The House Financial Services and the House Energy & Commerce committees jointly advanced two data privacy bills this week.
One of them is the GUARD Financial Data Act, which establishes Title V of the Gramm-Bliley Act (GLBA) as the uniform national standard for consumer data privacy and security protections in the financial services sector. The bill contains robust data-level and entity-level preemption to enhance competition, decrease compliance costs, and expand consumers’ choice of financial products and services.
It strengthens consumer protections by codifying the continuing right of consumers to opt-out of disclosures of their data and the right of consumers to revoke their consent to collection or disclosure of sensitive data within a framework of necessary existing GLBA Title V exceptions. It also ensures that consumers receive a more fulsome picture of how their data is being used and how to exercise their data rights by expanding the information consumers receive.
“For decades, Americans have entrusted financial institutions to maintain the privacy and security of their financial information. Twenty-six years ago, when the Gramm-Leach-Bliley Act (GLBA) became law, it was written in a technology-neutral fashion that has adapted well to the changes in technology and types of consumer data that have developed since 1999. But, in that time, the volume and complexity of data have increased such that providing consumers greater control over their financial data has become imperative,” Rep. French Hill (R-AR), chairman of the House Committee on Financial Services, said in a joint statement along with other committee leaders Reps. Bill Huizenga (R-MI), Andy Barr (R-KY), and Bryan Steil (R-WI)
The bill also seeks to ensures that a consumer’s sensitive personal data can only be collected or disclosed with the consumer’s consent. Sensitive personal data includes race, ethnicity, religion, health info, biometric data, and precise geolocation data. Further, financial institutions can only collect or disclose data that is adequate, relevant, and reasonably necessary for the purpose of the product or service.
Also, it ensures that customers of a financial institution have key rights, including a right to request deletion of their data by a financial institution in the case of former customers, subject to necessary exceptions. They can also request access to and obtain a copy of their data that is possessed by a financial institution, in the case of current and former customers. In addition, the financial institution must provide current and former customers with this data in a format that allows them the ability to transfer their data to another financial institution.
Further, the bill requires data aggregators and third parties to provide notice and opt-out before using a consumer’s login credentials to access their account at a financial institution. It also maintains enforcement by Federal functional regulators and state insurance regulators:
“That is why we have introduced the GUARD Financial Data Act to modernize the GLBA. Our bill minimizes data collection and disclosures; allows customers and former customers to request access to their financial data held by a financial institution; allows former customers of a financial institution to request deletion of their data; and requires a financial institution to receive a consumer’s affirmative opt-in consent before sensitive personal information can be disclosed,” the financial services committee leaders said.
The other bill that the committees advanced is the SECURE Data Act. The SECURE Data Act establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping.
These bills now move to the full House for consideration.