WASHINGTON— America’s Credit Unions and the Defense Credit Union Council are both urging lawmakers to modernize the nation’s financial privacy rules ahead of a House Financial Services Committee hearing Tuesday, with both groups backing a stronger national framework while warning against a patchwork of state laws, gaps in oversight of fintechs and data aggregators, and added burdens on credit unions.
The hearing, “Updating America’s Financial Privacy Framework for the 21st Century,” will examine draft legislation to update Title V of the Gramm-Leach-Bliley Act, which governs financial institutions’ obligations to protect consumer privacy. In comments ahead of the hearing, both ACU and DCUC said the current framework should be updated to reflect today’s data-sharing environment, but not in ways that create duplicative or conflicting requirements for institutions already subject to strict privacy and security rules.
"Ensuring an appropriate, effective data privacy environment is a priority for America's Credit Unions, and we appreciate Chairman Hill and the House Financial Services Committee focusing on this issue at Tuesday's hearing. We are actively discussing with our credit union members many of the data privacy issues presented in the various provisions of this discussion draft, including gaps in the Gramm-Leach-Bliley Act," said Scott Simpson, America's Credit Unions president/CEO.
"Credit unions have several recommendations to ensure bad actors are held accountable, consumers' sensitive information is protected, and financial institutions are not overly burdened by a patchwork of laws," continued Simpson. "We are pleased to see a provision related to preemption of state laws, as we've long advocated for a comprehensive national data privacy framework to address this issue, and calls for regulators, including the NCUA, to consider the regulatory impacts of the GLBA's requirements. We will continue to analyze the committee's draft legislation to provide constructive feedback in alignment with our principles ahead of the hearing. We look forward to working with lawmakers and our credit union members to advance legislation that strengthens our nation's data privacy protections without adding significant regulatory burden."
In a separate letter submitted Monday to HFSC Chairman French Hill and Ranking Member Maxine Waters, DCUC said it supports modernizing—but not replacing—Title V of GLBA, while preserving what it called the “robust privacy foundations” that financial institutions have already built compliance programs around.
"We respectfully urge the Committee to advance reforms that deliver uniform consumer protections without imposing duplicative, conflicting obligations on institutions that are already subject to stringent privacy and security requirements," wrote DCUC Chief Advocacy Officer Jason Stverak.
“Financial data privacy is not a theoretical concern for the military community,” Stverak wrote, noting Department of Defense financial readiness materials warn servicemembers are disproportionately affected by identity theft and related harms that can create long-term financial instability and readiness issues.
Among its key priorities, DCUC urged Congress to adopt a clear national standard for consumer financial data privacy and ensure fintech companies and financial data aggregators that collect or commercialize sensitive financial data are held to standards comparable to those applied to credit unions and other traditional institutions. The group also called for stronger guardrails around third-party data access, warning that credential-based access to consumer accounts and nonpublic information presents heightened privacy and security risks.
DCUC further said reforms should include updated model forms, safe harbors and proportional implementation timelines so smaller institutions are not overwhelmed by compliance costs, and cautioned against creating a private right of action, arguing litigation incentives could divert resources away from member protection and service delivery.