National Association of Federally Insured Credit Unions (NAFCU) officials said the organization has joined other trade organizations in assessing the Uniform Law Commission’s Uniform Personal Data Protection Act (UPDPA).
The final UPDPA provides a path to liability where an entity, either primary or third-party, has actual knowledge of a related entity’s prohibited data practice and could have prevented or disclosed such practice. In those circumstances, the entity may be held vicariously liable for inaction.
In a letter sent to the Uniform Law Commission, the group detailed how the UPDPA discourages uniformity through enforcement provisions by enabling the use of all remedies under state consumer protections status — an avenue the group maintains could result in allowing aggrieved parties a private right of action (PRA).
“Enactment of the UPDPA, in its present form, would result in disparate enforcement between states having and lacking PRAs,” the group wrote. “Consequently, identical law will be interpreted differently in each state through litigation. Exclusive Attorney General enforcement will bring greater uniformity across states, as AGs can collaborate with each other in developing effective privacy regulatory regimes to protect consumers.”
The UPDPA is slated to be presented at the ULC’s July 11 Annual Meeting in Madison, Wisconsin. The NAFCU has advocated for a national privacy and data security standard to ensure credit unions are not subject to multiple privacy frameworks.