According to a recent study by the U.S. Government Accountability Office, the financial data gathered by the Consumer Financial Protection Bureau on 25 million to 75 million U.S. credit cardholders is not safe enough. As part of its government mandate, the GAO examined laws, regulations, and contracts pertaining to the CFPB’s data collection methodologies, risk management in storing data, and other security issues regarding U.S. consumer financial information. While the CFPB does have some control mechanisms in place, the agency needs to take even greater steps to keep consumer financial information secure, according to the report.
The GAO highlighted three major areas in which the CFPB’s large-scale data collections tactics and information management methodologies needed significant improvement: a lack of written procedures and comprehensive documentation, inadequate privacy controls, and a lack of security with respect to the sharing and transmission of credit card data.
“It literally took an act of Congress to obtain this information because the unaccountable CFPB would not answer our questions,” Financial Services Committee Chairman Jeb Hensarling (R-Texas) said following the September 22 release of the GAO report. He added, “This report reveals troubling deficiencies in the CFPB’s data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act.”