Pushing for entity-level exemption in federal privacy bill

America’s Credit Unions and a coalition of financial trade groups identified preferred language to recognize the existing applicability of strong data protections under the Gramm-Leach-Bliley Act (GLBA) and exempt banks and credit unions from the scope of new federal privacy legislation.

In a letter to House Energy and Commerce Committee leaders, the trades said any comprehensive federal framework should avoid duplicative requirements for financial institutions. They recommended lawmakers adopt language similar to the Kentucky Consumer Data Protection Act, which clearly exempts institutions already covered by GLBA.

The groups also pointed to rising compliance costs from the growing patchwork of state privacy laws, with frequent changes in law creating uncertainty even when states include carveouts for financial institutions.

The letter is another example of ongoing engagement with Congress, as lawmakers explore parameters for a federal data privacy framework, building off of America’s Credit Unions Director of Innovation and Technology Andrew Morris representing the industry in testimony before the House Financial Services Committee on the issue of financial privacy in June.