The Consumer Financial Protection Bureau’s privacy practices came under scrutiny Tuesday (March 12) during a U.S. Senate hearing, further proof that issues related to online security and privacy are increasingly a topic that has the attention of lawmakers and regulators, and not just in the U.S. The concerns were raised as part of a hearing that also touched upon such matters as the agency’s structure and authority.
The hearing, before the U.S. Senate Committee on Banking, Housing and Urban Affairs, followed a similar hearing last week for the agency before the U.S. House Financial Services Committee, which is now controlled by Democrats. (The Senate remains in Republican hands.) The occasion for these hearings was the federal agency’s semi-annual report to the U.S. Congress. The hearings come at a fraught time for the CFPB, which recently announced new leadership and has faced pullback of its mission and power under the Trump Administration.
Kathy Kraninger, the agency’s director, broke little new ground on Tuesday when speaking before members of the Senate committee, at least when compared to the House hearing last week. But she was asked fresh questions about the CFPB’s data collection and privacy policies. According to a report, Sen. Mike Crapo, Republican from Idaho, voiced “his concern about the Bureau’s voluminous data collection practices and whether the Bureau is ensuring that consumer privacy is at risk from these practices.”
For her part, Kraninger said she has the same concerns. She told the committee that the “bureau is reviewing its internal policies, including how it collects data and how that data can be accessed, in order to ensure protection of consumers. The bureau aims to limit the data it collects to only what is necessary for it to do its job.”
Those concerns over privacy expressed at Tuesday’s Senate hearing come amid other online privacy and security efforts at the federal level, and not just stemming from Congress. For instance, last week, the Federal Trade Commission requested comment on the proposed amendments of two rules that protect the privacy and security of customer data held by financial institutions.
The proposed changes are related to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule, which went into effect in 2003, requires financial institutions to develop, implement and maintain a comprehensive information security program. The Privacy Rule, introduced in 2000, requires a financial institution to inform customers about its information-sharing practices, as well as enable customers to opt out of having their information shared.
Also at the Tuesday Senate hearing, Sen. John Kenney, Republican from Louisiana, “spent a significant portion of his questioning time asking about the bureau’s structure,” according to the report and coverage of the hearing. “When asked about whether the bureau should be governed by a board rather than a single director or whether the bureau should be accountable to Congress’ appropriation powers, Kraninger testified that this is up to Congress and that she would carry out whatever legislative requirements are enacted. Sen. Kennedy also expressed his concerns that the bureau’s director cannot fire the heads of the bureau’s different divisions.”
Tuesday’s hearing was reportedly less tense than Kraninger’s appearance last week before the House Financial Services Committee. During that hearing, Committee Chair Rep. Maxine Waters argued the Trump-appointed leadership is trying to undermine the agency’s mission. Waters said the Trump Administration has “undertaken a sustained effort to destroy the agency.” She said she’s committed to reversing the damage caused by interim head Mick Mulvaney, who is now the acting chief of staff for Trump.
Kraninger succeeded Mulvaney in December. Mulvaney was a critic of the CFPB before he was made director. When he was in charge, he called for many of the rules and regulations put in place by the CFPB to be scaled back. The appointment of Kraninger was opposed by Democrats, they said at the time, due to her lack of relevant experience.
Controversy will almost certainly continue to follow the CFPB no matter who’s in charge, and it’s also a safe bet that lawmakers will spend even more time this year with online privacy and security issues.