Missouri Rule Proposals
SIFMA provided comments to the Secretary of State and the Securities Commissioner on the Secretary of State's latest rulemaking Proposals,…
September 18, 2024
The Honorable Cathy McMorris Rodgers
Chairman
Committee on Energy and Commerce
U.S. House of Representatives
Washington, D.C. 20515
The Honorable Frank Pallone, Jr.
Ranking Member
Committee on Energy and Commerce
U.S. House of Representatives
Washington, D.C. 20515
Re: Committee Markup of the H.R. 7890 – Amendment in the Nature of a Substitute – American Privacy Rights Act (APRA)
Dear Chairman McMorris Rodgers, and Ranking Member Pallone:
Financial institutions are strong proponents of protecting consumer data and consumer privacy because maintaining their trust is a cornerstone of their business. Financial institutions have also been subject to extensive and comprehensive federal privacy and data protection laws and regulations for several decades, which has played an important role in maintaining that trust.
While we support privacy and security protections for consumer data for all companies, especially technology and other firms that are increasingly moving into financial services, in our May 23, 2024, joint letter we expressed our concerns about the ambiguity of the Gramm-Leach-Bliley Act (GLBA) exception provided in the American Privacy Rights Act (APRA) Discussion
Draft and advocated for clear language that provided an exception for entities subject to the GLBA. Unfortunately, this was not done, and we continue to have serious concerns about APRA and oppose the Amendment in the Nature of a Substitute to H.R. 7890 in its present form.
The primary privacy and data security consumer protection law for consumer financial data is Title V of the GLBA. With the GLBA, Congress carefully constructed a privacy and data security regime to provide an effective and successful balance between strong consumer protections and ensuring that consumer financial transactions take place in a safe and secure environment. In particular, the current regime has been carefully structured to ensure compliance with existing laws and regulations, adherence to judicial process, and protection from fraud, illicit finance, money laundering and terrorist financing.
Further, GLBA grants federal financial regulators with broad authority to adopt necessary regulations to enact these standards, thus allowing the regulatory regime to adapt over time as privacy concerns evolve. Such regulators also examine financial institutions for their compliance with privacy and data security requirements, and have the authority to bring enforcement actions against those institutions that are found to be out of compliance with these requirements. Notably, the GLBA requires that financial institutions provide consumers with notice of their privacy practices and generally prohibits such institutions from disclosing financial and other consumer information to third parties without first providing consumers with an opportunity to
opt out of such sharing.
Congress has long recognized the importance of privacy for financial institutions and has put in place several meaningful frameworks that include strong privacy and data security protections that have been carefully balanced with commonsense exceptions to minimize disruptions to financial markets. While the financial services trade associations support legislation to put in place a national privacy standard, that standard must recognize the strong privacy and data security standards that are already in place for the financial sector under the GLBA and other financial privacy laws and avoid provisions that duplicate or are inconsistent with those laws.
As currently framed, Title I of Amendment in the Nature of a Substitute to H.R. 7890, containing the text of APRA, does not include clear language for financial institutions to understand their exemption from the requirements of the bill. This will lead to duplicative and conflicting requirements for financial institutions already subject to oversight by GLBA regulation. As currently drafted, the bill would be disruptive to the financial system, consumers, and the economy.
We urge that Title I of the Amendment in the Nature of a Substitute to H.R. 7890, containing the text of APRA, be amended to exempt all financial institutions subject to the GLBA to avoid such disruption.
Sincerely,
American Bankers Association
America’s Credit Unions
Bank Policy Institute
Consumer Bankers Association
Independent Community Bankers of America
Securities Industry and Financial Markets Association