At a hearing on Tuesday before the House Financial Services Committee, a top official from the Consumer Financial Protection Bureau told lawmakers he was unable to say how many Americans the agency has gathered financial data on -- information on bank accounts, credit cards, mortgages, auto loans and payday advances.
Steven Antonakes, acting deputy director of the CFPB, was called to respond to a Bloomberg report which stated that the agency "is demanding records from the banks and is buying anonymous information about at least 10 million consumers from companies including Experian Plc (EXPN)." According to CFPB Director Richard Cordray, the purpose of the data collection is to enable better rule-making and enforcement by helping regulators uncover areas of potential abuse. But banks, which have resisted the additional oversight that the CFPB represents, have complained that the bureau's data demands were excessive, and congressional Republicans are trying to tie the agency's efforts to the recent scandals to hit the IRS and the NSA.
The law that created the CFPB contains language intended to protect consumer privacy, prohibiting data collection "for purposes of gathering or analyzing the personally identifiable financial information of consumers" -- unless that data is provided voluntarily. And Antonakes insisted that the CFPB acts in accordance with the law. But that didn't appease Republican congressmen, according to MarketWatch, one of whom spoke of "a veil of secrecy around the collecting of data." Another commented, "The fact that you are so ill-prepared to answer questions today speaks volumes." Antonakes said he would tell the committee at a later date how many consumers' information the agency has gathered.
Democrats, predictably, defended the CFPB, observing that its work is "data-driven" and requires an understanding of financial markets and institutions. But Republicans seem to think the public's renewed concerns about mass surveillance might help their campaign against the two year-old consumer protection agency: A pre-hearing blog post by the GOP-controlled House Financial Services Committee was titled "Big Brother Is Watching... Your Bank Account."
"Not only is the CFPB needlessly invading Americans' privacy," the message warned, "their actions could be putting you at greater risk of identity theft or other financial crimes." No explanation was given about how the agency's actions might lead to such disturbing results. But comments by CFPB officials have at times played into the hands of its foes. For example, there is reportedly no plan in place for the destruction of personally identifiable data, which Antonakes said the agency intends to hold onto for about 10 years.
And in the original Bloomberg story, the CFPB's assistant director for research, Harvard economics professor Sendhil Mullainathan, was quoted sounding enthusiastic about building a vast repository of information:
"It's credible to say that within the next year, CFPB will be the best place for consumer finance data. Anybody who wants to do research on consumer finance will want to be there."
But Mullainathan also said he was "very sympathetic" to concerns about bulk data collection: "I understand that people don't want firms doing it, so why would you want the government doing it? It seems invasive." The question is whether consumers feel the benefits of a muscular CFPB are worth the cost of having the government monitor their financial activity.
You Thought You Were Safe? The Myths and Realities of Your Online Security
House Republicans Grill CFPB Official About Data Collection
For years, security professionals have emphasized the importance of shredding your personal documents before you throw them out. But Holland notes that shredding isn't as much of a priority as it used to be. "There aren't nearly as many documents with personal information out there as there were even just two years ago," he explains. "These days, it's much easier to get your information off your computer."
Passwords are your first line of defense against intruders. But, as Holland points out, even the most careful people sometimes have password breaches. "I've helped chief privacy officers from health care and security firms," he notes. "If they're getting hit, then anyone is vulnerable." While Holland notes the importance of having a good password, he emphasizes that the most important thing is paying attention to password breach notifications. If you hear that one of your passwords may have been breached, he counsels, change it immediately. And, because many of your accounts may be linked, he notes, it's not a bad idea to change the rest of your passwords as well.
One piece of advice that you don't often hear is to keep on top of software updates. But, Holland argues, updating your operating system, your software, and your security programs is one of the easiest and most important ways to ensure your security. Software companies spend a lot of time and money trying to stay ahead of online intruders -- it only makes sense to take advantage of their work.
Even if you are convinced that your security is state-of-the-art and your password is unbreakable, it never hurts to double-check your most sensitive accounts. Holland suggests regularly checking your bank and credit card statements to ensure that there aren't any inappropriate charges on your accounts. As a side benefit, this is also a great way to catch any unexpected fees that your bank may try to spring on you.
When a breach happens, a fast response can mean the difference between a minor annoyance and a major pain in the neck. With that in mind, Holland suggests talking to your bank about having transaction alerts placed on your account. Every time your account is credited with a transaction over a particular amount -- $50, for example -- your bank will send you an e-mail or text notification. If it's an expected transaction, you can discard the message; if not, you'll be able to respond immediately.
Every year, you are entitled to a free credit report from each of the reporting bureaus. Holland suggests taking advantage of this free service, noting that your credit report is a great way to track your outstanding debts and ensure that nobody is trying to open false accounts in your name. He emphasizes, however, that the best way to get your free report is by going to AnnualCreditReport.com, not FreeCreditReport.com. "That site's a scam," he laughs.