Anonymize Dodd-Frank §1071 Small Business Lending Data for Review – CCPA/HIPAA-compliant de-identification per 15 USC §1691c-2
Dodd-Frank §1071 (15 USC §1691c-2) requires covered financial institutions to collect and report data on small business credit applications, including applicant demographic information and credit decision details that link directly to individual business owners. anonym.legal pseudonymizes those personal identifiers so compliance teams can audit data collection accuracy and ECOA compliance without processing applicants' personal data.
When this applies
Apply this workflow when §1071 data collection records are reviewed by fair-lending compliance teams, internal auditors, or external advisers assessing data quality, demographic-field completeness, and ECOA compliance posture, and the reviewer does not require the identity of the specific applicant.
How anonym.legal handles it
- Upload the §1071 data collection record or reporting extract — including the application data file and any supplementary demographic collection forms — to anonym.legal.
- The engine identifies applicant names, individual business-owner demographic information, Tax Identification Numbers, addresses, and account references.
- Each applicant and business owner is pseudonymized with a distinct, consistent placeholder; credit-decision outcome, product type, loan amount requested, business revenue tier, and demographic field completeness indicators are preserved.
- NAICS code, census tract, time-to-decision, and pricing information are preserved as non-personally-identifying structural data.
- A reversible mapping table is encrypted and stored with US data residency.
- Export the pseudonymized data file for compliance review or fair-lending analysis.
What you provide
- §1071 data collection record or HMDA-adjacent reporting extract
- Demographic information collection forms completed by applicants
- Credit-decision documentation with underwriting rationale
Limitations & cautions
- CFPB submission of §1071 data must include accurate applicant data as required by 15 USC §1691c-2; pseudonymized files are for internal audit only.
- Fair-lending statistical analysis requires aggregate data, not pseudonymized individual records; this workflow supports review of individual file quality rather than portfolio-level disparity testing.
- The tool does not assess whether the data collection procedures comply with the CFPB's implementing regulation under §1071.
- Business entity names associated with the credit application are preserved; only natural-person applicant and owner data is pseudonymized by default.
FAQ
Are demographic self-identification fields pseudonymized or preserved?
Demographic field values — such as sex, race, and ethnicity — are preserved as structural data elements required for §1071 compliance review. Only the applicant's name and direct personal identifiers are pseudonymized.
Can pseudonymized §1071 records be used to train loan officers on data collection procedures?
Yes. Records pseudonymized to remove applicant identities while preserving the data-field structure and demographic collection form are effective training materials for loan officers and compliance staff.
How are principal owner names on the business credit application handled?
Named principal owners are treated as natural persons and pseudonymized with distinct pseudonyms separate from any pseudonym assigned to the business entity applicant.