other hand, many researchers espouse the sufficiency of deidentification and highlight the extremely low risk of actual reidentification and potential harm— suggesting a cost-benefit analysis where the benefits outweigh this risk. In support of de-identification, supporters make a number of arguments, including that modern scrubbing standards such as the Health Insurance Portability and 8 Paul Ohm, Broken Promises of Privacy: Responding To The Surprising Failure Of Anonymization, 57 UCLA L. Rev. 1701 (2010). VerDate Mar<15>2010 17:33 Jul 22, 2014 Jkt 232001 Accountability Act (‘‘HIPAA’’) Privacy Rule (which forms the basis of the Bureau’s narrative scrubbing standard) decrease re-identification risk to acceptable levels and the number of known, successful attempts to reidentify publicly available datasets are de minimus. There is a second major risk associated with publishing narratives which arises from the fact that the narratives may contain factually incorrect information as a result of, for example, a complainant’s misunderstanding or misrecollection of what happened. If consumers were to rely without question on all narrative data, it is possible that subsequent purchasing decisions may be based on misinformation. To the extent this risk may be realized, both consumers and the financial institutions that lose business due to misinformation would be disserved. Indeed, even absent any effect on consumer decision-making, there is a risk that financial institutions could incur intangible reputational damage as a result of the dissemination of complaint narratives. To a large extent, this risk is inherent in any release of complaint data. In deciding to release the structured complaint data, the Bureau addressed this concern and concluded that, while there is always a risk that market participants will draw erroneous conclusions from available data, the Bureau was persuaded that the marketplace of ideas would be able to determine what the data shows. The Bureau believes that is true, as well, with respect to complaint narratives. Furthermore, to mitigate this risk, the Bureau’s proposed policy provides for the public release of the company’s response, side-by-side and scrubbed of any personal information, to the consumer’s complaint. This process will assure that, to the extent there are factual disputes, both sides of the dispute can be made public. C. Operational Feasibility of Disclosing Narratives In deciding to release certain structured data, the Bureau stated that it would not disclose narratives unless it is operationally feasible to do so without compromising consumer privacy. In November 2013, Consumer Response began piloting a comprehensive program to scrub all personal information from copied narratives using a scrubbing standard based on government best practices (discussed in detail below). This pilot is ongoing and the scrubbing standard is continually improved as lessons are learned and implemented. PO 00000 Frm 00013 Fmt 4703 Sfmt 4703 42767 The Bureau is currently conducting a study to further verify that the proposed scrubbing standard and methodology will sufficiently address concerns related to the FOIA, the Privacy Act, the Dodd-Frank Act, and the Bureau’s confidentiality regulations where (1) consent for publication is obtained from the consumer; (2) narratives are scrubbed of consumer personal information consistent with a robust standard and methodology: (a) that substantially meets government best practices for re-identification risk; (b) as written, results in a low risk of reidentification; (c) as applied, maintains a low rate of operational error; and (3) an independent, third party privacy expert conducts a review and operational test of the standard and methodology in support of the above conditions. The Bureau is cognizant that other federal agencies have thought about these issues and have successfully adopted a variety of approaches. For example, the Consumer Product Safety Commission (‘‘CPSC’’) proactively publishes narrative consumer reports of harm on its Web site, which include consented-to-consumer and industry narratives. And the FTC routinely releases consumer complaints, including the narratives (up to a given quantity), when requested through the FOIA. II. Proposed Policy Statement Regarding Disclosure of Unstructured Narrative Data From Consumer Complaints and Company Responses The Bureau hears directly from the American public about their experiences with the nation’s consumer financial marketplace. An important element of the Bureau’s mission is the handling of individual consumer complaints regarding financial products and services. Indeed, ‘‘collecting, investigating, and responding to consumer complaints’’ is one of only six statutory ‘‘primary functions’’ of the Bureau.9 In June 2012, the Bureau began making de-identified individual-level complaint data available via its webbased, public facing database (the ‘‘Consumer Complaint Database’’). Since launch, the Consumer Complaint Database has been expanded multiple times to include additional financial products and data fields. Consistent with its strategic vision, the Bureau is committed to the continued expansion of the Consumer Complaint Database in both the number of complaints and fields of data made publicly available, 9 12 E:\FR\FM\23JYN1.SGM U.S.C. 5511(c) (2012). 23JYN1 42768 Federal Register / Vol. 79, No. 141 / Wednesday, July 23, 2014 / Notices while still protecting privacy and incorporating the appropriate security controls. A. Consumer Narratives The Bureau will provide consumers the opportunity to share their individual stories with other consumers and the marketplace by including consumer complaint narratives in the Consumer Complaint Database where consent for publication is first obtained from the consumer. B. Consumer Consent To Disclose Narratives The Bureau will only disclose narratives (1) for which informed consumer consent has been obtained and (2) that have been scrubbed of personal information. Consumers who submit a complaint will be given the opportunity to check a consent box giving the Bureau permission to publish his or her narrative. The opt-in consent will state, among other things, and in plain language, that: (1) whether or not consent is given will have no impact on how the Bureau handles the complaint, (2) if given, the consumer may thereafter inform the Bureau that she withdraws her consent at any time and the narrative will be removed from the Consumer Complaint Database, and (3) the Bureau will take reasonable steps to remove personal information from the complaint to minimize (but not eliminate) the risk of re-identification. mstockstill on DSK4VPTVN1PROD with NOTICES C. Company Response Where the consumer provides consent to publish their narrative, the related company will be given the opportunity to submit a narrative response for inclusion in the Consumer Complaint Database. The company will be instructed not to provide direct identifying information in its publicfacing response, and the Bureau will take reasonable steps to remove personal information from the response to minimize (but not eliminate) the risk of re-identification. The Company Portal will include a data field into which companies have the option to provide narrative text that would appear next to a consumer’s narrative in the Consumer Complaint Database. D. Personal Information Scrubbing Standard and Methodology Sharing data containing personal information presents a tension between data utility and individual privacy. As a particular personal informationscrubbing standard becomes more or less stringent, the utility of a given deidentified dataset becomes respectively less or more useful. The publication of VerDate Mar<15>2010 17:33 Jul 22, 2014 Jkt 232001 narratives involves risks, including the potential harm associated with the reidentification of actual consumers within the Consumer Complaint Database. In order to minimize the risk of reidentification, the Bureau will apply to all publically-disclosed narratives, a robust personal information scrubbing standard and methodology. The Bureau recognizes that mitigating privacy risks in complaint level data disclosed to the public may decrease the utility of the data to users. The Bureau will, exercising discretion, modify data when privacy risks clearly and substantially outweigh the benefits of disclosure. By taking these steps to minimize the impact, the Bureau believes that publicly releasing redacted narratives, subject to consumer consent, will best protect all consumers without harming the protected privacy interests of any individual consumer. In designing its proposed scrubbing standard, the Bureau relied heavily on guidance by the Department of Health and Human Services (‘‘HHS’’) for deidentification of health data outlined in the Health Insurance Portability and Accountability Act (‘‘HIPAA’’) Privacy Rule.10 HIPAA requires covered entities, e.g., health plans, providers, and clearinghouses, to de-identify patient personal information such that it no longer provides any reasonable basis to ascertain individual identities. Under HIPAA, data may be considered deidentified if either of the following conditions holds: • Safe Harbor Method—All the identifying information of 18 different types is entirely removed, and what remains cannot be used to identify any individual, or • Expert Determination Method—An expert applies statistical methods to estimate the probability that an individual could be identified and determines that the risk of identification is very low. The HIPAA Safe Harbor Method (‘‘HIPAA De-identification Standard’’) stipulates the removal of 18 specific identifiers from any disclosed datasets, including: • Names • All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for certain ZIP code prefixes depending on the circumstances • All elements of dates for dates (except year) that are directly related to an individual, including birth date, PO 00000 10 45 CFR 164.514. Frm 00014 Fmt 4703 Sfmt 4703 admission date, discharge date, death date, and all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older • Telephone numbers • Fax numbers • Email addresses • Social Security number • Medical record numbers • Health plan beneficiary numbers • Account numbers • Certificate/license numbers • Vehicle identifiers and serial numbers, including license plate numbers • Device identifiers and serial numbers • Web Universal Resource Locators • Internet Protocol addresses • Biometric identifiers, including finger and voice prints • Full-face photographs and any comparable images • Any other unique identifying number, characteristic, or code HHS specifically notes that the category ‘‘any other unique identifying number, characteristic, or code’’ is very broad. It can contain, among other identifiers, physical attributes, employer names, positions, titles, and other identifying information. HHS does not provide a comprehensive list of such categories, but does state that to meet the deidentification standard, unstructured text must be free of content for which the de-identifying entity has ‘‘actual knowledge that residual information could be used to individually identify a patient’’. The Bureau will follow a scrubbing standard with the following elements: • The Bureau scrubbing standard shall include all of the HIPAA identifiers at a minimum; • Where HIPAA identifiers are specific to the health domain, the Bureau’s scrubbing standard shall include appropriate analogues in the consumer financial domain; and • The Bureau’s scrubbing standard shall specifically include identifiers (e.g., employer name) which the Bureau knows (1) appear in complaints and (2) could reasonably be used to identify individuals. Generally, the scrubbing methodology will include a computer-based automated step and a quality assurance step performed by human reviewers. III. Scope of the Proposed Policy Statement In the June 2012 Policy Statement and the March 2013 Policy Statement, the Bureau addressed comments received in response to the December 2011 E:\FR\FM\23JYN1.SGM 23JYN1 mstockstill on DSK4VPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 141 / Wednesday, July 23, 2014 / Notices Proposed Policy Statement and the June 2012 Proposed Policy Statement, respectively. These comments ranged from the very general, such as the Bureau’s authority to disclose consumer complaint data of any kind and the impact the database would have on consumers and covered persons, to the more specific, such as the impact of specific proposed data fields (e.g., company disposition) and the inclusion of other data fields (e.g., narratives). In both Policy Statements, the Bureau affirmed its openness to the inclusion of additional data fields and its willingness to work with external stakeholders to address the value of adding such fields. Consistent with this commitment, and in response to comments urging the disclosure of narratives, the Bureau is today proposing the inclusion of narratives in the Consumer Complaint Database. Broadly, the Bureau seeks comments that are related to the proposed extension of the policies to include complaint narratives. With that scope, the Bureau is specifically seeking public comment on: • Consumer Consent to Disclose Narratives—The Bureau is currently in the process of conducting research and user testing to inform design decisions regarding the need for any additional information to help inform consumer consent, the precise language to most effectively communicate with the consumer, at what point in the complaint process (at complaint submission or later in the complaint handling process) and where on the Bureau Web site the information in support of the opt-in consent should be displayed. • Company Response—The Company Portal will include a data field into which companies have the option to provide narrative text that would appear next to a consumer’s narrative in the Consumer Complaint Database. The Bureau is seeking comment on whether this public-facing response should be distinct and in addition to the response companies send directly to the consumer. • Personal Information Scrubbing Standard and Methodology—In Section II.D, above, the Bureau detailed the standard and methodology it intends to utilize to scrub personal information from the narratives. The Bureau is seeking comment on both the standard and methodology, including suggestions of appropriate analogues to the HIPAA identifiers in the consumer financial domain, and any other identifiers which could reasonably be used to identify individuals. Specific to ZIP codes, at this time the Bureau has not yet VerDate Mar<15>2010 17:33 Jul 22, 2014 Jkt 232001 determined whether to continue publishing 5-digit ZIP codes in the Consumer Complaint Database alongside redacted narratives. The Bureau seeks comment on whether ZIP codes should be redacted consistent with the HIPAA standard and if so, the number of digits to provide, e.g., five or three, and any relevant population thresholds under which to limit ZIP code disclosure, e.g., less than 20,000 or 10,000 individuals in a given ZIP code. The Bureau believes that it has sufficiently addressed comments concerning the Consumer Complaint Database generally, as well as comments regarding the current data fields, in the June 2012 Policy Statement and the March 2013 Policy Statement. IV. Procedural Requirements The CFPB concludes that Proposed Policy Statement constitutes an agency statement of general policy exempt from notice and public comment pursuant to 5 U.S.C. 553(b). Notwithstanding this conclusion, the CFPB invites public comment on this proposed Policy Statement. Because no notice of proposed rulemaking is required, the provisions of the Regulatory Flexibility Act (5 U.S.C. Chapter 6) do not apply. Dated: July 14, 2014. Richard Cordray, Director, Bureau of Consumer Financial Protection. [FR Doc. 2014–17274 Filed 7–22–14; 8:45 am] BILLING CODE 4810–AM–P DEPARTMENT OF DEFENSE Office of the Secretary Proposed Collection; Comment Request Defense Finance and Accounting Service, DoD. ACTION: Notice. AGENCY: In compliance with the Paperwork Reduction Act of 1995, the Defense Finance and Accounting Service (DFAS) announces a proposed public information collection and seeks public comment on the provisions thereof. Comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency’s estimate of the burden of the proposed information collection; (c) ways to PO 00000 Frm 00015 Fmt 4703 Sfmt 4703 enhance the quality, utility and clarity of the information to be collected; and (d) ways to minimize the burden of the information collection on respondents, including through the use of automated collection techniques or other forms of information technology. DATES: Consideration will be given to all comments received by September 22, 2014. You may submit comments, identified by docket number and title, by any of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: Federal Docket Management System Office, 4800 Mark Center Drive, East Tower, Suite 02G09, Alexandria, VA 22350–3100. Instructions: All submissions received must include the agency name, docket number and title for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at https:// www.regulations.gov as they are received without change, including any personal identifiers or contact information. ADDRESSES: To request more information on this proposed information collection or to obtain a copy of the proposal and associated collection instruments, please write to the Defense Finance and Accounting Services—Indianapolis, DFAS–ZPR. ATTN: La Zaleus D. Leach, 8899 E. 56th St., Indianapolis, IN 46249, Lazaleus.Leach@DFAS.MIL, 317–212– 6032. FOR FURTHER INFORMATION CONTACT: SUPPLEMENTARY INFORMATION: [Docket ID DoD–2013–OS–0128] SUMMARY: 42769 Title, Associated Form, and OMB Number: Request for Information Regarding Deceased Debtor, DD Form 2840, OMB Number 0730–0015. Needs and Uses: This form is used to obtain information on deceased debtors from probate courts. Probate courts review their records to see if an estate was established. They provide the name and address of the executor or lawyer handling the estate. From the information obtained, DFAS submits a claim against the estate for the amount due the United States. Affected Public: Clerks of Probate Courts. Annual Burden Hours: 167 hours. Number of Respondents: 2,000. Responses per Respondent: 1. Average Burden per Response: 5 minutes. Frequency: On occasion when DFAS is notified a debtor is deceased. E:\FR\FM\23JYN1.SGM 23JYN1

Agencies

[Federal Register Volume 79, Number 141 (Wednesday, July 23, 2014)]
[Notices]
[Pages 42765-42769]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-17274]


-----------------------------------------------------------------------

BUREAU OF CONSUMER FINANCIAL PROTECTION

[Docket No. CFPB-2014-0016]


Disclosure of Consumer Complaint Narrative Data

AGENCY: Bureau of Consumer Financial Protection.

ACTION: Notice of proposed policy statement with request for public 
comment.

-----------------------------------------------------------------------

SUMMARY: The Bureau of Consumer Financial Protection (``Bureau'') 
currently discloses certain complaint data it receives regarding 
consumer financial products and services via its web-based, public-
facing database (``Consumer Complaint Database''). The Bureau proposes 
to expand that disclosure to include unstructured consumer complaint 
narrative data (``narratives''). Only those narratives for which opt-in 
consumer consent had been obtained and a robust personal information 
scrubbing standard and methodology applied would be subject to 
disclosure. The proposed policy (``Proposed Policy Statement'') would 
supplement the Bureau's existing Policy Statements establishing and 
expanding the Consumer Complaint Database.

DATES: Comments regarding the Proposed Policy Statement are due on or 
before August 22, 2014.

ADDRESSES: You may submit comments regarding the Proposed Policy 
Statement, identified by Docket No. CFPB-2014-0016, by any of the 
following methods:
     Electronic: https://www.regulations.gov. Follow the 
instructions for submitting comments.
     Mail: Monica Jackson, Office of the Executive Secretary, 
Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 
20552.
     Hand Delivery/Courier: Monica Jackson, Office of the 
Executive Secretary, Consumer Financial Protection Bureau, 1275 First 
Street NE., Washington, DC 20002.
    Instructions: The Bureau encourages the early submission of 
information and other comments. Because paper mail in the Washington, 
DC area and at the Bureau is subject to delay, commenters are 
encouraged to submit comments electronically. In general, all 
submissions received will be posted without change to https://www.regulations.gov. In addition, submissions will be available for 
public inspection and copying at 1275 First Street NE., Washington, DC 
20002, on official business days between the hours of 10 a.m. and 5 
p.m. Eastern Standard Time. You can make an appointment to inspect the 
documents by telephoning (202) 435-7275.
    All submissions, including attachments and other supporting 
materials, will become part of the public record and will be subject to 
public disclosure. Do not include sensitive personal information, such 
as account numbers or Social Security numbers. Comments will not be 
edited to remove any identifying or contact information, such as name 
and address information, email addresses, or telephone numbers.

FOR FURTHER INFORMATION CONTACT: Scott Pluta, Assistant Director, 
Office of Consumer Response, Bureau of Consumer Financial Protection, 
at (202) 435-7306.

    Authority: 12 U.S.C. 5492(a), 5493(b)(3)(C), 5496(c)(4), 
5511(b)(1), (5), 5512(c)(3)(B).

SUPPLEMENTARY INFORMATION: 

[[Page 42766]]

I. Background

A. Previous Policy Statements Regarding the Consumer Complaint Database

    On December 8, 2011, the Bureau published in the Federal Register a 
proposed policy statement describing its plans to disclose certain data 
about the credit card complaints that consumers submit to the Bureau 
(``December 2011 Proposed Policy Statement'').\1\ After receiving and 
considering a number of comments, the Bureau finalized its plans for 
publically disclosing data from consumer credit card complaints and 
published the final policy statement on June 22, 2012 (``June 2012 
Policy Statement'').\2\
---------------------------------------------------------------------------

    \1\ 76 FR 76628, Dec. 8, 2011.
    \2\ 77 FR 37616, June 22, 2012.
---------------------------------------------------------------------------

    Also on June 22, 2012, the Bureau concurrently published in the 
Federal Register a proposed policy statement describing its plans to 
disclose data from consumer complaints about financial products and 
services other than credit cards (``June 2012 Proposed Policy 
Statement'').\3\ After receiving and considering a number of comments, 
the Bureau published the final policy statement on March 25, 2013 
(``March 2013 Policy Statement'').\4\ In the June 2012 Proposed Policy 
Statement, the Bureau did not propose including narratives in the 
Consumer Complaint Database. Notwithstanding this, the Bureau received 
a significant number of comments specific to narrative disclosure. 
Consumer, civil rights, and open government groups supported disclosure 
on the grounds that disclosing narratives would provide consumers with 
more useful information on which to base financial decisions and would 
allow reviewers to assess the validity of the complaints. Two privacy 
groups, while acknowledging privacy risk stemming from publication of 
``non-identifiable'' data and calling for further study, supported 
disclosure on an opt-in basis. Trade groups and industry commenters 
nearly uniformly opposed disclosure of consumer complaint narratives. 
In the March 2013 Policy Statement, the Bureau noted that it would not 
post narratives to the Consumer Complaint Database at least until it 
could assess whether there were practical ways to disclose narrative 
data submitted by consumers without undermining consumer privacy.
---------------------------------------------------------------------------

    \3\ 77 FR 37616, June 22, 2012.
    \4\ 78 FR 21218, April 10, 2013.
---------------------------------------------------------------------------

B. Policy Considerations of Disclosing Narratives

    The purpose of the Consumer Complaint Database, as stated in the 
Bureau's two previous policy statements, is to provide consumers with 
timely and understandable information about consumer financial products 
and services, and improve the functioning, transparency, and efficiency 
of markets for such products and services. As a general matter, the 
Bureau believes that adding additional information to the Consumer 
Complaint Database, such as narratives, is consistent with and promotes 
this purpose.
    In specifically examining the incremental benefits and risks of 
disclosing narratives, the Bureau focused on the direct and indirect 
benefits to consumers, the benefit to the Bureau, and the advancement 
of open government principles.
    In terms of the direct benefit provided to consumers, for some 
consumers a primary reason for submitting a complaint may be to share 
their experience with other consumers. Complainants may desire to do so 
as a means of providing information they deem useful to others who may 
be considering doing business with a particular financial institution 
or as a means of letting others who may be experiencing a similar 
situation know that they are not alone. These needs cannot be served by 
the Bureau simply by disclosing the non-narrative portions of the 
complaint. Indeed, some consumers may choose to submit a complaint only 
if they will have the opportunity to share their story and other 
consumers may overcome their reticence to submit a complaint by reading 
the experiences of others. By increasing the direct benefits to 
consumers of submitting a complaint, publishing complaint narratives 
may expand the number of complaints submitted to the Bureau and thereby 
enhance the value of the Consumer Complaint Database.
    Indirect benefits to consumers and the marketplace would include 
the effect narratives can have on consumer purchasing decisions. 
Research has shown that consumer word of mouth (which includes consumer 
reviews and complaints) is a reliable signal of product quality that 
consumers consult and act upon when making purchasing decisions. 
Companies, responsive to the effect word of mouth can have on sales, 
adjust prices to match product quality and improve customer service in 
order to remain competitive.
    Publishing narratives would also be impactful by making the 
complaint data personal (the powerful first person voice of the 
consumer talking about their experience), local (the ability for local 
stakeholders to highlight consumer experiences in their community), and 
empowering (by encouraging similarly situated consumers to speak up and 
be heard).
    The Bureau believes that the utility of the overall Consumer 
Complaint Database would greatly increase with the inclusion of 
narratives. This could lead to increased use by advocates, academics, 
the press, and entrepreneurs, which itself would lead to increased 
consumer contacts with the Bureau.
    The Bureau believes that the aforementioned increase in benefits 
and utility would lead to an increase in consumer contacts, which would 
have a positive effect on Bureau operations. As a critical mass of 
complaint data is achieved and exceeded, the representativeness of 
Bureau complaint data increases. Thus, narratives would not only 
enhance the above consumer benefits but also the many Bureau functions 
that rely, in part, on complaint data to perform their respective 
missions including the Offices of Supervision, Enforcement, and Fair 
Lending, Consumer Education and Engagement, and Research, Markets, and 
Rulemaking.
    The Bureau also would benefit by further establishing itself as a 
leader in the realm of open government and open data. On December 8, 
2009, the Office of Management and Budget (``OMB'') issued its Open 
Government Directive requiring agencies to ``take prompt steps to 
expand access to information by making it available online.'' \5\ 
Although agencies have historically withheld data from the public due 
to privacy and cost controls, with new technology comes new 
opportunities for openness without significant increases to privacy 
risk and costs. Moving forward ``the presumption shall be in favor of 
openness.'' \6\ While there is no requirement to publish ``all'' 
information, as a matter of policy and ``to the extent permitted by law 
and subject to valid privacy, confidentiality, security, or other 
restrictions,'' agencies should ``proactively use modern technology to 
disseminate useful information, rather than waiting for specific 
requests under FOIA.'' \7\
---------------------------------------------------------------------------

    \5\ Peter Orszag, Director, Office of Management & Budget, Open 
Government Directive, Dec. 8, 2009.
    \6\ Id.
    \7\ Id.
---------------------------------------------------------------------------

    Although an independent agency, the Bureau shares OMB's commitment 
to open and transparent government. The

[[Page 42767]]

``presumption of openness'' is quickly becoming a governmental best 
practice. Agencies from the Department of Health and Human Services 
(``HHS''), to the Federal Trade Commission (``FTC'') are moving quickly 
to expand open data offerings. Projects like HealthData.gov, 
Regulations.gov, and the Green Button form a new vanguard of government 
engagement with the public and the marketplace through open data.
    OMB Memorandum M-13-13, Open Data Policy--Managing Information as 
an Asset, usefully grounds the ``presumption of openness'' in 
utilitarian and economic terms. It describes information as ``a 
valuable national resource and a strategic asset to the Federal 
Government, its partners, and the public,'' and points out that 
``[m]aking information resources accessible, discoverable, and usable 
by the public can help fuel entrepreneurship, innovation, and 
scientific discovery--all of which improve Americans' lives and 
contribute significantly to job creation.'' Always subject to legal 
obligations such as those to protect privacy and confidentiality, the 
government can treat information as a public asset which, when made 
available to its public owners, creates public value.
    Publishing narratives, however, is not without risks. A principal 
risk of publishing narratives is the potential harm associated with the 
possible re-identification of actual consumers within the Consumer 
Complaint Database. To de-identify data is to remove personal 
information from a dataset, thereby obscuring individual identities. 
Re-identification generally occurs when separate datasets are combined 
to reestablish some number of individual identities. Individuals with 
personal knowledge of events described in a narrative may also be able 
to identify consumers using de-identified narratives. Some within the 
research community question the sufficiency of de-identification and 
suggest that the risks generally outweigh the benefits of sharing 
data.\8\
---------------------------------------------------------------------------

    \8\ Paul Ohm, Broken Promises of Privacy: Responding To The 
Surprising Failure Of Anonymization, 57 UCLA L. Rev. 1701 (2010).
---------------------------------------------------------------------------

    On the other hand, many researchers espouse the sufficiency of de-
identification and highlight the extremely low risk of actual re-
identification and potential harm--suggesting a cost-benefit analysis 
where the benefits outweigh this risk. In support of de-identification, 
supporters make a number of arguments, including that modern scrubbing 
standards such as the Health Insurance Portability and Accountability 
Act (``HIPAA'') Privacy Rule (which forms the basis of the Bureau's 
narrative scrubbing standard) decrease re-identification risk to 
acceptable levels and the number of known, successful attempts to re-
identify publicly available datasets are de minimus.
    There is a second major risk associated with publishing narratives 
which arises from the fact that the narratives may contain factually 
incorrect information as a result of, for example, a complainant's 
misunderstanding or misrecollection of what happened. If consumers were 
to rely without question on all narrative data, it is possible that 
subsequent purchasing decisions may be based on misinformation. To the 
extent this risk may be realized, both consumers and the financial 
institutions that lose business due to misinformation would be 
disserved. Indeed, even absent any effect on consumer decision-making, 
there is a risk that financial institutions could incur intangible 
reputational damage as a result of the dissemination of complaint 
narratives.
    To a large extent, this risk is inherent in any release of 
complaint data. In deciding to release the structured complaint data, 
the Bureau addressed this concern and concluded that, while there is 
always a risk that market participants will draw erroneous conclusions 
from available data, the Bureau was persuaded that the marketplace of 
ideas would be able to determine what the data shows. The Bureau 
believes that is true, as well, with respect to complaint narratives. 
Furthermore, to mitigate this risk, the Bureau's proposed policy 
provides for the public release of the company's response, side-by-side 
and scrubbed of any personal information, to the consumer's complaint. 
This process will assure that, to the extent there are factual 
disputes, both sides of the dispute can be made public.

C. Operational Feasibility of Disclosing Narratives

    In deciding to release certain structured data, the Bureau stated 
that it would not disclose narratives unless it is operationally 
feasible to do so without compromising consumer privacy. In November 
2013, Consumer Response began piloting a comprehensive program to scrub 
all personal information from copied narratives using a scrubbing 
standard based on government best practices (discussed in detail 
below). This pilot is ongoing and the scrubbing standard is continually 
improved as lessons are learned and implemented.
    The Bureau is currently conducting a study to further verify that 
the proposed scrubbing standard and methodology will sufficiently 
address concerns related to the FOIA, the Privacy Act, the Dodd-Frank 
Act, and the Bureau's confidentiality regulations where (1) consent for 
publication is obtained from the consumer; (2) narratives are scrubbed 
of consumer personal information consistent with a robust standard and 
methodology: (a) that substantially meets government best practices for 
re-identification risk; (b) as written, results in a low risk of re-
identification; (c) as applied, maintains a low rate of operational 
error; and (3) an independent, third party privacy expert conducts a 
review and operational test of the standard and methodology in support 
of the above conditions.
    The Bureau is cognizant that other federal agencies have thought 
about these issues and have successfully adopted a variety of 
approaches. For example, the Consumer Product Safety Commission 
(``CPSC'') proactively publishes narrative consumer reports of harm on 
its Web site, which include consented-to-consumer and industry 
narratives. And the FTC routinely releases consumer complaints, 
including the narratives (up to a given quantity), when requested 
through the FOIA.

II. Proposed Policy Statement Regarding Disclosure of Unstructured 
Narrative Data From Consumer Complaints and Company Responses

    The Bureau hears directly from the American public about their 
experiences with the nation's consumer financial marketplace. An 
important element of the Bureau's mission is the handling of individual 
consumer complaints regarding financial products and services. Indeed, 
``collecting, investigating, and responding to consumer complaints'' is 
one of only six statutory ``primary functions'' of the Bureau.\9\
---------------------------------------------------------------------------

    \9\ 12 U.S.C. 5511(c) (2012).
---------------------------------------------------------------------------

    In June 2012, the Bureau began making de-identified individual-
level complaint data available via its web-based, public facing 
database (the ``Consumer Complaint Database''). Since launch, the 
Consumer Complaint Database has been expanded multiple times to include 
additional financial products and data fields. Consistent with its 
strategic vision, the Bureau is committed to the continued expansion of 
the Consumer Complaint Database in both the number of complaints and 
fields of data made publicly available,

[[Page 42768]]

while still protecting privacy and incorporating the appropriate 
security controls.

A. Consumer Narratives

    The Bureau will provide consumers the opportunity to share their 
individual stories with other consumers and the marketplace by 
including consumer complaint narratives in the Consumer Complaint 
Database where consent for publication is first obtained from the 
consumer.

B. Consumer Consent To Disclose Narratives

    The Bureau will only disclose narratives (1) for which informed 
consumer consent has been obtained and (2) that have been scrubbed of 
personal information. Consumers who submit a complaint will be given 
the opportunity to check a consent box giving the Bureau permission to 
publish his or her narrative. The opt-in consent will state, among 
other things, and in plain language, that: (1) whether or not consent 
is given will have no impact on how the Bureau handles the complaint, 
(2) if given, the consumer may thereafter inform the Bureau that she 
withdraws her consent at any time and the narrative will be removed 
from the Consumer Complaint Database, and (3) the Bureau will take 
reasonable steps to remove personal information from the complaint to 
minimize (but not eliminate) the risk of re-identification.

C. Company Response

    Where the consumer provides consent to publish their narrative, the 
related company will be given the opportunity to submit a narrative 
response for inclusion in the Consumer Complaint Database. The company 
will be instructed not to provide direct identifying information in its 
public-facing response, and the Bureau will take reasonable steps to 
remove personal information from the response to minimize (but not 
eliminate) the risk of re-identification. The Company Portal will 
include a data field into which companies have the option to provide 
narrative text that would appear next to a consumer's narrative in the 
Consumer Complaint Database.

D. Personal Information Scrubbing Standard and Methodology

    Sharing data containing personal information presents a tension 
between data utility and individual privacy. As a particular personal 
information-scrubbing standard becomes more or less stringent, the 
utility of a given de-identified dataset becomes respectively less or 
more useful. The publication of narratives involves risks, including 
the potential harm associated with the re-identification of actual 
consumers within the Consumer Complaint Database.
    In order to minimize the risk of re-identification, the Bureau will 
apply to all publically-disclosed narratives, a robust personal 
information scrubbing standard and methodology. The Bureau recognizes 
that mitigating privacy risks in complaint level data disclosed to the 
public may decrease the utility of the data to users. The Bureau will, 
exercising discretion, modify data when privacy risks clearly and 
substantially outweigh the benefits of disclosure. By taking these 
steps to minimize the impact, the Bureau believes that publicly 
releasing redacted narratives, subject to consumer consent, will best 
protect all consumers without harming the protected privacy interests 
of any individual consumer.
    In designing its proposed scrubbing standard, the Bureau relied 
heavily on guidance by the Department of Health and Human Services 
(``HHS'') for de-identification of health data outlined in the Health 
Insurance Portability and Accountability Act (``HIPAA'') Privacy 
Rule.\10\ HIPAA requires covered entities, e.g., health plans, 
providers, and clearinghouses, to de-identify patient personal 
information such that it no longer provides any reasonable basis to 
ascertain individual identities. Under HIPAA, data may be considered 
de-identified if either of the following conditions holds:
---------------------------------------------------------------------------

    \10\ 45 CFR 164.514.

 Safe Harbor Method--All the identifying information of 18 
different types is entirely removed, and what remains cannot be used to 
identify any individual, or
 Expert Determination Method--An expert applies statistical 
methods to estimate the probability that an individual could be 
identified and determines that the risk of identification is very low.

The HIPAA Safe Harbor Method (``HIPAA De-identification Standard'') 
stipulates the removal of 18 specific identifiers from any disclosed 
datasets, including:

 Names
 All geographic subdivisions smaller than a state, including 
street address, city, county, precinct, ZIP code, and their equivalent 
geocodes, except for certain ZIP code prefixes depending on the 
circumstances
 All elements of dates for dates (except year) that are 
directly related to an individual, including birth date, admission 
date, discharge date, death date, and all ages over 89 and all elements 
of dates indicative of such age, except that such ages and elements may 
be aggregated into a single category of age 90 or older
 Telephone numbers
 Fax numbers
 Email addresses
 Social Security number
 Medical record numbers
 Health plan beneficiary numbers
 Account numbers
 Certificate/license numbers
 Vehicle identifiers and serial numbers, including license 
plate numbers
 Device identifiers and serial numbers
 Web Universal Resource Locators
 Internet Protocol addresses
 Biometric identifiers, including finger and voice prints
 Full-face photographs and any comparable images
 Any other unique identifying number, characteristic, or code

HHS specifically notes that the category ``any other unique identifying 
number, characteristic, or code'' is very broad. It can contain, among 
other identifiers, physical attributes, employer names, positions, 
titles, and other identifying information. HHS does not provide a 
comprehensive list of such categories, but does state that to meet the 
de-identification standard, unstructured text must be free of content 
for which the de-identifying entity has ``actual knowledge that 
residual information could be used to individually identify a 
patient''.
    The Bureau will follow a scrubbing standard with the following 
elements:
     The Bureau scrubbing standard shall include all of the 
HIPAA identifiers at a minimum;
     Where HIPAA identifiers are specific to the health domain, 
the Bureau's scrubbing standard shall include appropriate analogues in 
the consumer financial domain; and
     The Bureau's scrubbing standard shall specifically include 
identifiers (e.g., employer name) which the Bureau knows (1) appear in 
complaints and (2) could reasonably be used to identify individuals.

Generally, the scrubbing methodology will include a computer-based 
automated step and a quality assurance step performed by human 
reviewers.

III. Scope of the Proposed Policy Statement

    In the June 2012 Policy Statement and the March 2013 Policy 
Statement, the Bureau addressed comments received in response to the 
December 2011

[[Page 42769]]

Proposed Policy Statement and the June 2012 Proposed Policy Statement, 
respectively. These comments ranged from the very general, such as the 
Bureau's authority to disclose consumer complaint data of any kind and 
the impact the database would have on consumers and covered persons, to 
the more specific, such as the impact of specific proposed data fields 
(e.g., company disposition) and the inclusion of other data fields 
(e.g., narratives). In both Policy Statements, the Bureau affirmed its 
openness to the inclusion of additional data fields and its willingness 
to work with external stakeholders to address the value of adding such 
fields. Consistent with this commitment, and in response to comments 
urging the disclosure of narratives, the Bureau is today proposing the 
inclusion of narratives in the Consumer Complaint Database.
    Broadly, the Bureau seeks comments that are related to the proposed 
extension of the policies to include complaint narratives. With that 
scope, the Bureau is specifically seeking public comment on:
     Consumer Consent to Disclose Narratives--The Bureau is 
currently in the process of conducting research and user testing to 
inform design decisions regarding the need for any additional 
information to help inform consumer consent, the precise language to 
most effectively communicate with the consumer, at what point in the 
complaint process (at complaint submission or later in the complaint 
handling process) and where on the Bureau Web site the information in 
support of the opt-in consent should be displayed.
     Company Response--The Company Portal will include a data 
field into which companies have the option to provide narrative text 
that would appear next to a consumer's narrative in the Consumer 
Complaint Database. The Bureau is seeking comment on whether this 
public-facing response should be distinct and in addition to the 
response companies send directly to the consumer.
     Personal Information Scrubbing Standard and Methodology--
In Section II.D, above, the Bureau detailed the standard and 
methodology it intends to utilize to scrub personal information from 
the narratives. The Bureau is seeking comment on both the standard and 
methodology, including suggestions of appropriate analogues to the 
HIPAA identifiers in the consumer financial domain, and any other 
identifiers which could reasonably be used to identify individuals. 
Specific to ZIP codes, at this time the Bureau has not yet determined 
whether to continue publishing 5-digit ZIP codes in the Consumer 
Complaint Database alongside redacted narratives. The Bureau seeks 
comment on whether ZIP codes should be redacted consistent with the 
HIPAA standard and if so, the number of digits to provide, e.g., five 
or three, and any relevant population thresholds under which to limit 
ZIP code disclosure, e.g., less than 20,000 or 10,000 individuals in a 
given ZIP code.

The Bureau believes that it has sufficiently addressed comments 
concerning the Consumer Complaint Database generally, as well as 
comments regarding the current data fields, in the June 2012 Policy 
Statement and the March 2013 Policy Statement.

IV. Procedural Requirements

    The CFPB concludes that Proposed Policy Statement constitutes an 
agency statement of general policy exempt from notice and public 
comment pursuant to 5 U.S.C. 553(b).
    Notwithstanding this conclusion, the CFPB invites public comment on 
this proposed Policy Statement.
    Because no notice of proposed rulemaking is required, the 
provisions of the Regulatory Flexibility Act (5 U.S.C. Chapter 6) do 
not apply.

    Dated: July 14, 2014.
Richard Cordray,
Director, Bureau of Consumer Financial Protection.
[FR Doc. 2014-17274 Filed 7-22-14; 8:45 am]
BILLING CODE 4810-AM-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.