Draft data privacy legislation needs improvements before advancing

Draft data privacy legislation addresses several areas of interest for America’s Credit Unions, but it falls short of addressing many credit union concerns, President/CEO Jim Nussle wrote to a House Energy and Commerce subcommittee. The letter was sent ahead of a hearing on the legislation unveiled last week.

“Credit unions strongly support the idea of a national data security and data privacy regime that includes robust security standards that apply to all who collect or hold personal data and is preemptive of state laws,” Nussle wrote. “We firmly believe that there can be no data privacy until there is strong data security.”

America’s Credit Unions has outlined three tenets to be addressed in any new national data privacy law and believes the draft legislation falls short in these areas:

  • A recognition of Gramm-Leach-Bliley Act (GLBA) standards in place for financial institutions and a strong exemption from new burdensome requirements. The bill does not have an entity-level exemption for those complying with GLBA, instead it has an “data-level” exemption that could leave credit unions subject to burdensome new rules and regulations;


continue reading »