WASHINGTON (8/19/15)--A look at the Consumer Financial Protection Bureau’s (CFPB) storage of personally identifiable information is part of the Federal Reserve’s Office of the Inspector General’s work plan. The plan was recently updated to include CFPB data security audit, as well as a number of other additions.
The CFPB, as part of its mission, collects, handles and stores several types of consumer information and personally identifiable information, defined as data that could potentially be used to identify a specific individual, or to distinguish one individual from another.
The Fed’s Office of the Inspector General intends to review the extent to which the CFPB has assessed the risks that come with collection, maintenance, storage and disposal of this data.
The review will focus on: bureau systems that house the information; access to the information; disposal and destruction mechanisms; how privacy incidents are handled; how CFPB staff are trained on privacy matters; and the use of National Institute of Standards and Technology privacy controls.
CUNA has raised a number of concerns about the CFPB's storage of information in the CFPB's database, particularly if the personal information collected by the bureau is inadvertently disclosed whenc consumer complaints are filed with the bureau. CUNA has urged the CFPB to take steps to minimize privacy risks.
Other items added to the latest work plan include: