Section 1033.101 - [Effective 1/17/2025] Authority, purpose, and organization(a)Authority. The regulation in this part is issued by the Consumer Financial Protection Bureau (CFPB) pursuant to the Consumer Financial Protection Act of 2010 (CFPA), Pub. L. 111-203 , tit. X, 124 Stat. 1955.(b)Purpose. This part implements the provisions of section 1033 of the CFPA by requiring data providers to make available to consumers and authorized third parties, upon request, covered data in the data provider's control or possession concerning a covered consumer financial product or service, in an electronic form usable by consumers and authorized third parties; and by prescribing standards to promote the development and use of standardized formats for covered data, including through industry standards developed by standard-setting bodies recognized by the CFPB. This part also sets forth obligations of third parties that would access covered data on a consumer's behalf, including limitations on their collection, use, and retention of covered data.(c)Organization. This part is divided into subparts as follows: (1) Subpart A establishes the authority, purpose, organization, coverage of data providers, compliance dates, and definitions applicable to this part.(2) Subpart B provides the general obligation of data providers to make covered data available upon the request of a consumer or authorized third party, including what types of information must be made available.(3) Subpart C provides the requirements for data providers to establish and maintain interfaces to receive and respond to requests for covered data.(4) Subpart D provides the obligations of third parties that would access covered data on behalf of a consumer.(5) Appendix A to this part provides instructions for how a standard-setting body would apply for CFPB recognition. 89 FR 49090 , 7/11/2024; 89 FR 90989 , 1/17/2025