New IT chief at data-grabbing Dodd-Frank agency lacks tech experience
Posted By Brendan Bordelon On 8:03 PM 11/08/2013
The new technology head at the Consumer Financial Protection Bureau — a Dodd-Frank agency collecting and storing the sensitive financial data of millions of Americans — is a relative novice with no experience in information security.
The Daily Caller News Foundation obtained an internal email announcing Ashwin Vasan’s appointment to chief technology and innovation officer (CIO) on Oct. 22. “I’m confident that Ashwin with his background in general management and understanding of the Bureau’s mission, will work closely with the deep talent on our T&I team to help achieve amazing technology results,” the bureau’s operating chief wrote.
Conspicuously absent from the email’s glowing recommendation was the mention of any tech experience. Although he held economic and management positions at a variety of firms before joining the bureau, Vasan’s experience in information technology is surprisingly thin. His resume, also obtained by TheDCNF, reveals one brief stint as an associate IT consultant nearly 15 years ago, long before his 2007 graduation from law school.
Vasan’s June 2011 arrival at the bureau as an adviser to director Richard Cordray brought few opportunities for additional tech experience. His resume gives the impression of a jack of all trades, bouncing around from consumer responses to mortgage rulemaking to general policy planning and governance. Although he does chair a technology strategy committee at the bureau, a source tells TheDCNF he’s only held that position for a few months.
The lack of tech familiarity is remarkable, even within the CFPB. Vasan replaces Matthew Burton, whose resume demonstrates at least eight years of experience in information technology, software development and web strategy. Burton replaced Chris Willey, the bureau’s first chief information officer, who previously held tech officer positions for the Washington, D.C. city government and the federal Office of Personnel Management.
IT experts worry about the damage inexperienced CIOs can cause. “CIOs must have at least some level of technical knowledge,” writes Scott Low in Tech Decision Maker. “They need to understand what it really takes to keep the lights on.”
“Would you hire a Chief Financial Officer that had only ancillary experience in finance?” he asked.
Vasan’s inexperience could potentially impact data security most of all. His agency is in the process of collecting intimate financial data on 5 to 10 million Americans, including specific credit card transactions and mortgage data. Although the bureau claims the massive database is necessary to regulate America’s financial markets, critics charge that the program is invasive, unnecessary and potentially illegal.
It may also prove a prime target for hackers. The bureau’s inspector general identified deficiencies in the agency’s data security systems last year, leading Idaho Sen. Mike Crapo, ranking Republican on the Senate Banking Committee, to request a Government Accountability Office investigation. “We need to know what safeguards are in place to prevent the collection or use of the data [the Bureau] is collecting,” he said in July.
The financial industry has also voiced concerns. “Companies that have inquired about the Bureau’s data security procedures in connection with these data demands have also found that those procedures are below the standards in the industry,” the U.S. Chamber of Commerce wrote to bureau director Richard Cordray in June.
“The [bureau] has been ill-prepared to build such a database from the start, and ventured outside of its Dodd-Frank mandate to do so,” John Berlau, a researcher at the Competitive Enterprise Institute, told TheDCNF. “The [bureau] should … cease building its massive NSA-like database, and expend all efforts to dispose of the data it has already collected in a safe and secure manner.”
A CFPB spokeswoman confirmed Vasan’s promotion to TheDCNF. “Ashwin Vasan was selected to serve as the [Bureau's] Chief Information Officer in a competitive application process that included the public posting of the position,” she said in a statement.