September 22, 2014

GAO report echoes NAFCU concerns with CFPB data collection

A Government Accountability Office report Monday on CFPB's data collection activities echoes numerous concerns raised by NAFCU regarding privacy and security procedures that should be enhanced by CFPB in implementing its data collections.

The report is in response to 12 different large-scale data collections by CFPB.

"NAFCU, in its comment letter to FHFA in May, highlighted some privacy and transparency concerns regarding the data collection efforts of the FHFA and CFPB," Meyster said. "This GAO report notes many of the same concerns, and we'd like to see even more from the CFPB in terms of transparency and accountability when it comes to its data collection efforts."

The GAO report found that "CFPB lacks written procedures and comprehensive documentation for a number of its processes, including data intake and information security risk assessments." GAO recommended that CFPB establish written standards for its data intake, making data anonymous and assessing and managing privacy risk, among other things. It also noted that CFPB has not yet fully implemented a number of privacy control steps and security practices and recommended that the bureau obtain periodic, independent reviews of its privacy processes, and update its remedial action plan.

GAO also expressed concern over compliance with the Paperwork Reduction Act and recommended that CFPB consult with the Office of Management and Budget about "its credit card collection and data-sharing agreement."