Home Advocacy CFPB Union sounds alarm: urgent action needed to protect sensitive consumer and industry data

CFPB Union sounds alarm: urgent action needed to protect sensitive consumer and industry data

Posted on Posted in Advocacy

Today, certain DOGE employees were added to the CFPB’s email directory and were spotted in the building. 

To ensure compliance with federal consumer protection laws and identify unfair, deceptive, or abusive acts and practices in connection with consumer financial products and services, the CFPB collects and maintains a vast amount of data, including sensitive information about individuals and businesses, including banks and other financial institutions. Access to this information is carefully controlled, as required for all information collected by the federal government, in accordance with applicable law. Bargaining unit employees of the CFPB Union NTEU 335 are deeply concerned that despite the CFPB’s robust data security protocols, cybersecurity training, and vigorous efforts to mitigate reidentification risks, such legally-protected, sensitive data of businesses and individuals will be exposed and used in inappropriate ways. 

Recently, a group of senators wrote a letter indicating that DOGE officials have transferred data to commercial servers that may not have been vetted for compliance with security and privacy requirements. The senators separately wrote to Susie Wiles, chief of staff to Trump, noting that “Government employees and contractors only receive access to such information after they have undergone a rigorous background investigation and demonstrated a ‘need to know,’” they said, while also expressing concern about access to sensitive personal information. “Circumventing these requirements creates enormous counterintelligence and security risks.” In addition, the New York Times reported on DOGE actions that risk exposure of classified and sensitive information and cybersecurity experts have compared the DOGE activity to a data breach. Federal employees have also sued over alleged privacy violations. 

There is also the question of security concerns raised by DOGE individuals with outside business interests, as well as reporting that DOGE employees are using AI technology, which may not have undergone internal tests or for which there are no agency guidelines as to access and use, to analyze sensitive federal data.

CFPB Union NTEU 335 Members are alarmed about the implications of these reports for the CFPB’s sensitive, nonpublic data. For example, the CFPB has gathered a wealth of proprietary information from big tech payment platforms that could be exploited by someone with a conflict of interest to corner the payments industry. A potential breach could also have serious ramifications for banks and other CFPB-supervised institutions that incur significant costs to both safeguard their customer’s personally identifiable information (PII) and meet their obligations under the Home Mortgage Disclosure Act (HMDA) and other consumer financial laws.

While CFPB Union NTEU 335 plan to use all avenues, including legal ones, to protect our own private employee data as well as that of consumers and financial institutions that we have sworn to safeguard, we also call upon consumer advocates, industry stakeholders, lawmakers, and all concerned citizens to help us thwart this potentially dangerous incursion.