Best Practices, CPRA, Laws & Regulations, Privacy Trends

Is a Federally-Mandated Privacy Law Coming to the Financial Services Market First?

A draft of a bill on financial data privacy from U.S. Rep. Patrick McHenry, Chairman of the Financial Services Committee, was addressed by the House Financial Services Committee Subcommittee on Financial Institutions and Monetary Policy during the “Revamping and Revitalizing Banking in the 21st Century,” on February 8th. The bill “modernizes Gramm-Leach-Bliley Act Using a Technology-Agnostic Approach.”

As the chairman of the House Financial Services Committee, McHenry’s proposal is one of his top objectives and would amend the Gramm-Leach-Bliley Act to add new data regulations. “Our privacy laws—especially as they relate to financial data—must keep up. This proposal will modernize the current framework to better align with evolving technology and protect against the misuse or overuse of consumers’ personal information. I look forward to continuing to work with my colleagues on this discussion draft to secure Americans’ privacy without strangling innovation,” said McHenry in a news release.

FIMP Hearing on Revamping and Revitalizing Banking in the 21st Century

On February 8th, Chairman of the FIMP Andy Barr said the goal is to “put control back in the hands of the consumer, protect against the misuse or overuse of consumer nonpublic personal information, empower consumers by requiring privacy terms and conditions to be transparent and easily understandable, and provide a national standard for data privacy, thereby reducing compliance burden and providing certainty to both consumers and entities that handle their financial data.”

While no specific discussion notes were released, Chairman Barr said, “I look forward to continuing to work with my colleagues on this discussion draft to secure Americans’ privacy without strangling innovation.”

Key Elements of the Proposed Bill

The GLBA has been updated by this measure to properly reflect the rapidly evolving technology landscape. Financial institutions and consumer interaction, especially nonbank companies, have been modernized by new technological trends. The bill’s consumer protections will ensure contemporary adaptation for emerging innovations and technology.

  • The legislation ensures that consumers can control the sharing of their personal data with entities other than the financial institutions they use. If customers accept a service provider’s privacy policy, the bill gives them the option to choose how their data is gathered and used by the provider. Additionally, customers will have the option to request that their data be deleted and collection to be ceased.
  • According to the law, businesses must explicitly explain to customers why they are gathering specific personal information about them and guarantee that they only use it for those purposes. Companies that must abide by the law must provide customers the choice to discontinue data collecting if it is not necessary for the provision of a good or service. Privacy terms and conditions must be clear and simple to comprehend for the consumer.
  • The bill will establish a nationwide standard to provide consistency for other businesses collecting and using consumers’ personal information, thereby easing their compliance obligations.

How This Affects the General Privacy Landscape

This proposed alteration to the GLBA outlines consumer protections that will apply seamlessly to future innovation and new technologies. While some past legislation doesn’t translate to current-day privacy concerns, as we’ve seen with the Video Privacy Protection Act, some legislation can apply to current privacy practices.

As technology continues to evolve at a rapid pace, regulations will need to account for advancement in not only technology but data collection specifically. We’ve seen bills go through multiple iterations, proposed amendments, and alterations to keep up with changes just in the time from proposal to consideration by governing entities. We expect any federal legislation or rulemaking, whether from the FTC or an umbrella law such as ADPPA, to undergo revisions & updates throughout the lifetime of the legislation to account for technological advancement, as much as possible.


Author

Dan Clarke
Dan Clarke
President, Truyo
February 9, 2023

Let Truyo Be Your Guide Towards Safer AI Adoption

Connect with us today