X

Associations Urge Congress to Preserve GLBA as the Core Consumer Privacy Framework

"GLBA is a carefully calibrated regime designed to avoid interference with core financial activities that benefit consumers, and will continue to be the most appropriate vehicle to address data privacy for financial institutions."
ABA, SIFMA, ACU, CBA and BPI Joint Letter to House Financial Services Committee
"GLBA is a carefully calibrated regime designed to avoid interference with core financial activities that benefit consumers, and will continue to be the most appropriate vehicle to address data privacy for financial institutions."
ABA, SIFMA, ACU, CBA and BPI Joint Letter to House Financial Services Committee

Five financial trade associations ("Associations") urged the House Financial Services Committee to amend rather than replace the Gramm-Leach-Bliley Act ("GLBA") as the primary federal framework for consumer financial data privacy.

The letter was submitted in response to the Committee’s request for public feedback on potential updates to federal consumer financial data privacy laws. (See previous coverage.) The associations—including the American Bankers Association, America’s Credit Unions, the Bank Policy Institute, the Consumer Bankers Association, and SIFMA—emphasized that GLBA continues to provide the most appropriate structure for financial institutions and cautioned against broad reforms that could duplicate existing requirements.

The associations offered the following recommendations:

  • Preempt state privacy laws: The associations urged Congress to adopt strong federal preemption to eliminate the costly and inconsistent patchwork of state requirements.
  • Expand coverage of emerging entities: The associations recommended clarifying the definition of “financial institution” to include Fintechs, data aggregators, and certain crypto companies to ensure consistent oversight.
  • Reject private rights of action: The associations opposed introducing a litigation mechanism, arguing that compliance should be enforced by federal regulators rather than through costly lawsuits.
  • Create a safe harbor for fraud information sharing: The associations called for protections that allow institutions to share fraud and scam-related data with peers and law enforcement.
  • Harmonize with Dodd-Frank Section 1033: The associations recommended aligning GLBA with consumer-permissioned data access rules to address liability for third-party breaches and discourage risky practices such as screen scraping.
  • Avoid prescriptive mandates: The associations argued against consent-based frameworks, strict data deletion rules, and mandates to disclose specific third-party recipients. They warned such measures could conflict with recordkeeping requirements, heighten security risks, and duplicate existing supervisory standards.

Primary Sources

  1. Joint Trades: Comment Letter: RFI on the State of Current Federal Consumer Financial Data Privacy Law

Related Articles

Tags

Regulated Activities
Data Protection / Cybersecurity
Regulated Entities
Banking Entities Broker-Dealers
Body of Law
Privacy / Data Protection / Cybersecurity
Jurisdiction
US - Federal
Organization
Trade / Industry Associations
Sub-Author
American Bankers Assoc., Bank Policy Institute, SIFMA