Privacy advocates are concerned about a relatively new effort to compile personal finance records as part of analyzing and reporting the monthly housing situation. The Federal Housing Finance Agency (FHFA) and the Consumer Finance Protection Bureau (CFPB) plan to expand the information gathered for the National Mortgage Database Program (NMDP), a collaborative effort between the agencies.
The NMDP was announced in 2012 as a tool to help regulators monitor the health of the mortgage industry and give feedback to policymakers on how well mortgage products are performing, analyze consumer decision making, and evaluate the impact on the total debt burden of consumers. (Translation: the database will include information on all of your loans, whether they are related to mortgages or not.)
The database as currently constructed includes basic information about the mortgage (term, type, price, down payment), various features of the property, and information about the borrower (age, income, debt-to-income ratio, ethnicity, and gender) – but contains no personal identifiers.
The 2012 announcement specifically states, “…the database will not contain personally identifiable information and appropriate precautions will be taken by the agencies to ensure that individual consumers cannot be identified through the database or through any datasets that may be made available to researchers or the public.”
That is about to change.
In an April 16 notice in the Federal Register, the CFPB and FHFA announced a coming expansion of the data gathered, including the aforementioned information on other loans and debts. In essence, your entire credit history is included, from delinquent and late payments to maximum account balances and credit scores.
This expansion includes the owner’s basic personal information (name, address, and Social Security number) as well as a stunning array of other personal information – marital status and composition of the household, employment history, education, and religion among them.
Perhaps the most concerning aspect of this is that the agencies have put forth many things that the data could be used for, but have not said what it will be used for.
FHFA and the CFPB claim the database is necessary to fulfill their reporting mandate to Congress under the Housing and Economic Recovery Act (HERA) of 2008. Some members of Congress disagree that the database is a logical mandate from HERA, and strenuously disagree with the addition of identifiable personal information.
While the database contains information on over 10 million mortgages and mortgage owners, FHFA has contracts with CoreLogic for work on the NMDB. Between historical and active mortgages, CoreLogic has access to databases that cover over 227 million loans.
Privacy advocates have concerns on several fronts, primarily with what the government intends to do with the information in the database. Reports are worthwhile, but what about the raw data? How much database information will be shared, and whom will it be shared with? Further, the expanded NMDB would be a natural target for hackers, and the government does not have the best record of protecting information.
The final concern is that there is currently no mechanism to opt out. Given the option, most people probably would opt out of such a program if they fully understood it, so we understand the omission.
We do not doubt that good and timely information is necessary for a proper analysis of the mortgage market by regulators and policymakers. However, the vast scale and open-endedness of this effort seems to go beyond reporting mandates – and gives the appearance of agencies taking advantage of an opportunity to gather more data than they need, will use, or should possess.