IAA Asks Congress to Establish Uniform Federal Data Privacy Standards

The Investment Adviser Association ("IAA") urged Congress to adopt a federal preemption framework to harmonize financial data privacy standards nationwide.

In a comment letter to the House Financial Services Committee, the IAA expressed support for provisions in the Committee’s recent discussion draft that would amend the Gramm-Leach-Bliley Act ("GLBA") to incorporate a federal preemption framework. The IAA cited the complex compliance burdens created by the current patchwork of conflicting state laws. The association highlighted that SEC-registered investment advisers are already subject to stringent federal safeguarding requirements under Regulation S-P ("Privacy of Consumer Financial Information and Safeguarding Personal Information"). The IAA argued that a unified federal standard would eliminate duplicative regulations while ensuring consistent protections for all investors regardless of geography, without diminishing existing consumer protections.

The IAA asked the Committee to consider:

1. Congressional Intent. The IAA emphasized that the original legislative intent behind the GLBA and similar frameworks, such as the National Securities Markets Improvement Act of 1996, was to establish cohesive regulatory standards. The IAA argued that a broad federal preemption clause would align with this historical goal and prevent the fragmentation of financial oversight.
2. Existing Federal Safeguards. The IAA highlighted that investment advisers already operate under a strict, investor-protective federal framework. The IAA noted that the SEC’s recently strengthened Regulation S-P mandates comprehensive incident response programs, breach notification protocols, and rigorous data safeguarding policies, making additional state-level mandates unnecessary and redundant.
3. Geographic Disparities and Compliance Challenges. The IAA pointed out that a "fractured [state-by-state] regulatory environment" creates disparities in investor protection based solely on location and imposes significant operational complexity. The IAA urged Congress to adopt a single national standard so that all advisory clients receive equal privacy rights and treatment.
4. Emerging Technologies. The IAA argued that as firms increasingly adopt new technologies to protect client data, navigating inconsistent state laws creates unnecessary operational hurdles. The IAA recommended a proactive, technology-neutral federal framework that keeps pace with technological advancements, without forcing firms to adapt to fragmented state-level compliance rules.