Action Needed to Strengthen Oversight of Consumer Reporting Agencies
[Prepared statement before the House Economic and Consumer Policy Subcommittee]
Consumer reporting agencies (CRA) collect, maintain, and sell to third parties large amounts of sensitive data about consumers, including Social Security numbers and credit card numbers. This statement is based on GAO’s Feb 2019 report on the CRA oversight roles of Federal Trade Commission and Consumer Financial Protection Bureau (CFPR). This statement summarizes (1) measures FTC has taken to enforce CRA compliance with requirements to protect consumer information, (2) measures CFPB has taken to ensure CRA protection of consumer information, and (3) actions consumers can take after a breach.
In its Feb 2019 report, GAO recommended that Congress consider giving FTC civil penalty authority to enforce Gramm-Leach Bliley Act's (GLBA) safeguarding provisions. FTC lacks a practical enforcement tool for imposing civil money penalties that could help to deter companies, including CRAs, from violating data security provisions of GLBA and its implementing regulations. GAO also recommended that CFPB (1) identify additional sources of information on larger CRAs, and (2) reassess its prioritization of examinations to address CRA data security. CFPB neither agreed nor disagreed with GAO’s recommendations.
Action Needed to Strengthen Oversight of Consumer Reporting Agencies