Brendan Bordelon reports:
The director of Dodd-Frank’s chief enforcement agency clashed Tuesday with the ranking Republican on the Senate Banking Committee over the agency’s sweeping collection of Americans’ personal finance records.
Consumer Financial Protection Bureau (CFPB) Director Richard Cordray visited Capitol Hill to testify before the committee as part of a semi-annual report to Congress. But he spent much of that time defending his agency’s massive data collection program against Republican senators, chief among them Idaho’s Mike Crapo.
[…]
But after repeated pressing, Cordray finally confirmed that his agency is collecting data on 80 percent of the credit card market, information on individual transactions for around 900 million credit card accounts.
I’ll omit his justification for the data collection – even though there are legitimate privacy concerns to be raised about that – to focus on the data security concerns that accompany the privacy concerns. Although the government asserts the data are always “anonymized,” how easy would re-identification be, and are the data adequately secured?
Contracts with one third-party data firm indicate that the CFPB intends to maintain the postal code, census identifier and age of birth along with the financial information of 5 to 10 million Americans.
“We’ve had experience in other agencies where phenomenal abuses of this kind of information have been undertaken,” Crapo worried. “And all that is necessary for this massive amount of information being collected to be made available [to hackers] is for someone to find the key.”
Keeping sensitive data secure is a big concern at the CFPB. The Daily Caller News Foundation reported last week that Ashwin Vasan, the agency’s new tech head, has almost no experience in information technology.
And Pennsylvania Republican Sen. Pat Toomey discovered that data security flaws revealed nearly one year ago in a report by the CFPB’s inspector general have yet to be fixed.
“We have been working to adopt their recommendations,” Cordray said, “and we are paying very appropriate, precise, diligent attention to the privacy and security of this data.”
Senator Crapo asked the Government Accountability Office to review the CFPB’s data collection last summer, and the agency agreed to open a probe in July. The investigation remains ongoing.
Read more on Daily Caller. While Senator Crapo to focus on external threats to data security, I’d be just as worried about internal threats and the reported lack of contractor monitoring noted in the November 2012 report. I do not know which of the report’s recommendations the CFPB has already implemented and which remain a concern.