Bank/Thrift Supervision   |    Capital    |    CFPB    |    Deposit Insurance    |    Interchange    |    Mortgage Finance
Municipal Advisors   |    OCC-OTS Merger   |    Preemption    |    QM - QRM    |    Swaps   |    Volcker Rule    |    Full Topics List
Qualified Mortgage - Qualified Residential Mortgage
Consumer Financial Protection Bureau - CFPB
Bank/Thrift Holding Company Supervision
Deposit Insurance
Mortgage Finance
Municipal Advisors
OCC-OTS Merger
Volcker Rule
Corporate Governance
Financial Stability Oversight Council (FSOC)
Office of Financial Research (OFR)
Systemic Risk
Supervision and Oversight
Payment, Clearing and Settlement
Prudential Supervision
Trust & Securities
Asset-Backed Securities
Resolution Authority

Tuesday, September 23, 2014

GAO: CFPB Should Enhance Data Security & Privacy

The GAO determined that the CFPB should make additional efforts in several areas to reduce the risk of improper collection, use or release of consumer financial data. The CFPB has collected data on credit card accounts, mortgage loans and other products. Of the 12 large-scale collections GAO reviewed, 3 included information that identified consumers, but CFPB staff indicated that those 3 were not subject to statutory restrictions on collecting such information.

Although the CFPB has taken steps to secure these data collections, the GAO determined that the CFPB:

  • Lacks written procedures and comprehensive documentation for a number of process, including data intake and information security risk assessment;
  • Has not yet fully implemented a number of privacy control steps and information security practices, which could hamper the agency's ability to identify and monitor privacy risks and protect consumer financial data; and
  • Should consult further with OMB about its credit card collection and data sharing agreement.

Furthermore, the OCC should seek OMB approval for its credit card and mortgage data collection.

GAO makes 11 recommendations to enhance CFPB's privacy and information security and 1 recommendation to OCC to ensure its data collections comply with appropriate disclosure requirements. CFPB and OCC agreed with GAO's recommendations and noted steps they plan to take or have taken to address them.

Read more.

No comments:

Post a Comment

Please read our comment policy before making a comment.