Newsroom
NAFCU outlines priorities for data privacy legislation
NAFCU Vice President of Legislative Affairs Brad Thaler wrote to the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce ahead of the committee’s hearing to address data privacy shortfalls. In the letter, Thaler reiterated NAFCU’s call for “comprehensive federal data privacy legislation that protects consumer data, establishes data safeguards, and recognizes the standards that have been in place for over two decades with the Gramm-Leach-Bliley Act (GLBA).”
Thaler touched on NAFCU’s call for Congress to enact comprehensive federal data privacy legislation that:
· recognizes the strengths and efficiencies of existing federal data privacy legislation and regulation and fully exempts credit unions and other federally insured financial institutions from new federal data privacy standards;
· expressly preempts all state data privacy legislation and regulation;
· vests exclusive rulemaking and discretionary enforcement authorities in covered entities’ respective primary regulators;
· requires that all covered entities meet a robust information security standard;
· requires that all covered entities use uniform, easily-accessible data privacy disclosures; and
· establishes principles-based compliance safe harbors for covered entities taking reasonable steps to meet their data privacy responsibilities.
In the letter, Thaler also noted that although NAFCU supports a nation standard for data privacy, the association had concerns around the committee’s bill last Congress, including the GLBA exemption, a private right to action that would allow individuals or states’ attorneys generals to sue covered entities over potential violations, and the bill’s provisions allowing state law to preempt it in certain situations.