Smart and effective consumer protection is preconditioned on the availability of data and information. For this reason, Public Citizen – and numerous leading consumer and privacy groups – strongly support robust and purposeful data collection and analysis by the Consumer Financial Protection Bureau (CFPB).
The CFPB’s consumer financial data collection practices allow it to monitor emerging market trends and business practices that are harmful to consumers and to respond in an effective and proportional manner – in other words, to fulfill the pro-consumer mission created for the agency by the Dodd-Frank Wall Street Reform and Consumer Protection Act.
Not all are on board. Despite being the only federal agency dedicated to protecting the average American consumer from the abusive and unfair business practices of the financial industry, the House Financial Services Subcommittee on Oversight and Investigations dedicated its last hearing of 2015 to attacking the CFPB for purported consumer privacy risks associated with the CFPB’s collection and analysis of consumer data. In yet another attempt to discredit the work of the CFPB, the subcommittee dusted off time-tested, paranoia-inducing talking points and catapulted a series of accusations at the CFPB ranging from the fantastical – likening the CFPB to an NSA-style spy agency, secretly collecting personal information from unsuspecting Americans – to the conceivable, such as potential cyberattacks against the CFPB that might result in data breaches.
While this last concern is at least a plausible one, the reality is that political opponents of the CFPB are looking for ways to stifle the agency to protect their friends on Wall Street (friends who happen to donate generously to their reelection campaigns). These legislators are smart enough to understand the exceptional importance of data to enforce federal consumer financial law and inform the agency’s actions. By blocking access to information, they know they can cripple the CFPB’s ability to hold financial fraudsters accountable.
The subcommittee’s tactics show that they are not really concerned with consumer privacy. Unsurprisingly, the CFPB’s opponents did not acknowledge a recent GAO report to Congress affirming that the CFPB’s data collection and analysis programs are executed in a manner consistent with its statutory mandate under Dodd-Frank. They also chose to ignore the independent evaluation issued in November by the agency’s inspector general finding that the CFPB was consistent with nine out of ten information security risk management guideposts issued pursuant to the Federal Information Security Management Act. Finally, they bypassed any meaningful discussion of the other federal financial regulatory agencies, such as the Federal Reserve and Office of the Comptroller of Currency, that carry out comparable programs to collect and analyze large amounts of financial data.
In fact, despite the underlying premise of the hearing, that the CFPB’s data collection practices risk consumer privacy, the committee has it backwards: the CFPB is statutorily mandated to safeguard private consumer information. The real threat to the security and privacy of consumer information is from the banks and financial institutions that are lobbying to keep the CFPB from using data to protect consumers.
The enormous threat to consumer privacy by banks and financial institutions is a material and present danger. In May, the Los Angeles City Attorney filed a civil lawsuit against Wells Fargo alleging bank employees used their customers’ private information to open fake checking accounts, savings accounts and credit cards to bolster sales figures. The alleged scheme resulted in nightmarish scenarios for affected individuals, damaging credit and illegitimately putting customers into collections. In another scheme involving Wells Fargo and also JPMorgan Chase, the CFPB took action against these banks for improperly sharing consumer information with a title company to operate a marketing-services kickback scheme. The action ultimately resulted in an enforcement order against the banks to hold them accountable for these acts. This type of misconduct regarding the safety and protection of consumer’s personal information should alarm all who are concerned with consumer privacy. The CFPB exists to safeguard Americans from such rapacious conduct.
Despite their desire to neutralize the CFPB’s use of consumer data, banks and other financial institutions appear to agree with the empirical importance placed on data and information to examine market trends, as they themselves routinely use massive amounts of personal and financial consumer data to maximize profit. It is inconsistent reasoning at best to suggest that financial institutions should be free to collect, aggregate, analyze and use vast amounts of consumer information to maximize their profit margins while at the same time attempting to restrict the availability of data from the singular agency tasked with protecting American consumers from abusive financial practices.
Opponents of the CFPB have presented no evidence to suggest that the CFPB is inappropriately using or otherwise mishandling information. And given the copious examples of consumer privacy breaches in the private sector, it is perplexing that there has not been a matching response by the committee to examine their behaviors. In an ironic twist, the day after the subcommittee’s hearing, the CFPB announced charges against two separate business entities for reselling sensitive personal data to unscrupulous lenders and debt collectors, potentially exposing millions of financially vulnerable Americans to harassment, deceit, and further hardship. There was no outcry by the subcommittee regarding this breach of private consumer data.
The real threat to consumer privacy, from the perspective of the consumer and privacy organizations who reiterated their support for the CFPB’s practices in the run-up to the hearing, is the massive and unregulated collection and use of consumer data by financial institutions. It is not simple misfortune for political opponents of the CFPB that not a single privacy group has come forward expressing concern with the CFPB’s data collection.
The subcommittee leadership should stop wasting taxpayer dollars by waging this campaign of misinformation. The CFPB exists for the sole purpose of protecting the financial health and well-being of American families. Consumer financial data is integral to performing this duty. It’s time to close the curtain on this political theater.
Sonia Gill is the civil justice and consumer protection counsel for Public Citizen’s Congress Watch division