CFPB Releases Report and RFI on Data Collection

Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

On September 25, the Consumer Financial Protection Bureau issued a report on its sources and uses of data. This report was followed by a Request for Information regarding its data collection practices, published in the Federal Register on September 28. In some respects, both documents are a follow-up to Acting Director Mick Mulvaney’s December 2017 order to CFPB staff to cease collecting personally identifying information, pending a review of and improvements to the Bureau’s overall data security systems.

The Dodd-Frank Act states that the CFPB “shall seek to implement and … enforce Federal consumer financial law consistently for the purpose of ensuring that all consumers have access to markets for consumer financial products and services and that [those markets] are fair, transparent, and competitive.” The CFPB regularly obtains data about consumers to fulfill these statutory functions and obligations and its data collection practices under the leadership of former Director Cordray had been the subject of strong criticism from Republican lawmakers.

The 199-page report describes the sources and uses of data collected, as well as the processes governing the intake, use, access, and disclosure of any data by the Bureau. Appendix B to the report includes a list of the Bureau’s 188 data collections to date from public sources, government agencies, commercial vendors, financial institutions, and consumers. The list generally does not include data collections from consumers on a voluntary basis, such as through focus groups, one-on-one interviews, or user testing. Contained in the report’s Appendix C is a list of the Memoranda of Understanding between the Bureau and other agencies that address the sharing of data. 81 different governmental and quasi-governmental agencies are named in the list.

During its review of its data security systems, the CFPB signed an interagency agreement under which the Department of Defense provided risk assessment services to identify potential gaps in the Bureau’s cybersecurity controls. The Bureau concludes in the report that its security protocol is currently “well-organized and maintained” with no critical issues found.

The CFPB is now seeking public input regarding the overall effectiveness and efficiency of the Bureau’s data collection practices. It is asking the public to provide comments on aspects of its data collection program, such as:

  • The sources, uses, and scope of information the Bureau collects;
  • Ways the Bureau should or should not reuse data collected for one purpose to inform the other functions of the Bureau;
  • Ways to reduce the burden on future furnishers of information;
  • Activities the Bureau could engage in to make data collections from financial institutions more effective and efficient; and
  • Other changes that may assist the Bureau to more effectively meet its statutory purpose and objectives.

Public comments are due to the CFPB by December 27, 2018.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide