WASHINGTON— House Republicans on Wednesday unveiled a two-bill push to create a national data privacy framework, pairing the broader SECURE Data Act with the GUARD Financial Data Act, which would rewrite parts of the Gramm-Leach-Bliley Act to modernize how banks and other financial institutions collect, share and protect customer information.
GOP committee leaders said the effort is meant to replace the current patchwork of state and federal rules with a single national standard, while outside reporting said the proposal revives a congressional privacy fight that has repeatedly stalled over federal preemption of state laws.
The SECURE Data Act would establish nationwide privacy and data security rules enforced by the Federal Trade Commission and state attorneys general, while giving consumers rights to access and delete personal data, opt out of targeted advertising and data sales, and require opt-in consent for sensitive data. House Republicans said the bill also would require companies to limit data collection to what is reasonably necessary, disclose data-sharing practices, and meet security standards, with additional registration requirements for data brokers.
For financial institutions, the more consequential measure may be the GUARD Financial Data Act. According to House Financial Services Committee leaders and the bill text, it would add data-minimization requirements to GLBA, let customers and former customers request access to financial data, allow former customers to seek deletion of certain nonpublic personal information, and require affirmative opt-in consent before sensitive personal information can be disclosed. The draft also would restrict the use of consumer access credentials and set response timelines and verification procedures for deletion requests, signaling potentially significant compliance and operational changes for banks and credit unions if enacted.
Just as important for financial institutions, the GUARD bill would expressly supersede and preempt state laws imposing consumer data privacy or security requirements on nonpublic personal information and on financial institutions covered by GLBA. That preemption issue has been one of the biggest stumbling blocks in prior privacy negotiations, and early coverage suggested Republicans are treating the new bills as a fresh starting point for broader talks, with hearings expected as lawmakers again test whether Congress can finally deliver a uniform national privacy standard.
America's Credit Unions thanked the House Financial Services Committee and House Energy and Commerce Committee for taking the lead in creating legislation to establish a clear national standard for privacy.
"We appreciate Congress's recognition that basic data security and privacy standards should also apply to non-financial entities," stated ACU President and CEO Scott Simpson. "The Gramm-Leach Bliley Act has long served as the basis for applying such standards to credit unions, and it's a positive sign that both bills recognize the scope of existing financial institution compliance within a unified federal framework. Such differentiation matters for credit unions. With the growing patchwork of state laws complicating these efforts, we support efforts to clarify preemption. These bills address several new issues that we are evaluating, and we look forward to working with both committees to ensure an appropriate balance of protecting American consumers and minimizing unnecessary regulatory burden in any final legislation."
The Defense Credit Union Council said it supports efforts to establish a clear, consistent national data privacy framework that protects consumers while allowing financial institutions to serve their members effectively.
"For decades, credit unions have operated under the rigorous privacy and data security requirements of the Gramm-Leach-Bliley Act, which already provides a proven model for safeguarding sensitive financial information through strict disclosure, opt-out rights, and robust security standards," said DCUC Chief Advocacy Officer Jason Stverak. "Ws Congress considers the SECURE Data Act and the GUARD Financial Data Act, it is critical that any modernization effort build upon not undermine this strong existing framework. Credit unions have long demonstrated that protecting member data is not just a regulatory requirement, but a core part of our mission.
"We also recognize the growing challenges created by an inconsistent patchwork of state-level privacy laws. A well-crafted federal standard can provide clarity, reduce unnecessary compliance burdens, and ensure that all entities handling sensitive financial data not just federally regulated institutions are held to equally high standards," continued Stverak. "At the same time, Congress must ensure that reforms preserve the ability of credit unions to continue delivering secure, affordable financial services to servicemembers, veterans, and their families. Any new framework should promote innovation, maintain strong consumer protections, and ensure regulatory parity across the financial services ecosystem."