The Consumer Financial Protection Bureau (CFPB) has engaged in 12 massive collection efforts of private data from American citizens, including mortgage loan-level data and transaction-level data on consumers’ credit cards and checking accounts.
Are these data collection efforts dangerous to the privacy and security of American consumers? The House Oversight and Investigations Committee held a hearing this week in order to determine if the CFPB is going too far or if the data collection efforts are necessary for the Bureau to complete its regulatory objectives.
“We don’t know—and the American people don’t know—how much personally identifiable information the CFPB retains, how that data is protected, and what the Bureau plans to do with all that data,” Subcommittee Chairman Sean Duffy (R-Wisconsin) said.
The Subcommittee asserted that the CFPB is collecting more data than is necessary to execute its regulatory mission. Even though the Bureau needs to sample only 1 percent of the credit card market to achieve its goals, it has collected information on 87 percent of the credit card market and hopes to expand this share to 95 percent. The Subcommittee stated that just one of the CFPB’s 12 data collections had collected information on more than 173 million loans.
“The CFPB is prohibited in Section 1022 of Dodd-Frank from collecting personally identifiable information on Americans, but the Bureau is doing so anyway. And it is doing so at a massive scale that rivals the NSA’s most controversial collection programs, but for much less compelling reasons,” said former Speaker of the House Newt Gingrich, a witness at the hearing.
Another witness at the hearing, Dr. Mark Calabria, Director of Financial Regulation Studies at the Cato Institute, stated: “The Consumer Financial Protection Bureau’s data collection activities run afoul of our Fourth Amendment protections. These extensive data collections are in no way necessary for the CFPB to achieve its statutory mission.”
Also according to the Subcommittee, the CFPB is “alarmingly” non-transparent about its data collection efforts, since they do not publicly reveal specifically what data is collected, does not notify specific consumers they are collecting data, and does not inform consumers what data has been collected or how it will be used. Furthermore, the security of the data collected was called into question; Chairman Duffy pointed out that CFPB Director Richard Cordray himself had stated before the House Financial Services Committee last year that “he could not rule out the potential for a data breach at the Bureau.” Also, the Inspector General found multiple deficiencies in the data security that protects the Bureau’s consumer complaint database.
“The Consumer Financial Protection Bureau’s data collection activities run afoul of our Fourth Amendment protection.”
Dr. Mark Calabria, Director of Financial Regulation Studies at the Cato Institute
Another witness at the hearing, Wayne Abernathy, EVP for Financial Institutions Policy and Regulatory Affairs at the American Bankers Association, stated: “With a commission structure, composed of a bipartisan council of policymakers, there is less room for abusing data, and less opportunity to do so as well. Under the light of the variety of viewpoints that comes with a council or a commission, you have different people posing different questions from differing backgrounds and insights, all more likely to poke and prod the data, and all of them likely to be intolerant of information legerdemain.”
Not all the Subcommittee members agreed with the hearing’s findings. Rep. Al Green (D-Texas), Ranking Member of the Subcommittee, issued a statement “addressing attempts by those who would eviscerate or emasculate the CFPB, under the guise of fake consumer privacy concerns.”
“This is what I would expect from those who seek to replace the Consumer Financial Protection Bureau with a ‘Corporate Financial Protection Bureau,’ subject to the influence of synthetic grassroots organizations like the fictitious US Consumer Coalition,” Green said. “The CFPB is prevented by law from collecting personally-identifiable information, except for the purposes of returning money to defrauded consumers. The CFPB uses this data to identify consumers who have been ‘ripped off’ and ensure that they receive restitution. Since the CFPB opened its doors, it has helped return over $11 billion dollars to defrauded American consumers. I would like to think that the millions of defrauded Americans who have had their hard-earned money returned to them by the CFPB would disagree with the sentiment that the CFPB is invading their privacy.”
The CFPB did not participate in the hearing and had no comment on the hearing’s determinations but did point to a report from the Government Accountability Office which says other financial regulators “collect similarly large amounts of data” and says that the credit card data collected by the CFPB does not include personal identifiers—and states that most of the data is collected by the Office of the Comptroller of the Currency (OCC). The CFPB also pointed out that some prominent housing industry associations wrote a letter in May 2014 in support of the National Mortgage Database, a joint initiative between the FHFA and the CFPB.