Fed Urges CFPB to Improve Enforcement Data Security

05/24/17 – Law360 reports that the Consumer Financial Protection Bureau failed to restrict access to sensitive enforcement data by former employees who left the bureau or were reassigned, putting that information at risk.

The report from the inspector general of the Federal Reserve found that the CFPB’s enforcement division granted 113 unique users access to databases with confidential investigative information about companies that were subject to reviews by enforcement staff, 72 of which were still employed by the CFPB but did not need access to that information.

The report also cites the CFPB for having an inconsistent system for labeling enforcement information, as well as inconsistent guidance from the CFPB’s enforcement team leaders, resulting in Office of Enforcement employees using inconsistent practices for handling and safeguarding sensitive information, thereby increasing the risk of inadvertent and unauthorized disclosures.

The CFPB is in agreement with the recommendations made by the inspector general and has pledged to take steps to implement them.

Law360 (sub. req.); Fed. Office of Inspector General website; Report.