Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

CFPB Set to Enhance Data Collection Efforts
Friday, September 26, 2014 6:45 AM

In response to a U.S. Government Accountability Office report released this week, the Consumer Financial Protection Bureau has agreed to improve its security policies on data collection. The GAO report made a dozen recommendations on the topic in a written privacy plan that combines CFPB's security measures and an independent review of its practices.

The report identified three major areas in which the CFPB's large-scale data collections tactics and information management methodologies leave significant room for improvement.

Specifically, the report said the CFPB has access to information on the financial data for 500 million credit card accounts, primarily through an information-sharing agreement with the Office of the Comptroller of the Currency (OCC); and though it does have security protections in place, the CFPB "lacks written procedures and comprehensive documentation" with regard to data intake and security risk assessments.

"The GAO's report recognizes that the bureau collects data on a scale similar to other regulators and uses that data to carry out its mission to protect consumers," said Sam Gilford, a CFPB spokesperson. "The CFPB agrees with the GAO's recommendations, which focus primarily on documentation of processes related to data collection."

CFPB officials have repeatedly testified to Congress that the agency is data driven in order to better assess markets and make appropriate rules and actions. Gilford said the data allows regulators to see how markets are functioning and monitor the impact of rules. But last January, House lawmakers had concerns that the CFPB was collecting "big data" with the potential to be personally identifiable or hacked, and so requested the GAO investigation.

House Financial Services Committee Chairman Jeb Hensarling (R-TX) said, "It literally took an act of Congress to obtain this information because the unaccountable CFPB would not answer our questions."

Following release of the new report, Hensarling stated, "The American people are rightfully worried about the massive amounts of private information government collects on their personal lives, especially in this age of criminal hackers, data breaches and identity theft. This report reveals troubling deficiencies in the CFPB's data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act."

The CFPB is not alone in its massive data collection. The GAO report describes other regulators, such as the Board of Governors of the Federal Reserve System and the Office of the Comptroller of the Currency (OCC), who collect similarly large amounts of data.

The CFPB and the OCC share data on 500 million credit card accounts on a monthly basis, which covers 87% of the outstanding balances as of March, according to the Office of Management and Budget (OMB). The report recommended that the CFPB consult with the OMB about its credit card collection and data-sharing agreement with the OCC, since agencies are supposed to get approval from the OMB when they collect data from 10 or more entities, under the Paperwork Reduction Act. However, the OCC did not obtain approval to collect data on credit cards and mortgages, according to the report.

The report also noted that the CFPB has collected data on credit reports for 10.7 million individuals on an ongoing basis; mortgage data on about 173 million total loans (excluding private-label mortgages); 5.5 million total student loans; and 15 million to 40 million total payday loans.