New white paper outlines need for data privacy action

June 3, 2026

In advance of the House Energy and Commerce Committee’s consideration of data privacy legislation, America’s Credit Unions released a comprehensive white paper detailing considerations for a federal data privacy framework for financial institutions. “Data privacy: Considerations for a federal framework for financial institutions” looks at current federal and state data privacy laws (including data breach and reporting requirements), emerging technologies, current legislative efforts, and more. The research was developed with credit union committee and credit union feedback.  

“Without a clear federal privacy standard, states will continue to advance their own laws, creating a patchwork of conflicting requirements that credit unions must navigate,” said America’s Credit Unions Chief Advocacy Officer Kathleen Coulombe. “For credit unions operating across state lines, keeping pace with an ever-changing maze of state mandates diverts time, resources, and attention away from serving members and protecting their data. A comprehensive federal standard that preempts state law would establish one clear set of expectations nationwide. Establishing a standard baseline would make cross-state privacy protection seamless and remove uncertainty across the system.”

America’s Credit Unions is calling for Congress to consider federal privacy legislation that includes the following principles:

  • Recognition of Gramm-Leach-Bliley Act standards and implementing regulations, which warrant a financial institution exemption from overbroad or burdensome new requirements incorporated in a multi-sector approach to privacy legislation;
  • Robust federal preemption from a patchwork of state laws that attempt to regulate financial institutions;
  • Protection from frivolous lawsuits created by a private right of action with appropriate safe harbors for financial institutions; and 
  • Minimization of compliance burden by avoiding unnecessary complexity.

“In order to effectively protect consumers’ data privacy, federal legislation must be grounded in reality. That means recognizing the existing regulatory expectations already in place for credit unions,” said America’s Credit Unions Vice President of Policy Engagement and Credit Union Operations Ann Petros. “Working within the current regulatory framework would help credit unions strengthen their compliance programs, reduce unnecessary regulatory burden, and keep their focus on safeguarding members’ privacy and trust.

House committee members received the information as part of a letter for the record of today’s hearing, and it was sent to NCUA and member credit unions. Chief Advocacy Officer Kathleen Coulombe shared with Congressional offices today how legislation that adheres to those principles will “go a long way in preserving the integrity and safety of our nation’s sensitive consumer data.”

Read the full white paper