WASHINGTON—NAFCU and several other organizations have sent additional comments to the Uniform Law Commission (ULC) on its updated draft of the proposed Collection and Use of Personally Identifiable Data Act. The comments reiterate a desire the drafting committee include an exemption for Gramm-Leach-Bliley Act (GLBA)-covered financial institutions.
The drafting committee, created by the ULC to create a uniform data privacy and security law, released the updated draft at its May meeting. As states consider their own data security and privacy standards, this draft law will serve as an important model to promote a uniform state law, NAFCU said.
"Data privacy and security legislation are critical in an increasingly digital world and, while we recognize the necessity of such legislation, a balance must be struck between consumer protections and workability of the provisions in such bills by business," the groups wrote in the letter. "It is in the interest of all consumers that laws in this arena are written with a clear understanding of the issues, are forward-thinking with respect to advancing technologies, and are not designed to be punitive for businesses that act in good faith."
Details on Compliance
According to the signatories on the letter, it explicitly details financial institutions' compliance with the GLBA and why this exemption should be included in the ULC's act, and also calls for an exemption for data covered by the Fair Credit Reporting Act.
In addition, the groups also highlighted concerns over proposed enforcement, arguing that "enforcement policy must be implemented in a way that accounts for society's interests in privacy and innovation," and about reverting certain already publicly-available data to private information.