The U.S. Chamber of Commerce is accusing the Consumer Financial Protection Bureau of breaking the law in collecting detailed information on individual credit-card accounts.
"The bureau has not issued an order or regulation imposing on businesses an obligation to provide account-level data on an ongoing basis," David Hirschmann, chief executive officer of the chamber's Center for Capital Markets Competitiveness, wrote in a June 19 letter to the agency. "Because it has failed to comply with this statutory requirement, we believe the Bureau's data demands are unlawful."
Hirschman called on the bureau to address how it collects and protects data "expeditiously, transparently and in detail."
In charging that the bureau's data-collection work violates the law, the chamber cited the 2010 Dodd-Frank Act that created the agency. The legislation speaks of data collection "in such form and within such reasonable period of time as the Bureau may prescribe by rule or order."
"The bureau's existing data-gathering activities are authorized by the Dodd-Frank Act and do not require additional rulemaking," said Jen Howard, a spokeswoman for CFPB. The law requires the agency to collect information from companies it supervises to assess compliance with consumer-protection laws and detect risks to consumers, she said.
The center, which does not disclose its membership, has spoken out about the data collection at the behest of large banks who help the bureau, according to two people briefed on its work. The CFPB's program has consisted of both purchases of commercially available data and requests for data from the banks that CFPB directly supervises, those with assets of more than $10 billion.
The bureau's data collection became the subject of an April 23 hearing at which CFPB Director Richard Cordray insisted it didn't invade consumers' privacy, is crucial to good regulation and mimics approaches already in wide use in the private sector.
"The big banks know more about you than you know about yourself," Cordray said at a hearing of the Senate Banking Committee. "And me, too, as a consumer."
The chamber also asked for more information about how the bureau intends to protect the confidentiality of the data.
The business group said the agency is implementing a system that assigns an "identifier" to data unique to each individual, while leaving out the consumer's name. "If the bureau does take this step, that will enable the bureau to construct even more detailed profiles of individuals' financial activities," the chamber wrote.
