Are these laws preempted?
As credit unions know, federal law often preempts state law. So, does the GLBA and Regulation P preempt these new state privacy laws? Generally, no they do not preempt the state laws. Section 1016.17 of Regulation P provides that “[t]his part shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any state, except to the extent that such state statute, regulation, order, or interpretation is inconsistent with the provisions of this part, and then only to the extent of the inconsistency.”
As noted in the section, a state law is only preempted to the extent that it is inconsistent with the GLBA and Regulation P. The section further states that a state law providing greater protection is not inconsistent with Regulation P. This means that, generally, most state laws are unlikely to be preempted by the GLBA and Regulation P. However, credit unions may want to note that some state privacy laws exclude financial institutions or information that are already covered by the GLBA.
continue reading »