Press Releases

Today, the House Committee on Financial Services Subcommittee on Financial Institutions, led by Subcommittee Chairman Andy Barr (KY-06), held a hearing exploring the evolving landscape of consumer data privacy laws across both federal and state jurisdictions. Members also examined consumer financial data privacy law under the Gramm-Leach-Bliley Act (GLBA).

Watch today's hearing online HERE. 

On the importance of modernizing financial data privacy laws:

• "Given the magnitude of today’s technological complexity and the increase in data availability, we must ensure Americans’ privacy is protected while continuing to support the seamless delivery of the financial services they rely on. ...Congress has a major role to play in crafting strong, modernized guardrails that keep pace with innovation, preserve consumer trust, and future proof our laws," said Chairman Hill (AR-02).

• "Since GLBA’s passage, technological advances have revolutionized how Americans access financial services. We’ve seen the rise of mobile banking apps, peer-to-peer payment platforms, and a shift away from cash toward digital transactions. ...As we consider modernization, we must proceed cautiously. Changes that are too restrictive risk choking off access to financial options on which consumers rely. Conversely, overly lax rules could leave Americans vulnerable to misuse of their sensitive data. Striking the right balance is critical," said Subcommittee Chairman Andy Barr.

• "Data sharing is at the center of financial interactions and transactions. In many cases, the consumer's data has to be shared between many parties in order to even fulfill a transaction. ...We live in a world today that is far more complex than it was 10, 20, 30 years ago, and we have relationships between financial institutions and third parties today that didn't exist when Gramm-Leach-Bliley was written," said Rep. Mike Flood (NE-01).

On collaboration in the financial services industry:

• "One of the most promising developments in financial services over the past decade has been the growing collaboration between banks and fintech companies. These partnerships allow smaller institutions to offer cutting edge digital tools... to compete with the largest national banks, and much of this innovation relies on responsible data sharing arrangements where consumers can securely grant access to their financial information and improve their banking services," said Rep. Roger Williams (TX-25).

Witnesses echoed their support for the work of the Committee.

Scott Talbott, Executive Vice President, Electronic Transactions Association, stated, “Every day, our industry safely and securely helps power the American economy—whether enabling a small business to process its first digital transaction or facilitating contactless payments that enable consumers to make everyday purchases and to send money to each other. In every transaction, there is a shared expectation: that personal and financial data will be kept secure and handled responsibly. ...Consumers rightly expect strong privacy protections and data security for their personal information and their money, and ETA fully supports the creation of comprehensive, uniform, federal data privacy legislation that upholds those expectations. ...We welcome the opportunity to work with this Subcommittee to develop sound data privacy legislation that protects consumers and strengthens our digital economy." 

Andrew Morris, Director of Innovation and Technology, America's Credit Unions, added, “Stringent information security and privacy practices have long been a part of the financial services industries’ business practices and are necessary as financial services are entrusted with consumers’ nonpublic personal information. Still, the financial marketplace is evolving. ...Ultimately, America’s Credit Unions believes that when considering a comprehensive future federal privacy framework, Congress should prioritize the following features: a recognition of GLBA standards and accompanying regulations in place for financial institutions through the adoption of an entity-level exemption; strong federal preemption from the myriad of various state laws for those in compliance with federal privacy and GLBA standards; and protection from frivolous lawsuits created by a private right of action."

Rebecca Kuehn, Partner, Hudson Cook, LLP, added, “Under the GLBA, the definition of “financial institution” is equally broad to reflect the wide range of entities engaged in financial activities. It includes not only traditional banks, credit unions, and insurance companies, but also non-bank companies that provide financial products or services to consumers, such as mortgage lenders, payday lenders, investment advisers, and even retailers that issue credit cards or finance purchases or automobile dealers involved in the financing of vehicles. This definition encompasses any business that is “significantly engaged” in financial activities. This expansive scope ensures that consumer financial information is protected regardless of the type of entity handling it, thereby promoting consistent privacy standards across an increasingly complex and diversified financial services landscape. ...Financial privacy laws in the United States provide a strong foundation for protecting consumers’ personal information. They promote transparency, empower individuals with rights over their data, and require financial institutions to uphold rigorous standards of care."

Jennifer Huddleston, Fellow in Technology Policy, Cato Institute, added, “Because of the lack of a comprehensive federal data privacy law, some have criticized the United States as a sort of wild west when it comes to data privacy. Instead, the United States’ approach has been to respond with regulation for particularly vulnerable or sensitive data where consumers would be more likely to face harm should it be abused or insecure. These laws are more narrowly focused on the consumer data experience and data privacy or security within these areas or industries. .... As the committee considers its existing laws and new challenges, it should consider not only how to respond to potential risks, but also how to minimize the impact on beneficial uses of data and new applications of technology. We should consider not only what might be possible today, but how the future may provide new and exciting opportunities and solutions that could improve and expand consumer experiences."