The American Bankers Association today joined six associations in requesting that House lawmakers exempt financial institutions from any national multi-sector data privacy law as they are already subject to long-standing privacy requirements.
The Data Privacy Working Group was formed by the House Energy and Commerce Committee to explore options for a possible national data privacy framework for all types of entities. In a letter to the committee, the associations noted that the Gramm-Leach-Bliley Act of 1999 already governs the collection, use and sharing of consumer personal information by financial institutions. They requested that any federal data privacy law avoid unintended consequences for banks and credit unions by exempting businesses already subject to the requirements of the GLBA.
The associations said several states have already enacted data privacy laws, and all have some form of GLBA exemption. As a possible template for federal legislation, they pointed to language in the Kentucky Consumer Data Protection Act exempting institutions subject to GLBA, saying it “is optimal in clarity and conciseness.”
The committee also requested data on the cost of compliance with state data privacy laws. The associations said it is challenging to reduce costs to “pure numbers” as state laws can change rapidly, so they provided a list of anecdotes from their members. They also pointed to research that found compliance with California’s data privacy law equated to a $880,000 increase in the average bank’s quarterly operating expenses, even with a carveout for GLBA data.
