The Bureau of Consumer Financial Protection has resumed the collection of consumers’ personal information, after an outside review signed off on the agency’s information security procedures.
Mick Mulvaney, the acting director of the CFPB, had implemented the collection freeze as one of his first actions after being named to the post in last November following the resignation of former director Richard Cordray.
Mulvaney made the announcement that the freeze had been lifted in an email to CFPB employees last week.
“Out of an abundance of caution and a desire to protect Americans’ privacy, I placed a hold on the collection of personally identifiable information and other sensitive data,” Mulvaney said in the memo to CFPB employees. “We can lift that hold.”
The decision to no longer collect the personal information of consumers was a contentious one. Mulvaney said the freeze was put in place in order to ensure that the agency’s data protection safeguards were sufficient to protect the personal information of millions of consumers while critics of the decision claim the freeze was announced as a means of “hobbling” the CFPB’s consumer protection efforts, according to a published report.
Members of the Senate Banking Committee and House Financial Services Committee raised the issue when Mulvaney testified before them in April. During his testimony, Mulvaney revealed that the CFPB had suffered a number of data and security breaches, which occurred before he took office. As part of the review, white-hat hackers attempted to penetrate the CFPB’s firewalls and identify potential vulnerabilities. Mulvaney did disclose that some agency employees opened emails that, had they been sent by actual hackers, could have contained malware and captured “sensitive data.” He said the agency would step up its training on detecting and dealing with “suspicious emails.”