Statement for the Record to the Senate Commerce, Science, and Transportation Committee regarding: “Examining Legislative Proposals to Protect Consumer Data Privacy”

Chairman Wicker, Ranking Member Cantwell, and members of the Committee, the American Bankers Association (“ABA”) appreciates the opportunity to provide its views on federal privacy legislation for your December 4, 2019 hearing “Examining Legislative Proposals to Protect Consumer Data Privacy”. The American Bankers Association is the voice of the nation’s $18 trillion banking industry, which is composed of small, regional and large banks. Together, America’s banks employ more than 2 million men and women, safeguard $14 trillion in deposits and extend more than $10 trillion in loans.

Our members are strong proponents of protecting consumer data and privacy, and financial institutions have been subject to extensive federal privacy and data protection laws and regulations for several decades. Congress carefully constructed this regulatory regime to provide an effective and successful balance between strong consumer protections while ensuring that consumer financial transactions take place in a safe and secure environment. We commend you for your interest in legislation that would put in place similar consumer protections for all entities that collect and use sensitive consumer information, and recommend that the following key elements be included in any legislation passed by Congress.

Elements of Privacy Legislation

The U.S. financial sector is subject to a number of federal laws that already impose privacy and data security obligations with respect to financial data and other data relating to consumers, particularly Title V of the Gramm-Leach-Bliley Act (GLBA). Notably, the GLBA requires that financial institutions provide consumers with notice of their privacy practices and generally prohibits such institutions from disclosing financial and other consumer information to third parties without first providing consumers with an opportunity to opt-out of such sharing. The GLBA contains strict security and confidentiality requirements over consumer records and requires notice to consumers if a breach of sensitive financial information puts them at risk. Even more significant, bank regulatory agencies routinely conduct examinations regarding compliance with the GLBA and other privacy laws, ensuring compliance in a manner that is not replicated in other sectors.

As discussed below in detail, ABA supports legislation to protect consumer privacy that includes the following elements:

• Privacy Rights. A national privacy standard that recognizes the strong privacy and data security standards that are already in place for financial institutions under the GLBA and other federal financial privacy laws and avoids provisions that duplicate or are inconsistent with those laws. A national standard will help consumers understand their rights.
• Provide Strong Data Protection and Breach Notice. Ensure that all entities that handle sensitive personal information are required to protect that data and provide notice in the event of a breach that puts consumers at risk.
• Robust Enforcement. Provide robust, exclusive enforcement of this national standard by the appropriate federal regulators, including preserving the GLBA’s existing administrative enforcement structure for banks and other financial institutions.
• Clear Preemption. Preempt state privacy and data security laws to ensure that a national standard provides consistent protection for all Americans, no matter where they reside.