Federal Reserve Blasts CFPB Data Security in Report

A report published this week by the Office of the Inspector General (OIG) of the Federal Reserve detailed chronic problems at the Consumer Financial Protection Bureau (CFPB) and the agency’s poor protection of sensitive information used in enforcement investigations. The OIG found that the CFPB regularly failed to properly label and store sensitive information, violating agency standards. Further, more than 100 CFPB employees continued to have access to sensitive information after it was no longer necessary to access that data. This increased the risk of unauthorized disclosure. The CFPB has agreed to incorporate nine separate recommendations to improve data security and access. In the past, the CFPB has imposed significant fines and pursued lawsuits against companies for similarly poor data security practices.