But not all government data collection is problematic. Some is actually good, and the facts about particular government data collection programs matter.
Unfortunately, the critics of the Consumer Financial Protection Bureaus data collection havent bothered to learn the basic facts about the data the agency collects before veering off into black helicopter paranoia. And this shows the criticism of the CFPBs data collection for what it really is: a politically motivated attack on the CFPB.
A quick look at the facts of the CFPBs data collection shows that theres really nothing to fear. Much of the data gathered by the Bureau is already public: mortgages are recorded in county land records and auto sales with state DMVs. Most of the data that is not publicly available is commercially available and routinely used by businesses and academics. This just isnt secret or sensitive data.
Very little of the data is publicly identifiable when the CFPB obtains it, and the Bureau anonymizes that data, so Bureau personnel are never working with personally identifiable data. Even if the data were personally identifiable, the nature of the data is that it doesnt reveal anything especially personal. The CFPB collects aggregate account-level data, showing account balances, interest rates, and fees. The data collected by the CFPB does not contain transaction-level data, so the CFPB has no idea what someone has purchased or even where the purchase took place. Consumers can rest easy that the CFPB does not know about their subscriptions to Ashley Madison or donations to the Peoples Liberation Front. The CFPB knows less about consumers purchases than the banks it regulates know. All of this means that there are no legitimate Big Brother concerns about the CFPBs data collection.
What about data security? Data breaches are a fact of modern commercial life. Consumers have to assume that any data they give to merchants, financial institutions, or the government may be compromised. Data breaches dont matter very much, however, unless the data is sensitive, meaning that it is readily monetizeable. Hackers target credit card data for the same reason Willie Sutton held up banks: Thats where the money is.
As it turns out, the credit card data collected by the CFPB is useless to cybercriminals. It does not include account numbers, expiration dates, or security codes. It doesnt even include consumer names and addresses. In short, the CPFB has nothing that a cybercriminal would want. But you wouldnt know that from reading the rantings of CFPB critics.
You also wouldnt know from the complaints of CFPB data critics that government collection of consumer financial data is nothing newthe OCC, FDIC, and Federal Reserve have been doing it for years (often with larger data sets). Indeed, much of the data the CFPB gets is through Memoranda of Understanding with other regulatory agencies. The CFPBs critics have not a word to say about the collection of the same data by other agencies. Apparently, data collection is a problem only when done by the CPFB.
The CFPBs data collection is something that should be applauded rather than criticized. Most of the CFPBs data collection is one-time collections in support of specific rulemakings. Isnt evidence-based policy something we want? A responsible rulemaking on overdraft or payday or arbitration requires knowing something about the state of the market, and that requires data.
Likewise, the CFPBs ongoing data collection is critical to ensuring that the Bureau does not end up behind the ball with market developments, as federal regulators were during the housing bubble. And enforcement of the fair lending laws is not possible without data collection and analysis. Attacks on CFPB data collection are effectively assaults on the fair lending laws.
Evidence-based policymaking is the essence of the CFPBs approach to consumer finance regulation. Unfortunately, the Bureaus implacable ideological opponents are so quick to find fault with the Bureau that they wont let facts get in the way of leveling unfounded and irresponsible charges about abusive data collection.
Adam J. Levitin is a Professor of Law at Georgetown University. The views expressed here are his own.