The Consumer Financial Protection Bureau this week issued a report and a request for information as part of an effort to assess the effectiveness of how data is collected, used and reused.
Acting CFPB Director Mick Mulvaney has repeatedly pointed to data security as a defect at the bureau and in December directed the CFPB’s staff to stop collecting any personally identifiable data.
At the time, Mulvaney claimed the CFPB had suffered hundreds of data breaches and halted all enforcement actions for about six months.
But the CFPB's
The report noted that in January the CFPB signed an interagency agreement with the Department of Defense to leverage its so-called “risk and vulnerability assessment services” to identify potential gaps in cybersecurity controls.
The bureau said risk assessors found "no critical findings" after completing an assessment this spring.
“The review concluded that overall the Bureau’s security posture is well-organized and maintained,” the report stated.
The CFPB's
The CFPB specified that it is not seeking comment on the bureau's consumer complaint process, which it already sought public comment on through one of a series of RFIs on many aspects of the agency's work.
Rather, the CFPB wants input on what changes it should make to the sources, uses and scope of its data collections, including the use of confidential supervisory or investigation information to inform other bureau functions.
The CFPB also wants to know how it can reduce the burden on potential furnishers of data, and how to make data collection requests from financial institutions “more effective and efficient.”
House Republicans for years have raised security concerns about the CFPB’s methods for collecting and storing data, with the intent of reducing overall data collection, typically by citing privacy concerns.
