Five U.S. Senators have sent a letter to CFPB Director Cordray asking how the CFPB plans to address the problems with the CFPB’s internal controls and accounting systems identified in the Government Accountability Office’s report issued on May 21. 

One of those problems was the absence of an agency-wide information security program for the information and information systems that support the CFPB’s financial reporting, operations, and assets.  In our blog post on the GAO report, we commented that although the GAO’s comments on information security appeared to be limited to the CFPB’s financial reporting systems, they caused us to question whether any similar deficiencies exist in the CFPB’s information security program for data that relates to its supervisory activities, such as consumer complaint data.   

Our concern appears to be shared by the five Senators who wrote to Director Cordray. Calling on the CFPB to “promptly address the issues identified by the GAO,” the Senators note that the CFPB “will have unprecedented access to confidential data, including private, personally identifiable consumer information and commercially sensitive information.”  The Senators state that, for that reason, the CFPB “needs to have the strongest possible information security systems in place to protect data provided to it by market participants and consumers.” 

The Senators want to see a written plan from the CFPB by July 6 that describes how the CFPB intends to remedy the problems identified by the GAO.