Don't Data Privacy Like It’s 1999
Our personal information is at a greater risk than ever before. Last year’s Cash App data breach and cyberattack on Twitter proved that no one’s data is entirely safe and secure. In 1999 when the Gramm-Leach-Bliley Act (GLBA) was enacted, the online financial world that most of us use today simply didn’t exist. Americans didn’t need to worry that their personal information would be at risk on the Internet. Today, of course, things are very different. It is crucial we update our archaic data privacy laws to ensure we are in lockstep with the rapidly evolving technology landscape.
Three years ago, the House Financial Services Committee Republicans, led by former colleague Chairman Patrick McHenry (R-NC), put together a working group that seriously evaluated data privacy for financial institutions by looking at U.S. and international standards, and took input from various groups across the ideological spectrum to evaluate how to bring our financial system and data privacy into the 21st century. The culmination of this effort was the markup this week of Chairman McHenry’s bill, H.R. 1165, “The Data Privacy Act of 2023.”
According to a recent Harris poll, eight in ten American consumers use fintech – online and app-based banking to manage their money in 2022, half of Americans use fintech apps to manage their finances daily, and nine in ten consumers (93%) say they benefit from using fintech tools. Ultimately, fintech saves people time (93%) and money (78%), helps them make better financial decisions (73%) and reduces financial stress (71%). Technological advancements allow today’s consumers to have greater access and control over their financial assets than ever before. Families can see their bank balances, set up their monthly payments, and access their 401k accounts online. Consumers and investors of all backgrounds can invest and grow their portfolios without having to employ a wealth manager or financial advisor.
When the Gramm-Leach-Bliley reforms were enacted, consumers were still focused on their local bank branches. Today, consumers are more likely to manage their finances on their mobile phones or via the internet. The legislation passed out of committee by Chairman McHenry, a leading voice for consumer access and innovation is an update with that reality in mind. His legislation brings the regulatory framework for data privacy into the 21st century and applies it to financial services in a way that is focused on consumers and investors, “without strangling innovation.”
The Data Privacy Act of 2023 uses a “technology agnostic approach” so that the consumer protections contained in the bill will apply to future innovation and new technologies. The bill also allows consumers to control how their personal information will be used beyond financial institutions. The discussion draft, which Republicans released almost a year ago, invited discussion and went through changes as parties weighed in and focused on the principles of the right to know, the right to opt out, the right to delete information, and the right to terminate information collection and sharing of information.
The bill provides new directions for financial institutions to disclose information upon the request of a customer at the time of establishing a relationship and annually thereafter. The bill also expands the information to be included in the privacy policy, for example: what type of nonpublic personal information is collected by the financial institution, how that information will be used and the retention policies of the institution. The institution must also explain the right of a customer to terminate the collection or sharing of their nonpublic personal information, to request a list of such information held by the institution, or to request that it be deleted, if allowed.
Chairman McHenry put it simply when he said, “The financial services industry is already highly regulated with regard to consumer financial information disclosed under the GLBA. However, the ways in which consumer data is collected and disclosed have changed dramatically in the past [20] years, due primarily to the proliferation of new technologies that consumers interact with daily. This proposal will modernize the current framework to better align with evolving technology and protect against the misuse or overuse of consumers’ personal information.”
Chairman McHenry also explained that there should be consistency in privacy standards across the country: “If a family moves from, say, California to Texas, it doesn’t make sense for the guardrails around their personal financial data to change. A national standard will provide certainty to both consumers and the entities that handle their data.” For that reason, the legislation included a national standard that avoids patchwork regulation and raised the standards for most American consumers. A national standard will reduce the compliance burden and provide certainty to both consumers and entities that handle financial data.
It has been more than two decades since GLBA was signed into law. As technology continues to advance, it is imperative that consumers are afforded improved data privacy protections and The Data Privacy Act is a necessary update. Ultimately, it would empower consumers, provide transparency, make information easier to understand and explain why it is collected. It is time to ensure that financial institutions prioritize security and improved data privacy protections to build trust and allow the fintech industry to continue to grow responsibly. Chairman McHenry has put in the thoughtful work to give consumers improved data privacy protections without stifling the industry.
Barbara Comstock is the executive director of the American Consumer & Investor Institute. Comstock served two terms in Congress representing Virginia’s Tenth Congressional District, as the first woman elected to her seat. During her time in Congress, Barbara was a leader on technology issues, chairing the Science, Space, and Technology Committee's Research and Technology subcommittee, as well as serving on the Joint Economic Committee, the Transportation and Infrastructure Committee, and the House Administration Committee. Comstock also served in the Virginia General Assembly.
