Virginia set to enact consumer data protection law

The Virginia House and Senate have passed legislation to establish a consumer data protection law in the state, though, unlike the California Consumer Privacy Act (CCPA), the Virginia bill includes language to exclude entities that are covered by the Gramm-Leach-Bliley Act (GLBA), including credit unions.

The chambers must reconcile their bills by Feb. 11, after which the Virginia Consumer Data Protection Act will head to the governor for enactment.

NAFCU has continuously advocated for a federal, national privacy and data security standard so credit unions are not subject to multiple privacy frameworks; for more information, the association developed a whitepaper that outlines a set of six key data privacy principles.

In its advocacy on the CCPA, the association specifically called for an exemption for credit unions as the industry already complies with the federal GLBA for consumer data security and privacy. The association has also asked the Federal Financial Institutions Examination Council (FFIEC) to provide interagency guidance related to the GLBA to help credit unions and other financial institutions comply with data privacy laws to ensure credit unions are not unnecessarily burdened by conflicting state laws.


continue reading »