Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Policy & Issues

Fed OIG to analyze CFPB storage of consumer information

August 19, 2015

WASHINGTON (8/19/15)--A look at the Consumer Financial Protection Bureau’s (CFPB) storage of personally identifiable information is part of the Federal Reserve’s Office of the Inspector General’s work plan. The plan was recently updated to include CFPB data security audit, as well as a number of other additions.

The CFPB, as part of its mission, collects, handles and stores several types of consumer information and personally identifiable information, defined as data that could potentially be used to identify a specific individual, or to distinguish one individual from another.

The Fed’s Office of the Inspector General intends to review the extent to which the CFPB has assessed the risks that come with collection, maintenance, storage and disposal of this data.

The review will focus on: bureau systems that house the information; access to the information; disposal and destruction mechanisms; how privacy incidents are handled; how CFPB staff are trained on privacy matters; and the use of National Institute of Standards and Technology privacy controls.

CUNA has raised a number of concerns about the CFPB's storage of information in the CFPB's database, particularly if the personal information collected by the bureau is inadvertently disclosed whenc consumer complaints are filed with the bureau. CUNA has urged the CFPB to take steps to minimize privacy risks. 

Other items added to the latest work plan include:

  • An audit of the Federal Financial Institutions Examination Council’s financial statements for years ending Dec. 31, 2015 and Dec. 31, 2014;
     
  • An audit of the Federal Reserve board of governors’ oversight of cybersecurity threats to financial institutions. The review will focus on whether the Fed’s examination process is providing adequate oversight;
     
  • A security control review of the CFPB’s information server operating environment. Specifically, control techniques used to protect data within the system from unauthorized access will be examined;
     
  • An evaluation of the CFPB’s risk assessment framework used to prioritize examination activities; and
     
  • A risk assessment of the CFPB’s purchase card program, which will identify and analyze the risks of illegal, improper, or erroneous purchases and payments.  

Subscriber Exclusives Cash crop

Cash crop

Cannabis-banking leaders shed light on a growing line of business that has major implications for public safety, financial inclusion, and credit union economics.
Engage members with mobile

Engage members with mobile

Mobile services have become an engine for membership growth and relationship-building.
Tech-savvy boards

Tech-savvy boards

The use of portals and remote meeting options is growing among board members.
App   Digital Edition   Subscribe

Trending

Polls

Does your CU offer or plan to offer cannabis banking services?

View Results
More