Removing Barriers Blog

CU concerns shared before TF hearing on big data
Posted November 21, 2019 by CUNA Advocacy

Prior to today’s “big data” hearing, CUNA wrote to the Financial Technology Task Force reiterating that credit unions are deeply concerned that Americans’ financial wellness is compromised by inconsistent privacy and security standards applied to businesses that possess, process or transport consumers’ nonpublic personal information (NPI).

The letter notes that, while credit unions and other financial institutions follow requirements of the Gramm-Leach-Bliley Act (GLBA) and view applying those protections to others a “good first step,” there is more that should be done.

“We would prefer that Congress move beyond GLBA and develop a uniform privacy and data security law that regulates data and privacy protections based on the type of data instead of the current sector-specific approach,” the letter reads. “While the sector-specific approach worked well when American’s health and financial information were mainly in the possession of health care providers and depository institutions, Big Data’s insatiable appetite for NPI has made regulation under the current framework difficult at best.”

CUNA prefers Congress move beyond GLBA to “develop a uniform privacy and data security law that regulates data and privacy protections based on the type of data,” instead of a sector-specific approach.

CUNA supports legislation that would:

  • Apply data privacy and data security standards to everyone — all business, institutions and organizations — and hold each link in the transaction journey accountable;
  • Create equal expectations and protections by harmonizing inconsistencies through new  legislation that protects sensitive information based on the type of information rather than the type of entity that possess it;
  • Create a national standard that is the ceiling for requirements;
  • Base protections on strong standards that protect data; and
  • Safeguard consumer protections by providing mechanisms to address the harms that result from privacy violations and security violations, including data breaches.