(a) Procedures for making a request for access to records. An individual's requests for access to records that pertain to that individual (or to the individual for whom the requester serves as guardian) may be submitted to the CFPB in writing as follows:

(1) If submitted by mail or delivery service, the request shall be labeled “Privacy Act Request” and shall be addressed to the Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552.

(2) If submitted by electronic means, the request shall be labeled “Privacy Act Request” and the request shall be submitted as set forth at the CFPB's website, http://www.consumerfinance.gov.

(b) Content of a request for access to records. A request for access to records shall include:

(1) A statement that the request is made pursuant to the Privacy Act;

(2) The name of the system of records that the requester believes contains the record requested, or a description of the nature of the record sought in detail sufficient to enable CFPB personnel to locate the system of records containing the record with a reasonable amount of effort;

(3) Whenever possible, a description of the nature of the record sought, the date of the record or the period in which the requester believes that the record was created, and any other information that might assist the CFPB in identifying the record sought (e.g., maiden name, dates of employment, account information, etc.);

(4) Information necessary to verify the requester's identity pursuant to paragraph (c) of this section; and

(5) The mailing or email address where the CFPB's response or further correspondence should be sent.

(c) Verification of identity. To obtain access to the CFPB's records pertaining to a requester, the requester shall provide proof to the CFPB of the requester's identity as provided in paragraphs (c)(1) and (2) of this section.

(1) In general, the following will be considered adequate proof of a requester's identity:

(i) A photocopy of two forms of identification, including one form of identification that bears the requester's photograph, and one form of identification that bears the requester's signature;

(ii) A photocopy of a single form of identification that bears both the requester's photograph and signature; or

(iii) A statement swearing or affirming the requester's identity and to the fact that the requester understands the penalties provided in 5 U.S.C. 552a(i)(3).

(2) Notwithstanding paragraph (c)(1) of this section, a designated official may require additional proof of the requester's identity before action will be taken on any request, if such official determines that it is necessary to protect against unauthorized disclosure of information in a particular case. In addition, if a requester seeks records pertaining to an individual in the requester's capacity as that individual's guardian, the requester shall be required to provide adequate proof of the requester's legal relationship before action will be taken on any request.

(d) Request for accounting of previous disclosures. An individual may request an accounting of previous disclosures of records pertaining to that individual in a system of records as provided in 5 U.S.C. 552a(c). Such requests should conform to the procedures and form for requests for access to records set forth in paragraphs (a) and (b) of this section.


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.