SACRAMENTO, Calif.—In a letter to California Attorney General Xavier Becerra, NAFCU has outlined a number of concerns it has regarding the California Consumer Privacy Act (CCPA), which is set to take effect Jan. 1., 2020.
NAFCU said it is an advocate for a uniform federal standard – not a patchwork of state privacy laws – and this week unveiled principles for a national data privacy standard, which CUToday.info reported.
Mahlet Makonnen, NAFCU's regulatory compliance counsel, repeated NAFCU's position that the CCPA should not apply to credit unions and recommended California lawmakers implement regulations to clarify:
- Requirements of the CCPA and its implementing regulations do not apply to organizations that solely collect Gramm-Leach-Bliley Act (GLBA)-covered information
- Organizations subject to the GLBA that collect CCPA-covered information should be able to comply through a regulatory regime that works in tandem with the GLBA, rather than an entirely separate, parallel framework that increases confusion and compliance burdens
‘Creating Confusion’
"State data privacy requirements, including the CCPA, are already creating confusion and leading to daunting compliance considerations for credit unions," wrote Makonnen. "In particular, the proposed CCPA regulations create challenging and expensive new obligations and varying standards that will undoubtedly present unnecessary burdens for credit unions and could, in turn, increase costs for consumers.
"Credit unions already comply with privacy requirements under the GLBA, yet the proposed regulations add overlapping and confusing requirements that would result in substantial additional compliance costs," Makonnen added.
Other Recommendations
Makonnen's letter is in response to proposed regulations released in January; she specifically provides recommendations related to:
- Exemptions under the CCPA
- Notification of a consumer's rights and disclosure requirements
- Handling consumer requests
- Non-discrimination requirements
- Extension of the moratorium on enforcement of CCPA requirements