The Consumer Financial Protection Bureau (CFPB) should improve its privacy protections for the data it collects on hundreds of millions of mortgages, student loans and credit cards, the Government Accountability Office says.
The nonpartisan GAO’s investigation found three major information management issues at the CFPB: written procedures and documentation, implementation of privacy and security steps, and not complying with the Paperwork Reduction Act.
The GAO report said that while the amount of data collected was extensive, it was in line with the data collection activities of other regulators like the Office of the Comptroller of the Currency.
In a statement appended to the report, the CFPB said it “concurred” with the recommendations to beef up its privacy safeguards.
Republican lawmakers say the CFPB is overstepping its authority. Senate Banking Committee Ranking Member Mike Crapo, R-Idaho, requested the report, and he believes the demand for data could be a budding threat to consumer protection and privacy.
“The CFPB’s massive data collection effort is an unwarranted, unwelcome intrusion into the private financial lives of millions of Americans,” Crapo said in a statement. “This GAO report confirms what the Bureau would not — that it has been collecting information on up to 600 million American financial accounts, and it does not have the proper safeguards in place to protect the information it is collecting. At a time when data and identity-related crimes are at an all-time high, the last thing the American people need is one more federal agency collecting their private financial information.”
In its research, the GAO looked into the data collection methods of the CFPB for 12 different projects. Of those accounts, three had information that identified individual consumers.