Several states have recently passed data privacy laws with exclusions for data collected by banks and other financial institutions, and that may not be in the best interests of consumers, the Consumer Financial Protection Bureau said in a report released today.
The CFPB noted that several states have adopted consumer data privacy laws in recent years with exemptions for institutions subject to the Gramm-Leach-Bliley Act, which established standards for the collection of data by banks and other institutions, and for activity covered by the Fair Credit Reporting Act. “These exemptions may pull numerous businesses outside of the coverage of these state laws, including banks, consumer reporting agencies, debt collectors, payment processors, credit card issuers, mortgage originators and servicers, and payday lenders, many of which may be capturing and monetizing consumer data,” the bureau said.
The CFPB instead recommended that state policymakers “assess the tradeoffs” associated with those exemptions as they “can leave consumers at heightened risk with regard to their financial data.”
“These protections are important because financial institutions are collecting large quantities of consumer data and building new business models around data monetization, and current federal protections have limits,” the CFPB said in the report. It added that policymakers “should consider whether removing or narrowing these exemptions is appropriate to ensure that consumer financial data is protected.”
