October 29, 2020

NAFCU's LaBerge urges need for national data privacy, security standard in new podcast

PodcastNAFCU Senior Regulatory Counsel Elizabeth LaBerge appeared on the Association for Data and Cyber Governance's U.S. National Privacy Legislation podcast and discussed NAFCU's involvement in both state and privacy legislative initiatives, as well as the association's role in the formation of an informal alliance of financial trade associations that meet and share information on this topic biweekly.

Currently, LaBerge noted, the informal group – provisionally called the Financial Services Trade Association Data Protection Working Group (FS Data Protection Working Group) – is working closely with the Uniform Law Commission (ULC) as it drafts a uniform privacy law that state legislatures can adopt.

Earlier this year, the FS Data Protection Working Group sent a letter to the ULC with a request to include an exemption for financial institutions covered by the Gramm-Leach-Bliley Act (GLBA) to reduce the compliance burden on credit unions if the draft act is adopted in their state.

The most recent Collection and Use of Personally Identifiable Data Act draft included the GLBA exemption and was read by its drafting committee during the ULC’s NAFCU-attended September livestream meeting. Before the ULC adopts a model act for states to consider, a draft act must have two readings; the September reading was Collection and Use of Personally Identifiable Data Act’s first.

LaBerge explained that as states consider their own data security and privacy standards, a uniform law will serve as an important model to promote consistency across state law as opposed to a patchwork of state privacy laws. NAFCU has continuously advocated for a national privacy and data security standard so credit unions are not subject to multiple privacy frameworks; for more information, the association developed a whitepaper that outlines a set of six key data privacy principles.

During the podcast, LaBerge touched on how the coronavirus pandemic will affect the ULC’s proposal prospects and whether or not the draft act will be adopted by a significant fraction of the 50 states.

LaBerge also shared how NAFCU member credit unions in California have struggled with the “big problem” of mounting costs associated with the California Consumer Privacy Act (CCPA). The association had previously joined with the U.S. Chamber of Commerce and other organizations representing every sector of the American economy to urge California leaders to delay the effective date of the CCPA by two years.

Listen to the full podcast here; for more on this topic, view NAFCU’s resources on data privacy and security here.