ARLINGTON, Va.—Ahead of the Senate Banking Committee data privacy hearing this week, NAFCU Vice President of Legislative Affairs Brad Thaler reiterated the need for national data security and privacy standards and urged members to work collaboratively with other Senate committees to "find a package that can advance and receive bipartisan support."
During the hearing, the committee discussed approaches to data privacy, the impact on the financial services industry and how companies collect and use information in marketing and decision-making.
"Financial regulators are not the only ones engaged in big data collection; private companies are also collecting, processing, analyzing and sharing considerable data on individuals," noted Committee Chairman Mike Crapo (R-ID) in his opening remarks. "The data ecosystem is far more expansive, granular and informative than ever before."
Throughout the hearing, a number of lawmakers and witnesses discussed data privacy and ownership concerns as they relate to the Fair Credit Reporting Act (FCRA). Amendments to the FCRA could potentially affect financial institutions' operations.
European Standard is Discussed
"While depository institutions have had a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard," wrote Thaler. "Along those same lines, we also believe that there is a need for a uniform national consumer data privacy standard as opposed to a patchwork of standards stemming from different state data privacy laws."
The committee also examined the European Union's General Data Protection Regulation (GDPR) in comparison to the previous 1995 Data Protection Directive as an example of broader scope regulation. The substantive requirements of the GDPR, how they differ from existing U.S. mandates and credit unions' approach to it was outlined in an edition of the NAFCU Compliance Monitor published last summer.