This story appeared in Bank Digest.
The Office of Inspector General for the Consumer Financial Protection Bureau and the Federal Reserve Board has issued a report presenting the independent audit of the Bureau's privacy program and its implementation that was performed by Cotton & Company LLP, an independent certified public accounting firm.
The report concluded that overall, the CFPB "has substantially developed, documented, and implemented a privacy program that addresses applicable federal privacy requirements and security risks related to collecting, processing, handling, storing, and disseminating sensitive privacy data." But the report said the program required improvement in the areas of: (1) identification and maintenance of a comprehensive inventory of personally identifiable information; and (2) physical controls over the CFPB's portable media.
Cotton made two recommendations designed to strengthen the CFPB's privacy and security program.