Newsroom

NAFCU released a new issue brief on Wednesday detailing what Congress should do to protect Americans and their credit unions from significant data privacy harms, noting that “the current patchwork of state and federal data privacy legislation and regulation is both insufficient to adequately protect any American’s data across the entire economy and unnecessarily burdensome to credit unions and other federally insured financial institutions.” 

Instead of the current patchwork, NAFCU’s brief encourages Congress to enact comprehensive federal data privacy legislation that: 

·         Recognizes the strengths and efficiencies of existing federal data privacy legislation and regulation and fully exempts credit unions and other already federally insured financial institutions from new federal data privacy standards; 

·         Expressly preempts all state data privacy legislation and regulation; 

·         Vests exclusive rulemaking and discretionary enforcement authorities in covered entities’ respective primary regulators; 

·         Requires that all covered entities meet a robust information security standard; 

·         Requires that all covered entities use uniform, easily-accessible data privacy disclosures; and 

·         Establishes principles-based compliance safe harbors for covered entities taking reasonable steps to meet their data privacy responsibilities. 

In addition, the brief notes that of the five states that have passed comprehensive data privacy legislation, every state except California has fully exempted credit unions based on their compliance with data privacy standards in the Gramm-Leach-Bliley Act.  

NAFCU also notes in its brief that the association has reiterated for years “that data practices at insufficiently regulated businesses, including social media companies and uninsured financial technology companies, are rife with significant, avoidable data privacy risks that may cause Americans and their credit unions significant harm.”   

NAFCU’s Senior Vice President of Government Affairs Greg Mesack highlighted the key elements of NAFCU’s stance on data privacy in a July letter to the House Committee on Energy and Commerce prior to the committee’s markup of H.R. 8152, the American Data Privacy and Protection Act (ADPPA) and H.R. 3962, the Securing and Enabling Commerce Using Remote and Electronic (SECURE) Notarization Act of 2021. 

Read the full issue brief. NAFCU will continue to highlight the importance of data privacy and advocate for stronger data privacy practices to protect credit unions and their members.