In 2023, the Consumer Financial Protection Bureau (CFPB) issued a final rule to implement Section 1071 of the 2010 Dodd–Frank financial regulation law, aimed at fostering transparency and fairness in lending by mandating the collection of information about the race and sexual orientation of small-business loan applicants. Though well-intentioned, the move has sparked a debate on privacy, data security, and operational challenges for financial institutions.
I recently released a working paper fielding a nationally representative survey of 2,996 respondents that documented a pronounced reluctance among business owners to share sensitive personal information with lenders. This hesitancy not only challenges the objectives of Section 1071 but also raises questions about tensions between regulatory goals and individuals’ privacy concerns. My study highlights four key findings.
Reluctance to Share Sensitive Information. A substantial portion of respondents expressed discomfort with sharing personal demographic information with financial institutions, with 65 percent of participants either strongly opposed or somewhat opposed to sharing racial information, and an even higher percentage, 77.1 percent, opposed to sharing their sexual orientation. This resistance underscores a broader concern about privacy and data.
Demographic Variations in Comfort Levels. Older respondents and those with some college education were more likely to express sensitivity about sharing personal information. Interestingly, while majorities across all demographic groups were uncomfortable with revealing such information, males, married individuals, and those identifying as black, Asian, or conservative were comparatively less concerned: 57 percent of black and 55 percent of Asian respondents, compared with 68 percent of Hispanics, reported being uncomfortable divulging racial information.
Impact on Banking Preferences. Individuals hesitant to share their race or sexual orientation were 5–7 percentage points less likely to approve of banks having additional objectives such as promoting environmental sustainability or targeting specific groups for lending. This suggests a link between privacy concerns and a preference for banks to focus on traditional banking concerns.
Effects of Information Treatments. Since many consumers are unaware of how firms and third parties use their data, I also experimented with an information experiment in which respondents were shown prompts about the effects of data breaches. Respondents who saw a prompt about the 2021 leak of user data from the online trading platform Robinhood were 5 percentage points more likely to prefer not to share racial information with banks. To put that in perspective, the proportion of people who do not want to share racial information is already 65 percent, meaning that further prompting of people for information makes them even less willing to share.
The findings underscore a critical dichotomy: while Section 1071 of Dodd-Frank seeks to illuminate and address disparities in access to credit, it inadvertently stokes fears of data misuse and breaches among borrowers. This tension is not without consequence. Financial institutions, tasked with implementing the CFPB’s new rule, face the dual challenge of complying with regulatory requirements and addressing borrowers’ fears. The study highlights the need for a nuanced approach to data collection–one that respects borrower privacy, while striving for the transparency and fairness that Section 1071 aims to achieve. My research calls for reevaluating how regulatory objectives are pursued and suggests the need for a framework that recognizes the legitimate concerns of borrowers, the very people whom the regulation was established to help.
Photo: d3sign/Moment via Getty Images