Perhaps this proposal from the Consumer Financial Protection Bureau (CFPB) is an idea that everyone can support.

The bureau on Tuesday proposed a rule that it said will rein in data brokers that sell Americans’ sensitive personal and financial information. Officials explained the proposed rule would limit the sale of personal identifiers like Social Security Numbers and phone numbers collected by certain companies and make sure that people’s financial data such as income is only shared for legitimate purposes — like facilitating mortgage approvals or auto financing — and not sold to scammers targeting those in financial distress.

The CFPB said the proposal would make clear that when data brokers sell certain sensitive consumer information they are “consumer reporting agencies” under the Fair Credit Reporting Act (FCRA), requiring them to comply with accuracy requirements, provide consumers access to their information, and maintain safeguards against misuse.

“By selling our most sensitive personal data without our knowledge or consent, data brokers can profit by enabling scamming, stalking, and spying,” CFPB director Rohit Chopra said in a news release. “The CFPB’s proposed rule will curtail these practices that threaten our personal safety and undermine America’s national security.”

The regulator explained that the data broker industry collects and sells detailed information about Americans’ personal lives and financial circumstances to anyone willing to pay. The CFPB’s proposal would ensure data brokers comply with federal law and address critical threats from current data broker practices, including:

—National security and surveillance risks: Countries of concern, like China and Russia, can purchase detailed personal information about military service members, veterans, government employees, and other Americans for pennies per person. This enables the creation of detailed dossiers for potential espionage, surveillance, or blackmail operations, allowing relatively small investments to be leveraged into mass surveillance operations.

—Criminal exploitation: Identity thieves and scammers purchase detailed financial profiles to target vulnerable consumers, particularly seniors and financially distressed individuals. These criminals can use this data to execute sophisticated fraud schemes and steal retirement savings, often targeting Americans who can least afford the losses.

—Violence, stalking, and personal safety threats to law enforcement personnel and domestic violence survivors: The availability of sensitive contact information poses risks to those who are targeted for their profession, such as judges, police officers, prosecutors, and other government employees.

Domestic violence survivors also face grave dangers when their current addresses and phone numbers are readily available for purchase through data brokers. Several states have already had to take action to protect judges and law enforcement officers after violent incidents, including the 2020 murder of a federal judge’s son by an attacker who purchased her home address.

To address these risks, the CFPB said the proposed rule would:

—Treat data brokers just like credit bureaus and background check companies: Companies that sell data about income or financial tier, credit history, credit score, or debt payments would be considered consumer reporting agencies required to comply with the FCRA, regardless of how the information is used.

—Protect consumers’ personal identifiers from abuse and misuse: When consumer reporting agencies collect information like names, addresses, or ages for credit reports, any subsequent sale of that information would be covered by the FCRA’s protections.

—Require clear consumer consent for data sharing: Under the proposed rule, companies relying on consumers’ consent to obtain or share a consumer’s credit report would need separate, explicit authorization to do so, rather than burying permissions in fine print.

“These changes would significantly limit the ability of data brokers to sell sensitive contact information that could be used to target, harass, or dox individuals seeking privacy protection, including domestic violence survivors,” officials said.

“The proposed rule would preserve existing pathways created by the FCRA for government agencies to access consumer report information for legitimate law enforcement, counterterrorism, and counterintelligence purposes,” they added.

The CFPB mentioned the proposed rule is part of a broader government-wide initiative to protect Americans’ sensitive personal data, complementing recent executive orders and actions by other federal agencies.

In October, the Department of Justice proposed a rule to prevent access to Americans’ sensitive personal data by Russia, Iran, China, and other countries of concern.

“The need for reform has united a remarkable coalition of voices,” Chopra said in an additional statement. “National security officials warn about risks to military and intelligence personnel, while veterans’ organizations highlight threats to servicemembers transitioning to civilian life. Law enforcement and judicial organizations have spoken out after seeing their members targeted. Domestic violence prevention groups have raised concerns about how data brokers can help abusers track down their victims. Others have shown how vulnerable Americans, particularly seniors, become targets for scammers and fraudsters who purchase their financial data. These changes reflect a growing bipartisan consensus that current privacy protections are inadequate.

“Today’s proposal is a major step forward to ensure that companies trafficking in Americans’ most sensitive information face real consequences for putting people at risk,” he added.

The entire CFPB proposal is available online.