WASHINGTON (5/8/14)--A five-part bill that aims to address security flaws in the Consumer Financial Protection Bureau's data collection processes has been introduced in the U.S. House.
The CFPB Data Collection Security Act, which was released by Rep. Lynn Westmoreland (R-Ga.), would:
- Create a consumer opt-out list for CFPB data collection;
- Limit the length of time that data can be held by the CFPB to 60 days after an investigation has been completed;
- Require the bureau to provide one free year of credit monitoring to consumers whose data is used for investigative purposes;
- Require the bureau to be run by a Senate-confirmed director; and
- Create a "confidential" security clearance for certain CFPB employees.
"The CFPB Data Collection Security Act is a simple bill to address a huge problem in protecting your information from not only internal abuse, but from hackers as well. It improves the ability to know what they have and the right to have it removed from their system," Westmoreland said in a release.
Under the Dodd-Frank Act, the CFPB is permitted to gather information on organizations, their business conduct, markets, and activities of covered persons and service providers. This information is filed to the CFPB by financial institutions and other service providers. The CFPB has stressed that any personal information collected is stripped from the agency records. CFPB Director Richard Cordray has said the data is used to examine overall trends, not individual transactions.
The CFPB's data collection practices could increase the risk of identity theft and fraud for consumers, the Credit Union National Association warned in a letter to the bureau earlier this year. CUNA also said it is particularly concerned by the resulting obligations that these data collection efforts may create for credit unions.