Newsroom
September 23, 2014
Hensarling: 'Troubling deficiencies' in CFPB data collection
House Financial Services Committee Chairman Jeb Hensarling, R-Texas, said a new Government Accountability Office report on the data collection efforts of CFPB reveal "troubling deficiencies in the CFPB's data security procedures and privacy controls."
"The American people are rightfully worried about the massive amounts of private information government collects on their personal lives, especially in this age of criminal hackers, data breaches and identity theft," Hensarling said in a statement Monday. "This report reveals troubling deficiencies in the CFPB's data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act."
In January, Congress passed legislation requiring GAO to examine CFPB's data collection efforts after the bureau refused to disclose information to Congress about the depth of its program, Hensarling's statement said.
NAFCU, commenting on the report yesterday, said the GAO study echoes numerous concerns raised by NAFCU regarding privacy and security procedures that should be enhanced by CFPB in implementing its data collection.
The GAO report found that "CFPB lacks written procedures and comprehensive documentation for a number of its processes, including data intake and information security risk assessments." GAO recommended that CFPB establish written standards for its data intake, making data anonymous and assessing and managing privacy risk.
It also noted, among other things, that CFPB has not yet fully implemented a number of privacy control steps and security practices and recommended that the bureau obtain periodic, independent reviews of its privacy processes, and update its remedial action plan.
"The American people are rightfully worried about the massive amounts of private information government collects on their personal lives, especially in this age of criminal hackers, data breaches and identity theft," Hensarling said in a statement Monday. "This report reveals troubling deficiencies in the CFPB's data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act."
In January, Congress passed legislation requiring GAO to examine CFPB's data collection efforts after the bureau refused to disclose information to Congress about the depth of its program, Hensarling's statement said.
NAFCU, commenting on the report yesterday, said the GAO study echoes numerous concerns raised by NAFCU regarding privacy and security procedures that should be enhanced by CFPB in implementing its data collection.
The GAO report found that "CFPB lacks written procedures and comprehensive documentation for a number of its processes, including data intake and information security risk assessments." GAO recommended that CFPB establish written standards for its data intake, making data anonymous and assessing and managing privacy risk.
It also noted, among other things, that CFPB has not yet fully implemented a number of privacy control steps and security practices and recommended that the bureau obtain periodic, independent reviews of its privacy processes, and update its remedial action plan.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.