The American Banking Association today told House lawmakers that it supports applying privacy and data security protection standards to nonbank industries as long as the requirements do not conflict with those already in place for banks.
The House Financial Services Subcommittee on Financial Services today held a hearing on data privacy in the financial system. In a statement for the record, ABA noted its bank members have been subject to extensive federal privacy and data protection laws and regulations for almost half a century, including the requirements of the Gramm-Leach-Bliley Act.
“With the GLBA, Congress carefully constructed a privacy and data security regime that provides consumers with meaningful privacy rights, while also ensuring that consumers can conduct financial transactions seamlessly and safely,” the association said.
ABA made several suggestions as lawmakers consider data privacy legislation:
- Any new federal privacy law should preempt existing state laws to avoid inconsistent and duplicative requirements that could potentially disrupt financial markets, transactions and accounts.
- A federal law should preserve GLBA’s existing administrative enforcement structure for financial institutions.
- Any privacy laws pertaining to artificial intelligence must not duplicate or be inconsistent with requirements already applied to financial institutions.
- Any regulation implementing Section 1033 of the Dodd-Frank Act – which pertains to data sharing – must strictly adhere to the statutory text due to the myriad of privacy, security and financial risks that may result.
“Consumers trust banks because they know their personal data is secure,” ABA said. “Unlike commercial entities in other sectors, banks are subject to robust privacy requirements under the GLBA and other federal privacy laws. The ABA supports applying consumer privacy and data security protection standards to additional who have not been subject to robust laws and oversight in the protection of consumer data.”
