On January 28, 2019, Senator Mike Crapo (R.-Id.), Chair of the Senate Committee on Banking, Housing, and Urban Affairs, published a column signaling his support for data privacy and security legislation in the 116th Congress.

In his column, Senator Crapo emphasizes what he sees as the “incredibly positive” developments associated with the development of technology, including increasing consumer choice, inclusion, and economic prosperity. However, he also highlights the increasing prevalence of data breach incidents and the lack of transparency associated with “big data analytics, data aggregation, and other technologies that make use of consumer data.”

He concludes that “[i]n order to fully embrace the immense benefits that can result from technological innovation, we must ensure proper safeguards are in place and consumers are fully informed.” Because of this, “[d]ata privacy and data security legislation will remain a priority in the 116th Congress,” and the Senate Banking Committee in particular will explore solutions to “give consumers more control over and enhance the protection of consumer financial data.”

Senator Crapo’s column comes on the heels of several bills that have recently been introduced in the Senate to address data protection issues, from both Democrats and Republicans.  In particular, Senator Marco Rubio (R.-Fla.) introduced a privacy bill in January, and Senators Amy Klobuchar (D.-Minn.) and John Kennedy (R-La.) reintroduced their bipartisan bill in this Congress. Senators Brian Schatz (D-Hawaii) and Ron Wyden (D.-Ore.) introduced proposals last session.

The outlines of a possible compromise are still coming into view, but a key issue in the debates over data protection legislation is likely to be whether the law would preempt California’s new California Consumer Privacy Act (“CCPA”).  As we have previously discussed, amendments to the CCPA exempted broad categories of consumer financial data under an exemption for data collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act, making the CCPA much less onerous for financial services companies.  However, the full breadth of that exemption has not yet been defined, and certain financial data will fall outside the exemption.

Legislators will likely also debate whether a federal law should include rights to data access, data correction, data deletion, and data mobility (i.e., the right to transfer personal information to another business), and, if so, what forms those rights should take.

Senator Crapo’s column underscores both that data protection legislation will be a major focus of this Congress, and also the important implications such legislation could have for financial services companies, including banks, credit reporting agencies, and other nonbank financial institutions.

Print:
EmailTweetLikeLinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works…

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as big data, blockchain and related technologies, bitcoin and other virtual currencies, same day payments, and online lending.

Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Photo of David Stein David Stein

David Stein advises clients on credit reporting, financial privacy, financial technology, payments, retail financial services, and fair lending issues. He assists a broad range of financial services firms, consumer reporting agencies, financial technology companies, and their vendors with regulatory, compliance, supervision, enforcement, and…

David Stein advises clients on credit reporting, financial privacy, financial technology, payments, retail financial services, and fair lending issues. He assists a broad range of financial services firms, consumer reporting agencies, financial technology companies, and their vendors with regulatory, compliance, supervision, enforcement, and transactional matters.

Mr. Stein has significant experience advising clients on compliance with the FCRA, GLBA, ECOA, EFTA, E-Sign Act, TILA, TISA, FDCPA, Dodd-Frank Wall Street Reform and Consumer Protection Act, and FTC Act, as well as state financial privacy laws. Mr. Stein is a member of the firm’s fintech and artificial intelligence initiatives and works with clients on issues related to cutting edge technologies, such as blockchain, virtual currencies, big data and data analytics, artificial intelligence, online lending, and payments technology.

Mr. Stein previously served in senior regulatory, policy-making, and management positions at the Consumer Financial Protection Bureau (CFPB) and the Federal Reserve Board (FRB). He played a significant role in developing regulations and policy on credit reporting, financial privacy, retail payments systems, consumer credit, fair lending, overdraft services, debit interchange, unfair or deceptive acts or practices, and mortgage origination and servicing. Mr. Stein draws upon his government experience in representing clients before the CFPB, the FRB, and other regulatory agencies and leverages his insights into the regulatory process to provide clients with practical, actionable advice.