Press Releases

Today, the House Financial Services Committee is holding a Financial Institutions Subcommittee hearing, led by Subcommittee Chair Andy Barr (KY-06), to explore the evolving landscape of consumer data privacy laws across federal and state jurisdictions, and examine consumer financial data privacy law under the Gramm-Leach-Biley Act (GLBA).

Read Subcommittee Chair Barr’s opening remarks as prepared for delivery:

"Thank you to our witnesses for being here today and lending your expertise to this complex and critical conversation.

"Today’s hearing focuses on financial data privacy where we will assess how Congress can ensure consumers’ data is used only as authorized, while protecting the innovation that has transformed our financial system since the Gramm-Leach-Bliley Act, or 'G-L-B-A,' became law more than 25 years ago.

"Since GLBA’s passage, technological advances have revolutionized how Americans access financial services. We’ve seen the rise of mobile banking apps, peer-to-peer payment platforms, and a shift away from cash toward digital transactions.

"These innovations have expanded financial products and increased access for millions of Americans in rural communities and urban centers.

"Alongside these developments, the volume and sensitivity of financial data have surged dramatically. Every transaction and interaction create data points that financial institutions and fintech firms analyze to improve services, assess risk, detect fraud, and tailor products. While these capabilities bring benefits, they also raise serious privacy and security concerns.

"A key driver of innovation is open banking –allowing consumers to securely share their financial data with third-party providers through Application Programming Interfaces, or 'A-P-I-s'.

"Open banking can empower consumers with more control over their financial information, foster competition, and spur the development of new tools and services. But it also raises questions about data privacy, liability, standard-setting, and GLBA’s applicability.

"GLBA’s broad framework has served us well, setting key protections for consumer data. But a quarter-century is a long time in tech, so we must ask – Is GLBA still fit for purpose in today’s fast-paced, data-driven environment? Does it provide the clarity, flexibility, and protection needed in the digital age?

"As we consider modernization, we must proceed cautiously. Changes that are too restrictive risk choking off access to financial options on which consumers rely. Conversely, overly lax rules could leave Americans vulnerable to misuse of their sensitive data. Striking the right balance is critical.

"We also cannot examine GLBA in isolation. Data privacy laws have proliferated at the state level, with 20 states enacting comprehensive privacy laws – some exempt financial institutions that comply with GLBA, while others layer on more stringent requirements. This patchwork creates a complex, costly compliance landscape, potentially increasing costs and reducing access.

"This also risks some states setting de facto national standards, bypassing Congress and creating uncertainty for businesses and consumers alike.

"For these reasons, Congress should consider the benefits of a uniform national data privacy standard that offers clear, consistent rules for financial institutions while protecting consumers.

"As our colleagues on the Energy and Commerce Committee work on broader privacy legislation, we must also ask whether sector-specific laws like GLBA warrant carveouts or tailored treatment.

"GLBA already imposes strong data protection requirements, and financial institutions have built compliance programs around these rules. Overlapping or conflicting standards would only add confusion and cost.

"Finally, we must address calls to expand enforcement mechanisms by granting consumers private rights of action which allow individuals to sue firms directly for alleged violations.

"Private rights of action open the door to frivolous lawsuits, benefiting large firms that can absorb litigation costs, and discouraging innovation by increasing legal risks for financial service providers. Ultimately, consumers lose out through reduced access and choice of innovative products.

"These are complex issues requiring thoughtful consideration. We must balance robust privacy protections with innovation, access, and reduced regulatory burden.

"I look forward to hearing from our witnesses today and engaging in a productive discussion on the future of data privacy in our financial system."