WASHINGTON (9/23/14)--The Government Accountability Office (GAO) released a report Monday citing concerns that the Consumer Financial Protection Bureau (CFPB) must take additional efforts to reduce the risk of improper collection, use and release of consumer financial data.
The GAO reviewed 12 large-scale data collections from the bureau, finding that three included individual consumer identification information, though CFPB staff indicated those three were not subject to restrictions on such collection.
The large-scale data collections varied from about 11,000 consumer arbitration case records from a trade association to 173 million mortgage loans from a data aggregator. The GAO found that the bureau has taken steps to protect and secure these data collections as well as implement an information security program consistent with Federal Information Security Management Act requirements.
According to the GAO report, additional efforts needed include:
A total of 11 recommendations were made, meant to enhance the CFPB's privacy and information security. One recommendation was made to the OCC to ensure its data collections comply with appropriate disclosure requirements.
According to the GAO, both agencies agreed with GAO's recommendations and have noted steps they plan to take or have taken to address them.
Use the resource link below to access the full report.