Data Privacy and Credit Unions: What to Expect in 2020
Financial services have long been subject to various state and federal laws requiring privacy protections for personal financial information, like the Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA). These laws establish a framework that balance consumer control over personal information with operational feasibility and data security. Meanwhile, other sectors of the economy have been operating with few or no privacy restrictions, giving rise to consumer concerns about the collection, use, and sharing of their personal information.
Policymakers are taking note of the tensions around data and engaging in debates on data privacy at the state, federal, and global levels — and these efforts merit the attention of credit union leaders.
- In May 2018, the European Union implemented the General Data Protection Regulation, creating one set of data protection rules for all EU member states and establishing new rights for individuals related to access, deletion, and consent for the collection of information.
- Passed in 2018, the California Consumer Privacy Act is now effective. The CCPA broadens the definition of personal information, increases disclosure requirements, and grants California residents new privacy rights. The CCPA layers on top of existing state and federal financial information privacy laws.
- In 2019, more than 20 state legislatures introduced data privacy legislation. Already in 2020, comprehensive data privacy legislation is under consideration in at least nine states, with additional states still likely to follow this year.
- Congress is considering data privacy legislation, too. Republicans and Democrats agree a federal bill is the solution but disagree on what the bill should require. We expect lawmakers will eventually come to consensus and pass a federal bill, but not before states pass a patchwork of data privacy legislation.
For credit unions and others in financial services, data privacy legislation may limit marketing collaborations as well as how organizations coordinate to bring data-driven services to credit unions and members and create new obligations around transparency, consumer control, and required responsiveness when consumers exercise new rights.
CUNA Mutual Group joins credit unions in data privacy advocacy efforts by supporting balanced privacy protections for credit unions and members. During data privacy debates in California and across the country last year, CUNA Mutual Group proudly partnered with credit union leagues and trade associations to champion strict provisions relied upon by credit unions for entities or information covered by existing financial information privacy laws such as GLBA and FCRA.
With California’s data privacy law now in effect, we are living in the CCPA era. We expect the adoption of additional data privacy bills that are like California’s, but not the same. Varying state data privacy laws will likely create a patchwork of data privacy standards and further complicate compliance efforts for credit unions serving consumers in multiple states.
As state lawmakers and members of Congress consider the data privacy topic, CUNA Mutual Group will continue to join credit unions in advocating for current, strong financial information privacy laws so that the credit union system may continue to be a responsible steward of members’ financial information.
Editor’s note: Megan Balogh is the Director of Corporate and Legislative Affairs at CUNA Mutual Group, which offers insurance and protection for credit union employees and members; lending solutions and marketing programs; consumer insurance products; and investment and retirement services.
Have a question or comment about this story? Email us!