According to a recent study by the U.S. Government Accountability Office, the financial data gathered by the Consumer Financial Protection Bureau on 25 million to 75 million U.S. credit cardholders is not safe enough.  As part of its government mandate, the GAO examined laws, regulations, and contracts pertaining to the CFPB’s data collection methodologies, risk management in storing data, and other security issues regarding U.S. consumer financial information.  While the CFPB does have some control mechanisms in place, the agency needs to take even greater steps to keep consumer financial information secure, according to the report.

The GAO highlighted three major areas in which the CFPB’s large-scale data collections tactics and information management methodologies needed significant improvement: a lack of written procedures and comprehensive documentation, inadequate privacy controls, and a lack of security with respect to the sharing and transmission of credit card data.

“It literally took an act of Congress to obtain this information because the unaccountable CFPB would not answer our questions,” Financial Services Committee Chairman Jeb Hensarling (R-Texas) said following the September 22 release of the GAO report.  He added, “This report reveals troubling deficiencies in the CFPB’s data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act.”

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of H. Scott Kelly H. Scott Kelly

Scott is a consumer data and privacy specialist. He regularly defends against data breach lawsuits and class action claims asserted under federal and state consumer-protection statutes (FCRA, FDCPA, TCPA, UCC, UDAAP, RICO). Scott represents companies on an array of data privacy issues, including

Scott is a consumer data and privacy specialist. He regularly defends against data breach lawsuits and class action claims asserted under federal and state consumer-protection statutes (FCRA, FDCPA, TCPA, UCC, UDAAP, RICO). Scott represents companies on an array of data privacy issues, including background screening, consumer reporting, data breaches, ransomware attacks, and related regulatory investigations by the Consumer Financial Protection Bureau (CFPB), Federal Trade Commission (FTC), and state attorneys general.

Read more about H. Scott KellyScott's Linkedin Profile
Show more Show less
Photo of Michael E. Lacy Michael E. Lacy

Michael heads the firm’s Consumer Financial Services practice, and handles class actions and high-stakes consumer litigation on a nationwide basis. He represents banks, mortgage servicers, debt buyers and collectors, and lenders against claims under consumer protection statutes, including the FCRA, TCPA, RESPA, RICO,

Michael heads the firm’s Consumer Financial Services practice, and handles class actions and high-stakes consumer litigation on a nationwide basis. He represents banks, mortgage servicers, debt buyers and collectors, and lenders against claims under consumer protection statutes, including the FCRA, TCPA, RESPA, RICO, and state UDAP laws. He has significant experience litigating and trying corporate governance disputes, including shareholder derivative claims, corporate dissolution cases, and corporate divorce matters. Michael also represents public utility companies in litigation and regulatory matters, including condemnation and land use cases.

Read more about Michael E. LacyMichael E.'s Linkedin Profile
Show more Show less
Related Posts
TPL_Podcasts_PaymentsPros_LinkedIn
Payments Year in Review 2025: Federal and State Developments – Part 2
February 11, 2026
TPL_LinkedIn_CFS-Blog_DigitalAssetsYIR25
Financial Services Industry 2025 Digital Assets Year in Review
February 5, 2026
TPL_Podcasts_PaymentsPros_LinkedIn
Payments Year in Review 2025: Federal and State Developments – Part 1
January 28, 2026