With data privacy such a hot issue these days, this news will likely come as no surprise: In late February, House Financial Services Committee Chairman Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023, a financial data privacy bill. The bill is intended, as Henry said when it was unveiled, to meet a “critical” need to “bring (our) privacy guardrails into the 21st century to match the widespread adoption of financial technology.”
According to a statement released by the House of Representatives, the bill modernizes the Gramm-Leach-Bliley Act to better align with the evolving technological landscape. In general, Gramm-Leach-Bliley requires companies that offer financial products or services (such as loans, financial or investment advice, or insurance) to explain their information sharing-practices to their customers and to safeguard sensitive data. The consumer protections contained in the bill will, it is noted in the statement, apply seamlessly to future innovation and new technologies.
Four Key Components
Here is a rundown of what the bill will, if signed into law, bring to the table.
1-Tight consumer control over personal information
The bill gives consumers absolute control over how their personal information is used “beyond financial institutions” to include entities that handle their financial data. They are empowered to understand the way in which their data is collected and used when they agree to a provider’s privacy policy. Consumers are also assured of the right to terminate the collection of their data, and/or request that their data be deleted, at any time.
2-Data minimization
Under the provisos of the bill, consumers are protected against the misuse or overuse of their non-public personal information. Entities are required to disclose to consumers the reason(s) why they are collecting individual pieces of data, and to use that data only for its stated purpose. Consumers must be given an opportunity to opt out of data collection efforts if the entity in question does not need the data to provide the product or service it offers.
3-Informed choice and transparency
The bill empowers consumers by requiring that entities make their privacy terms and conditions transparent as well as easily understandable. The rationale for this proviso: Consumer disclosures are considered critical if consumers are to understand what data is collected; the manner in which the data is collected; the purposes for which the data will be used; who has access to the data; how an entity is using the data; where the data will be shared; data retention policies of the entity; and the rights associated with that data for uses inconsistent with stated purpose.
4- Preemption
The bill provides nationwide consistency when it comes to understanding how downstream entities are collecting and using personal information. A national standard is believed to have the power to reduce the burden of compliance with the bill and support a sense of certainty for both consumers and entities that handle their financial data.
A Deep Understanding
If consumers’ understanding of the value of their personal data is any indication, the changes to be effected by the bill will be well received. According to research conducted by PYMNTS, such understanding extends not only to banks and fintechs, but to merchants, brands, and other players—as well as to fraudsters.
More than half (52 percent) of consumers queried in line with the research agreed that data security is “important” when data are shared. Twenty-eight percent of consumers deemed data security “very important” during the data-sharing process, while 13 percent said it is “somewhat important.” A mere 1% of consumers said they think data security is “not at all important when sharing personal data.”
E-Complish supports and will continue to support, any and all legislative initiatives aimed at ensuring the security of personal consumer data of any kind. Learn more or schedule a consultation here.