Newsroom

House Financial Services Committee Chairman Jeb Hensarling, R-Texas, said a new Government Accountability Office report on the data collection efforts of CFPB reveal "troubling deficiencies in the CFPB's data security procedures and privacy controls."

"The American people are rightfully worried about the massive amounts of private information government collects on their personal lives, especially in this age of criminal hackers, data breaches and identity theft," Hensarling said in a statement Monday. "This report reveals troubling deficiencies in the CFPB's data security procedures and privacy controls, as well as an apparent effort by the CFPB to skirt the consumer privacy protections required by Congress in both the Dodd-Frank Act and the Paperwork Reduction Act."

In January, Congress passed legislation requiring GAO to examine CFPB's data collection efforts after the bureau refused to disclose information to Congress about the depth of its program, Hensarling's statement said.

NAFCU, commenting on the report yesterday, said the GAO study echoes numerous concerns raised by NAFCU regarding privacy and security procedures that should be enhanced by CFPB in implementing its data collection.

The GAO report found that "CFPB lacks written procedures and comprehensive documentation for a number of its processes, including data intake and information security risk assessments." GAO recommended that CFPB establish written standards for its data intake, making data anonymous and assessing and managing privacy risk.

It also noted, among other things, that CFPB has not yet fully implemented a number of privacy control steps and security practices and recommended that the bureau obtain periodic, independent reviews of its privacy processes, and update its remedial action plan.