Congress should model GLBA in future data privacy laws

August 29, 2025

Data security is a high priority and concern for credit unions, and the Gramm-Leach-Bliley Act (GLBA) should remain the model for credit union compliance with any future federal data security and privacy standard. America’s Credit Unions shared this stance and credit unions’ longstanding principles for data security legislation this week with the House Financial Services Committee. The committee issued a request for information on legislative proposals to address consumer financial data privacy.

America’s Credit Unions submitted comments that urged Congress to prioritize the following features in a future data privacy framework: 

  • A recognition of GLBA standards and accompanying regulations in place for financial institutions through the adoption of an entity-level exemption;
  • Strong federal preemption from the myriad of various state laws for those in compliance with national privacy and GLBA standards; and
  • Protection from frivolous lawsuits created by a private right of action.

It also encourages the House Financial Services Committee to collaborate closely with the House Energy and Commerce Committee to “ensure that any federal privacy legislation builds upon and strengthens the GLBA while firmly preempting state laws.”

The organization supports the expansion of the definition of “financial institution” to include fintechs, data aggregators, and decentralized finance companies that handle nonpublic personal information.

The letter also notes the Kentucky Consumer Data Privacy Act “provides a clear and concise entity-level GLBA exemption that should serve as the model for federal legislation.”

America’s Credit Unions also joined a joint response to the committee outlining the same principles.

This is the latest action in an ongoing credit union effort to emphasize the need for strong data privacy legislation. Director of Innovation and Technology Andrew Morris testified on this issue in June before the House Financial Services Subcommittee on Financial Institutions.

Read the full comment letter