Newsroom

CFPB Director Richard Cordray concurred with recommendations made in a Government Accountability Office report analyzing the bureau's data collection efforts and said CFPB is already taking steps to "record, implement, and enhance existing data privacy and security measures" regarding its data collection.

Cordray's letter to GAO was in response to GAO's findings that "CFPB lacks written procedures and comprehensive documentation for a number of its processes, including data intake and information security risk assessments." The report also noted, among other things, that CFPB has not yet fully implemented a number of privacy control steps and security practices. It recommended that the bureau obtain periodic, independent reviews of its privacy processes and update its remedial action plan.

Cordray followed up on all the recommendations made by the GAO report and explained the steps the bureau has already taken or plans to take.

House Financial Services Committee Chairman Jeb Hensarling, R-Texas, found the report revealed "troubling deficiencies in the CFPB's data security procedures and privacy controls."

In January, Congress passed legislation requiring GAO to examine CFPB's data collection efforts after the bureau refused to disclose information to Congress about the depth of its program.

NAFCU also commented on the report and said the GAO study echoes numerous concerns raised by NAFCU regarding privacy and security procedures that should be enhanced by CFPB in implementing its data collection.