WASHINGTON (12/17/15)--Witnesses and legislators at a U.S. House subcommittee hearing Wednesday raised a number of questions about the Consumer Financial Protection Bureau’s (CFPB) mass data collection, most notably about how it could put consumer information at risk in the event of a data breach.
The hearing was conducted by the House Financial Services subcommittee on oversight and investigations.
“Not a day goes by that Americans are not made aware of yet another breach of sensitive information. Whether it’s the public or private sector, vast collections of personal consumer data are a prime target for cyberattacks,” said Rep. Sean Duffy (R-Wis.), chair of the subcommittee.
Though the full extent of information collected by the CFPB is unknown, its data collection includes arbitration case records, automobile sales records, consumer credit report information, credit card details, credit scores, mortgage loan-level data, private student loan data and payday loan information.
Former Speaker of the House Newt Gingrich (R-Ga.), one of the witnesses, said the collection of such information in a single place could prove enticing to hackers intent on stealing consumers’ personal data.
“Anytime you’re centralizing mass amounts of data in a single place, that’s a high risk, and hackers aren’t exactly bound by red tape and bureaucracy when it comes to choosing targets,” he said. “There’s no reason to believe that the CFPB’s data is any safer than that of the Office of Personnel Management [which suffered a high-profile data breach earlier this year], and assuming that a database containing billions of data points isn’t going to be a target goes against everything we know about hacker culture.”
CUNA has expressed concerns about the security of the information collected by the CFPB, warning the bureau that its mass data collection could expose consumers to identify theft risk.
CUNA has also supported transitioning bureau leadership into a five-person commission, instead of a single director, a point which was endorsed by one of the witnesses.
“With a commission structure, composed of a bipartisan council of policymakers, there is less room for abusing data, and less opportunity to do so as well,” said Wayne Abernathy, executive vice president for financial institutions policy and regulatory affairs, American Bankers Association (ABA). “Under the light of the variety of viewpoints that comes with a council or a commission, you have different people posing different questions from differing backgrounds and insights, all more likely to poke and prod the data, and all of them likely to be intolerant of information legerdemain.”
CUNA has sent letters, and signed a number of joint letters with the ABA, in support of legislation that would transform CFPB leadership into a five-person commission instead of a single director.