ICBA: GLBA is a solid framework that needs to be modernized

ICBA urged Congress to reduce duplicative Gramm-Leach-Bliley Act requirements for community banks while modernizing the law to ensure nonbank entities are subject to equivalent consumer data privacy standards.

Details: In a letter to House Financial Services Committee Chairman French Hill (R-Ark.) and Financial Institutions Subcommittee Chairman Andy Barr (R-Ky.) in response to a request for information on federal consumer financial data privacy laws, ICBA said:

• Targeted amendments to GLBA are the most appropriate course of action, rather than pursuing a broader or wholesale replacement of the law.

• It supports adoption of a preemptive federal GLBA standard to establish a strong and consistent baseline applicable to all entities handling consumer financial data, eliminating the unnecessary compliance fragmentation and resolving the uncertainty created by state privacy laws that rely solely on data-level exemptions.

• GLBA should serve as the exclusive standard for financial institutions and should apply at the entity level while being harmonized with general federal privacy legislation to promote consistency across industries.

• Nonbank obligations under GLBA should be equivalent to bank obligations.

• Amendments must update and clarify definitions to address modern data practices, such as the growing role of data aggregators and third-party technology providers.

Recent Advocacy: ICBA and other groups told the House Energy and Commerce Committee that any proposed federal data privacy framework should ensure financial institutions already subject to GLBA are not subject to inconsistent or duplicative requirements. ICBA and the other groups previously told the working group that a national privacy standard should preempt the patchwork of state laws and recognize the strong privacy and data security standards already in place for the banking sector.