Data privacy legislation should recognize existing GLBA standards
Joining with other financial trade organizations, America’s Credit Unions responded to a House Energy and Commerce Committee Data Privacy Working Group request for information by outlining principles that should be part of any legislation aimed at protecting consumer privacy.
Noting that financial services providers already follow strong privacy and data security standards under Gramm-Leach-Bliley Act (GLBA), the organizations say legislation should consider “the strong privacy and data security standards that are already in place for the financial sector under the GLBA and other financial privacy laws and must avoid provisions that duplicate or are inconsistent with those laws.”
The letter further states that national data privacy legislation should:
- Provide clear and direct preemption of all state privacy and data protection provisions to prevent the continued patchwork of requirements imposed on companies;
- Incorporate robust, exclusive enforcement of this national standard by the appropriate federal or state regulators. This includes preserving GLBA’s existing administrative enforcement structure for financial institutions, without adding a private right of action;
- Be consistent with artificial intelligence requirements already applied to financial institutions, without duplication.