After Americans learned the extent of the National Security Agency’s (NSA) electronic surveillance program, the outrage led Congress to pass new limits on the agency’s ability to collect private citizens’ data without warrants. Those limits on government surveillance, however, don’t extend to the CFPB.

The CFPB plans to monitor 95% of all credit card transactions by 2016. As former Speaker of the House Newt Gingrich wrote in an op-ed for the Wall Street Journal:

Every month the CFPB also gathers data on 22 million mortgages, 5.5 million student loans, two million bank accounts with overdraft fees, and hundreds of thousands of auto sales, credit scores and deposit advance loans.

The agency claims most of the data it acquires through third parties is anonymous. But as in the case with the NSA surveillance, anonymous means only that the CFPB hasn’t connected the data with a name at the time they collect it. All of the data the CFPB is accumulating adds up to millions of detailed profiles of American citizens.

That’s a lot of detailed data entrusted to an agency that has been criticized by government watchdogs for inadequate data security. A 2014 audit by the Office of Inspector General of the determined that problems with the CFPB’s information security program persist, specifically expressing concerns that the CFPB was lacking in areas of security control and techniques. If Americans had any idea how much data this regulatory behemoth had on them (and how lax its security protocols are), they’d likely push Congress to finally reign in the CFPB’s sweeping powers.