Government Accountability Office comprehensive study released Monday confirmed the Consumer Financial Protection Bureau is collecting financial data on up to 600 million consumer credit card accounts.

The report states that the CFPB is doing so without sufficient security and privacy protections to ensure there is no risk of improper collection, use, or release of consumer financial data, but the CFPB says that's not the case.  

Buried in the report, it should be noted, the GAO does document that the CFPB is collecting de-identified information on 25-75 million credit card accounts. Other federal financial regulators’ credit card data collection activities are documented in the report as well, and start on page 28. A PDF of the GAO report can be viewed here.

Sam Gilford, spokesperson for the CFPB, contacted HousingWire after publication of the initial story, explaining the bureau’s position.

“Data is essential for effective financial regulation. It allows regulators to see how markets are functioning and monitor the impact of rules,” Gilford said. “As GAO stated in its report, ‘[p]rior to and during the 2007-2009 financial crisis, [GAO] and others noted that the lack of data on consumer financial products and services hindered federal oversight in areas such as mortgages and fair lending.’”

Gilford said that CFPB’s practices are within norms for other regulators. 

“The GAO’s report recognizes that the Bureau collects data on a scale similar to other regulators and uses that data to carry out its mission to protect consumers,” he said. “The CFPB agrees with the GAO’s recommendations, which focus primarily on documentation of processes related to data collection.

“As the report notes, the majority of the large datasets maintained by the CFPB are de-identified, and many of the largest datasets maintained by the CFPB use data procured from commercial aggregators, which is also available for purchase by private companies,” Gilford said.

Gilford said that the CFPB has disclosed details of its market-monitoring on numerous occasions over the past several years, including in Congressional testimony and correspondence, and in public documents such as its Strategic Plan, Budget, and Performance Plan and Report.

The nonpartisan GAO report, requested by U.S. Senator Mike Crapo, R-Idaho, details the CFPB’s large-scale collection of consumer financial data from 2012 through 2014.

It confirms the existence of personal identifiers in CFPB’s data collections, and raises the concern that CFPB lacks written policies and procedures for data privacy and protection.

“The CFPB’s massive data collection effort is an unwarranted, unwelcome intrusion into the private financial lives of millions of Americans,” Crapo said in a written release. “This GAO report confirms what the Bureau would not — that it has been collecting information on up to 600 million American financial accounts, and it does not have the proper safeguards in place to protect the information it is collecting. At a time when data and identity-related crimes are at an all-time high, the last thing the American people need is one more federal agency collecting their private financial information.” 

The CFPB has been collecting data on consumers since 2012, both for its larger credit database and the proposed National Mortgage Database, which it is building jointly with the Federal Housing Finance Agency.

House and Senate members from both parties have raised serious questions about this Big Data collection, and the CFPB has repeatedly failed to provide sufficient information regarding its protection.