Last Tuesday, March 12, the privacy practices of the Consumer Financial Protection Bureau (“CFPB”) came under the spotlight at a U.S. Senate hearing. Questions were also asked about the CFPB’s structure and authority, as regulators and lawmakers focusing their attention on consumer privacy and data security, both in the U.S. and further afield.
The hearing, before the U.S. Senate Committee on Banking, Housing and Urban Affairs, followed a similar hearing last week before the U.S. House Financial Services Committee. These hearings, which form part of the federal agency’s twice-yearly report to Congress, come at a particularly difficult time for the CFPB, which, under the Trump Administration, has suffered a reduction in its powers.
Questions concerning Data Collection and Privacy
The agency’s newly appointed director, Kathy Kraninger, faced questions about the CFPB’s data collection and data privacy practices. According to insideARM, Senator Mike Crapo, R-ID, expressed “his concerns about the Bureau’s voluminous data collection practices and whether the Bureau is ensuring that consumer privacy is not at risk from these practices.”
Ms. Kraninger testified that she shared those concerns and said that the Bureau is currently in the process of reviewing its internal policies. Kraninger explained how the Bureau collects data and how the data can be accessed, to ensure consumers are protected. She told the hearing that the Bureau’s intention is to limit the data it collects to include only what is necessary to do the job, e.g., limiting the collection of personal identifying information.
Concerns regarding privacy, expressed during the hearing, are among other federal privacy and security efforts, which stem not only from Congress. For example, last week, the Federal Trade Commission invited comment on proposed amendments to rules which protect the privacy and security of consumers data held by financial institutions.
The proposed amendments relate to The Safeguards Rule and The Privacy Rule according to the Gramm-Leach-Bliley Act.
The Safeguards Rule, which came into effect in May of 2003, requires that all financial institutions design, implement and maintain safeguards to protect consumer information. The rule applies not only to financial institutions that collect information from their own customers, but also to non-traditional “financial institutions”, such as auto dealerships that receive customer information from financial institutions.
The Privacy Rule, introduced in 2000, requires financial institutions to inform their customers about their respective information-sharing practices, as well as enabling customers to opt-out of having their personal information shared.
CFPB Structure
Senator John Kennedy, R-LA, used a significant amount of his questioning time at the hearing, to enquire about the structure of the bureau. Kennedy wanted to know whether the bureau should be governed by a board of directors, rather than a single director, or if the bureau should be answerable to Congress.
Kraninger replied that this was a decision for Congress but affirmed that she would carry out whatever legislative requirements are enacted.
Reportedly, Tuesday’s hearing was less strained than when Kraninger appeared before the House Financial Services Committee last week. Committee Chair Maxine Waters suggested that the Trump-appointed leadership is attempting to undermine the agency’s mission. Waters claimed the Trump Administration has “undertaken a sustained effort to destroy the agency” and said she is determined to undo the damage caused by interim director Mick Mulvaney, who has since been appointed as acting chief of staff for President Trump.
In December Kraninger took over from former director Mulvaney, who was previously critical of the CFPB. During his tenure, Mulvaney argued for the reduction of many of the rules and regulations implemented by the CFPB. Democrats opposed the appointment of Kraninger, protesting that she lacked relevant experience.
Whoever is in charge at the CFPB, it’s doubtful that there will any let-up in the controversy surrounding the agency. Moreover, it’s highly likely that lawmakers and regulators will be focusing even more of their time on data privacy and security issues, as the year progresses.
Sources & additional info: