Politics & Government

Consumer protection agency’s data collection comes under scrutiny

Senator Mike Crapo of Idaho
Senator Mike Crapo of Idaho Pete Marovich/MCT

Amid the debate about whether national security operations have intruded on Americans’ privacy, the collection of personal data by a federal consumer protection agency has prompted questions about whether its efforts have gone too far.

The Consumer Financial Protection Bureau has spent more than $20 million “collecting and tracking spending habits of more than 10 million Americans,” Sen. Mike Crapo, R-Idaho, said in a letter last month to the agency seeking information about its work.

As a result, the Government Accountability Office has begun an investigation of the scope of the data collection and privacy protections at the 2-year-old agency. It was created as part of the 2010 Dodd-Frank banking reform law to ensure that consumers are protected from predatory credit agencies and mortgage lenders.

“Many Americans are understandably unsettled by news reports about the National Security Agency’s widespread monitoring of telephone and Internet traffic,” Diane Katz, a research fellow at the conservative Heritage Foundation, wrote on the think tank’s website. “Attracting far less attention is the rampant snooping of a more personalized nature carried out daily” by the consumer protection bureau.

Richard Cordray, the bureau’s director, has been defending the data collection methods even before the GAO investigation began in mid-July.

“The bureau makes every effort to be a data-driven agency,” he said in a letter to Crapo. “As illustrated by events leading to the recent financial crisis, financial regulators must have timely and accurate information about the markets they regulate.”

The bureau, a target of Republican lawmakers and other critics since its beginnings, collects four types of data, officials have said: commercially available, publicly available, voluntarily reported, and so-called supervisory data, which is information it can collect under its regulatory power.

The agency’s analysis of such data has led to investigations of major credit card companies, uncovering unfair marketing and billing practices. This week, it sued the Nevada-based legal services firm of Morgan Drexen Inc. “for charging illegal upfront fees and deceiving consumers.”

“This company took advantage of people who were struggling,” Cordray said in a statement.

In response, Morgan Drexen said in a statement that the consumer protection bureau was “attempting to avoid its date with destiny.” It was referring to a lawsuit that the company filed against the bureau last month, alleging that it had exceeded its authority by requesting financial data and communications from some Morgan Drexen clients that the firm argued were covered by attorney-client privilege.

“We’re sticking by our guns and we’re going to keep fighting,” said Karen Carlson, a Morgan Drexen spokeswoman.

Other recent Consumer Financial Protection Bureau investigations have led to settlements with Capital One Bank and Discover Financial Services of more than $200 million each, and an aggregate $250 million returned to wronged consumers, according to Dylan Howard, an attorney and expert on regulatory compliance for mortgage lenders.

The bureau reported more than $430 million returned to consumers since its creation two years ago as a result of the use of data analysis and regulatory enforcement.

The agency has said that most of the data it collects is also available to other regulatory agencies, and much of it is anonymous and used as well by the Federal Reserve, retailers and consumer product manufacturers.

But Katz of the Heritage Foundation said that the expansive collection of consumer data creates “an Orwell-worthy database on all manner of spending.”

Some of the critics’ concerns stem from the lack of congressional and executive branch oversight because of the autonomy the agency has been given as a part of the Federal Reserve.

“Often unfocused, overly inclusive, and not coordinated with other regulators,” is how the U.S. Chamber of Commerce in a letter to Cordray described the bureau’s demands for data.

Many Democrats defend the bureau’s data collection as vital to carrying out its mandate, even as they acknowledge the need for sensitivity in handling individual privacy rights.

“If we’re going to expect the (agency) to create a level playing field for consumers, they’re going to need to have at least the same level of access to information about consumers as the largest banks and financial services providers have,” Rep. Maxine Waters, D-Calif., said at a hearing in July on the bureau’s data collection.

A report by the consumer protection bureau’s inspector general noted a need for a comprehensive strategy to guide agency-wide information security.

On Capitol Hill, the House of Representatives launched an investigation earlier this month into four former bureau employees who left to start a business, raising concerns that they were gaming the regulations they helped write.

Howard said that lawmakers might be less worried about the agency if it were to collect information only for specific complaints against specific companies. But consumer protection bureau officials see that “part of their mandate is just to flat-out gather information, even if it’s not about a specific complaint,” he said. “That’s what’s catching political heat.”