A federal court last week again ruled in favor of Mick Mulvaney as the rightful head of the Consumer Financial Protection Bureau, which strengthens his hand on such issues as the recent decision to freeze data collection in light of cybersecurity concerns.
But Sen. Elizabeth Warren, D-Mass., who conceived the idea of the consumer agency, which critics say has too much and often undefined power, strongly objected to the agency’s temporary halt in data collection just last week.
“CFPB cannot fulfill its core functions without collecting personally identifiable information,” Warren wrote in a Jan. 4 letter to top CFPB officials.
“When a consumer submits a complaint, the CFPB asks for information, such as their name and account number, to enable the agency to help resolve the dispute,” Warren continued.
“CFPB bank examiners and enforcement lawyers regularly use account-level data provided by regulated institutions to detect improper and unlawful activity.”
President Donald Trump appointed Mulvaney to be acting CFPB director, in addition to continuing to serve as director of the Office of Management and Budget. In December, Mulvaney announced plans to halt personal-data collection after an inspector general’s report warned of cybersecurity problems with the agency.
“I think we should find ways to have as rigorous a data-security program as possible here before we start expecting that from people who we oversee out in the industry,” Mulvaney told reporters at the time.
However, in her letter last week, Warren—who was previously critical of metadata collection by the National Security Agency—said hobbling CFPB data-gathering endangers consumers vis-a-vis financial institutions.
“Examinations are data-driven and granular. If examiners aren’t able to request information from the relevant financial institution, they can’t do their job,” Warren’s letter said.
In June 2013, as a first-year senator, Warren joined a bipartisan group of 26 senators in a letter to then-Director of National Intelligence James Clapper, raising questions about the NSA metadata gathering.
Warren’s office did not respond to inquiries from The Daily Signal for this article.
Even former CFPB Director Richard Cordray has said the personal information isn’t entirely safe, countered House Financial Services Committee Chairman Jeb Hensarling, R-Texas.
“The American people should rightfully be worried about the massive amounts of private information a single government agency collects on their personal lives, especially when the former director of the agency acknowledged that the data held by the CFPB is ‘not 100% secure,’” Hensarling told The Daily Signal in an email statement.
“In this age of criminal hackers, data breaches and identity theft, we must safeguard the privacy and security of America’s private, personal information,” the Texas lawmaker added. “Considering the scale of data-collection efforts by the CFPB, I applaud Acting Director Mulvaney for taking such bold action to protect Americans.”
The temporary halt is perfectly reasonable, said Ronald L. Rubin, a former CFPB enforcement lawyer and a former chief adviser on regulatory policy for the House Financial Services Committee.
“If you would like to know what Elizabeth Warren is going to protest tomorrow, just look at whatever Mick Mulvaney is doing tomorrow,” Rubin told The Daily Signal. “Given Equifax and other problems, it’s hard to understand why you wouldn’t be cautious about data collection in any shape or form.”
Rubin added that the stop is temporary.
“Data collection has always been something Republicans were worried about at the CFPB,” he said. “People of all political backgrounds are concerned about their information being compromised.”
In a report released Oct. 30, CFPB Inspector General Mark Bialek said:
The Office of Inspector General has likewise identified information security as a major management challenge for the CFPB, due to the advanced, persistent threat to government information technology (IT) infrastructure.
CFPB management needs to continue improving its information security program, overseeing the security of contractor-operated information systems, transitioning IT resources from the U.S. Department of the Treasury (Treasury), and ensuring that personally identifiable information is properly protected.
Before that, a Government Accountability Office report from September 2014 noted serious concerns about the privacy and security of the consumers whose data are being collected by the CFPB.
The GAO found the CFPB was collecting more information than was necessary for its regulatory mission, from 87 percent of the credit card market. It further said the agency’s 12 mass data collections had information on 173 million loans.
The agency already has accountability issues, said Norbert Michel, director of the Center for Data Analysis at The Heritage Foundation, who has been a CFPB critic.
“It brings up questions of why do they need to collect so much information,” he said. “We know the potential for problems with personal data. If the mass data collection isn’t well-defined, who knows if it is secure?”
Warren’s letter identified Leandra English as the “acting director” of the CFPB, despite a court ruling rejecting a request for a temporary restraining order to block Trump from appointing Mulvaney as acting director. The letter identified Mulvaney only as the director of the Office of Management and Budget.
After Trump named his budget director to temporarily lead the consumer agency, English, the deputy CFPB director, sued to retain the position to which she had been appointed by Cordray when he departed, and has appealed the court ruling.