EPIC Urges Financial Services Committee to Strengthen Privacy Bill

In advance of a hearing of the House Financial Services Committee, EPIC sent a statement to the Committee regarding a proposed Financial Data Privacy bill sponsored by Chairman Patrick McHenry. The proposed Financial Data Privacy bill unfortunately relies on an outdated system that does little to protect privacy by extending the notice-and-choice provisions of the Gramm-Leach-Bliley Act (GLBA). “This is out of step with the progress made by the House Energy & Commerce Committee last Congress on the American Data Privacy and Protection Act,” EPIC told the Committee. “The Committee should not advance legislation that purports to be a privacy bill unless it includes a data minimization standard similar to what is set forth in the bipartisan American Data Privacy and Protection Act.”

EPIC also argued that “data aggregators,” more commonly known as data brokers, should not be added to the types of entities covered by GLBA unless the privacy protections are strengthened, as the bill proposes to do. “Adding data brokers to GLBA simply allows them to evade stricter regulations, whether from existing state privacy laws or stronger national standards that may come into effect in the coming years,” EPIC said. This is due to the success that financial institutions has had in lobbying state lawmakers to exempt any GLBA-covered entities from state privacy laws. “The Committee should not include data aggregators under GLBA coverage unless the privacy protections in this bill are substantially improved and set a higher standard than existing state laws,” EPIC told the Committee.