Amending and correcting records under the Privacy Act

The CFPB maintains certain information about individuals in its system of records that those individuals may know or suspect is inaccurate, irrelevant, untimely, or incomplete. In such cases, the Privacy Act permits those individuals to request that the CFPB correct or amend the information.

To request access to your records under the Privacy Act, follow the instructions to submit a FOIA request or a Privacy Act request.

Submit an amendment or correction of information about individuals

To submit an amendment or correction of information, you can email, fax, or mail a letter to the contact information provided below. If you’d like to write your own letter, see the sample letter below.

This right of amendment or correction applies only to individuals and only to information about such individuals. The Privacy Act does not afford business entities a right to request correction or amendment of information about them. Similarly, the Privacy Act does not afford either businesses or individuals a right to request amendment or correction of information that concerns businesses or third parties, except that individuals may authorize third parties, such as agents or legal guardians, to act on their behalf to seek correction or amendment of information about them.

Information does not qualify for correction or amendment under this Policy if it is not contained in one of the Bureau’s systems of records. Also, only factual information about an individual is subject to correction or amendment under this Policy. This Policy does not grant a right to individuals to appeal legal determinations made by or discretionary actions taken by the Bureau concerning them.

To submit an amendment or correction of information, you can email, fax, or mail a letter to the contact information provided below. Your letter should include:

  • Your name
  • Your address, telephone number, email address and the best time to reach you
  • Information to be amended or corrected (Be as specific as possible and explain why you believe that the information in question is not accurate, relevant, timely, or complete. Please note that a requester bears the burden of proving by the preponderance of the evidence that information is not accurate, relevant, timely, or complete.)
  • Location of information (Identify the System of Records where you believe the information is located. View a complete list of our Systems of Records)

Additional information concerning access to or amendment or correction of a record under the Privacy Act is available in our FOIA and Privacy Act Request Guidebook .

Below is a sample letter that you can use as a starting point for making a Privacy Act amendment or correction request. Following this format may help to ensure that your request contains all information the CFPB would need to process your request and to respond in a timely manner. Information that you will need to supply is denoted by brackets.

[Date]

Consumer Financial Protection Bureau
Attention: Chief Privacy Officer
1700 G Street, NW
Washington, DC 20552

Re: Privacy Act Amendment/Correction Request

Dear CFPB Privacy Officer:

This is an information amendment/correction request under the Privacy Act.

I request that the following information be amended/corrected:
[Identify the information as specifically as possible.]
[Identify the System of Records where you believe the information is located.]
If you have any questions about processing this amendment /correction request, you may contact me during [when] at [telephone number] or [email address].

Sincerely,

[Signature]
[Print name]
[Address]
[City, State, Zip Code]
[Telephone number]
[Optional: Fax number]
[Optional: E-mail address]

Email, fax, or mail your correction request

Email

privacy@consumerfinance.gov

Fax

(855) 329-3642

Mail

Consumer Financial Protection Bureau
Attention: Chief Privacy Officer
Privacy Act Amendment Request
1700 G Street, NW
Washington, DC 20552

CFPB procedure for evaluating and responding to requests

After a valid request to amend or correct a record covered by the Privacy Act is received by the Chief Privacy Officer, the following steps will be taken:

  1. Chief Privacy Officer acknowledges the amendment request by email or letter within ten (10) business days.
  2. After determining which records in a given system(s) of records the requester wants the Bureau to amend, the Chief Privacy Officer forwards the request to the appropriate system manager.
  3. The system manager confirms the requester is a subject of a record in the specified system of records.
  4. The system manager, in conjunction with the Chief Privacy Officer, makes the determination about whether to amend the record(s) and notifies the requester in writing of that decision.
  5. If the amendment request is granted, the Chief Privacy Officer takes the necessary steps to amend or correct the information and notifies the requester by email or letter that the change has been made.
  6. If the amendment request is denied, the Chief Privacy Officer informs the requester of such determination in writing, including the reasons for the denial.

Appeal a denied request

If a request is denied, the requester has the right to file an appeal within ten (10) business days after the CFPB notifies the requester that it has denied the request. The CFPB’s regulations relating to requests for amendment may be found at 12 C.F.R. § 1070.58.


Although the Legal Division decides and responds to Privacy Act amendment appeals, the requester should nevertheless file an appeal. The FOIA Office will route the request automatically to the Legal Division. Email, fax, or mail your appeal as follows:

Email

FOIA@consumerfinance.gov

Fax

(855) FAX-FOIA (329-3642)

Mail

Consumer Financial Protection Bureau
Attention: General Counsel (c/o Chief FOIA Officer)
Privacy Act Appeal
1700 G Street, NW
Washington, DC 20552

The appeal shall be addressed to the General Counsel and labeled ‘‘Privacy Act Appeal.’’ The appeal must also: (1) specify the background of the request; and (2) provide reasons why the requester believes the denial is in error.

If the General Counsel denies an appeal regarding a request for amendment or correction, a requester may file a concise statement of disagreement in response to the denial. The CFPB will maintain such statements together with the information that the requester sought to amend. Whenever the Bureau discloses that information in the future, the Bureau will include a copy of the requester’s statement of disagreement along with the information.

When practicable and appropriate, the CFPB will also provide a copy of the statement of disagreement to any prior recipients of the record.

Overview of Privacy Act

The Privacy Act of 1974, as amended, 5 U.S.C. § 552a (the “Privacy Act”), governs the collection, maintenance, use, and dissemination of certain information about “individuals” by agencies of the Federal Government, including the CFPB. Individuals may request information about themselves that the Bureau may have.  This is not considered an amendment to the information, only a request for information that we may have on you.  You may file a request here. The Privacy Act applies only to information about individuals that exists in an agency’s “system of records.” The Bureau publishes “System of Record Notices” or “SORNs” that identify its system of records. You can view these SORNs, or read the full Privacy Act

Notes

For purposes of the Privacy Act and this Policy, the term “individual” refers to natural persons and not business entities. We also note that, pursuant to the CFPB’s Privacy Policy for Non-U.S. Persons, the term “individuals” refers to U.S. citizens and legal permanent residents, as well as non-U.S. persons.

A “system of records” is a group of records under the control of any agency where the agency retrieves information in those records by the name of an individual or by some other number, symbol, or particular that identifies an individual.