Last month, the Senate Committee on Banking, Housing and Urban Affairs asked for feedback on the consumer finance industry’s views on cybersecurity, especially the collection, use and protection of sensitive financial information.
“Given the exponential growth and use of data, and corresponding data breaches, it is worth examining how the Fair Credit Reporting Act should work in a digital economy, and whether certain data brokers and other firms serve a function similar to the original consumer reporting agencies,” said committee Chairman Mike Crapo (R-ID).
Committee Ranking Member Sherrod Brown (D-OH) continued, “Congress should make it easy for consumers to find out who is collecting personal information about them, and give consumers power over how that data is used, stored and distributed.”
AFSA submitted a detailed comment letter and laid out the ways that member companies are complying with the applicable laws and continually working to enhance privacy policies and security procedures. Specifically, the letter makes clear that financial institutions are committed to complying with requirements under the Gramm-Leach-Bliley Act (GLBA), as well as state laws.
“The GLBA requires financial institutions to clearly disclose their privacy policies, allowing consumers to make informed choices about privacy protection,” the letter said.
AFSA’s letter pushed for a national standard for cybersecurity regulation, enforced on a sliding scale considering the size and complexity of business, a premise already existing in the GLBA. “Inconsistent state laws regarding data security and the lack of a national standard for businesses have resulted in uneven consumer protection, as well as higher compliance costs for financial institutions,” the letter noted. The comment goes on to suggest a more nuanced cybersecurity notification system and to applaud the committee’s passage of credit freeze legislation in 2018.