NSA Spying Scandal Fuels Fire Over CFPB Data Gathering

WASHINGTON — House Republicans grilled a top Consumer Financial Protection Bureau official Tuesday over how the agency gathers and protects consumer data, comparing it to surveillance by the National Security Agency.

Although concerns about the agency's collection of data surfaced several months ago, the NSA scandal and allegations of inappropriate activity by the Internal Revenue Service have given the issue new urgency.

During a House Financial Services Committee hearing on Tuesday, lawmakers invoked both as a reason to get clear answers from the CFPB.

"Some of my friends across the aisle will say that the more data that the bureau has, the more data that our government has on American citizens, the better off we are, the safer we are. But if you look at the past several months, Americans have found out far more information about what their government is doing in regard to collecting information on them, whether it's the NSA or the IRS," said Rep. Sean Duffy, R-Wis. "Many of my constituents are concerned that our government has their health records, their phone records, their internet records, their emails and now the CFPB is monitoring their financial records."

GOP lawmakers also expressed frustration with the agency's responsiveness in some cases, noting that it has failed to disclose how many consumer accounts are tied to the data being collected.

"We simply do not know the extent to which the CFPB is collecting, storing or having outside contractors collect and store consumers' personally identifiable information," said Rep. Shelley Moore Capito, R-W.Va., chairman of the financial services and consumer credit subcommittee, which held the hearing.

Steven Antonakes, the CFPB's acting No. 2 and the lone witness at hearing, downplayed those concerns raised by lawmakers, arguing that the agency only collects personally identifiable information in a limited number of cases.

"The vast majority of data we collect is anonymized and does not include personally identifiable information," he said, adding that identifying information is collected only when a consumer calls the agency's complaints hotline and willingly provides it or during the bank examination process.

"To the extent we're reviewing this type of information, it is through our supervisory process or the consumer complaint process and we're following the same process that's been run for years by other federal and state regulatory agencies," Antonakes said. "I don't believe we're plowing any new ground here."

Still, Antonakes said that he was unable to provide an exact number of consumer accounts connected with the data the agency is collecting, which drew the ire of many Republican panel members.

"It's inconceivable to me, unless you're from the most dysfunctional agency in the entire world, that you would come here today unable to answer the very simple questions that you've been asked," said Rep. Bill Posey, R-Fla. "I know more about your agency from Bloomberg than I do from any communication you or anybody from your agency has had with my office or with me."

Republicans in both the House and Senate have been asking the agency for that information for months to no avail, though Antonakes did say he would try to get back to lawmakers with a precise figure when he was able to get one. He explained that the data comes from many sources and in different forms, adding to the complexity of the request.

Lawmakers on both sides of the aisle also raised concerns about the extent to which the CFPB shares data with other regulatory agencies, how it keeps data secure and when it will be disposed of. Antonakes described some of the precautions the bureau takes to protect its data, noting that it's only accessible by employees who need to access it for their work, and pointed out that he was not aware of any security breaches. The agency has submitted a plan to dispose of its data, in some cases as long as a decade after it's collected, but it does not yet have a final plan in place for how that procedure will work. He added that the CFPB continues to ramp up efforts to share data with other agencies to avoid duplicative efforts and reduce the reporting burden on financial institutions.

Rep. Carolyn Maloney, D-N.Y., requested an on-site visit at the CFPB to see how the agency protects its consumer information, and noted that she's interested in working with Capito to request a Government Accountability Office study on how regulators' efforts to share data can be improved.

Overall, Democrats largely defended the CFPB's data-gathering efforts, though some did express concern about the need for tight security to protect collected information. Rep. Maxine Waters, D-Calif., the full committee's ranking member, pressed Antonakes to describe how more data might have been useful for regulators in preventing the financial crisis, while Rep. Stephen Lynch, D-Mass., argued that the agency's detractors were being hypocritical in their concern about data in light of their ongoing push for increased cost-benefit-analysis measures.

"You have told these regulators that everything they do must be data-driven, everything they do must be fact-based, everything they do must be analyzed to prove that the costs do not exceed the benefits of that regulation," Lynch said. "So you're requiring them on the one hand to get as much data as they possibly can, to make sure the regulations are fact-based and in rea -time, and today you're wringing your hands and saying, 'Oh my God, you're going after data.' You can't have it both ways."

For reprint and licensing requests for this article, click here.
Law and regulation Consumer banking
MORE FROM AMERICAN BANKER