State regulators should take the lead on data privacy: CSBS

WASHINGTON — The Conference of State Bank Supervisors called on Congress to establish a baseline for consumer protection in data privacy and security, in response to a request from the Senate Banking Committee on data collection practices used by financial regulators.

A federal standard — instead of a uniform law or regulation — would allow states to individually establish stricter consumer protection, the group said Friday in a letter to Chairman Mike Crapo, R-Idaho, and Sen. Sherrod Brown, D-Ohio, the ranking member of the committee.

“For many years, states have been at the forefront in advancing data privacy and security for the protection of consumers residing in their states,” said John Ryan, the president and CEO of CSBS, in the group’s letter. “Accordingly, we believe any federal proposal relating to the collection, use and protection of consumer data must preserve the role for state leadership in the areas of data privacy, security and control.”

Sherrod Brown bl061416
Senator Sherrod Brown, a Democrat from Ohio and ranking member of the Senate Banking, Housing and Urban Affairs Committee, listens during a hearing with Mary Jo White, chairman of the U.S. Securities and Exchange Commission (SEC), not pictured, in Washington, D.C., U.S., on Tuesday, June 14, 2016. Investment advisers registered with SEC would need to create and maintain transition plans to prepare for a major disruption in their business under rule that will be proposed, White said today. Photographer: Andrew Harrer/Bloomberg

Last month, Crapo and Brown requested that stakeholders provide information by March 15 on how financial regulators and private companies collect, use and protect sensitive information.

“Americans are rightly concerned about how their data is collected and used, and how such data is secured and protected,” the senators said in a statement. “The collection and use of personally identifiable information will be a major focus of the Banking Committee moving forward.”

As part of their request, Crapo and Brown asked for feedback on what could be accomplished through legislation or regulation that would guarantee consumers are notified of data breaches in a timely manner, provide transparency about what information is being collected and ensure that credit bureaus maintain accurate data.

In response, Ryan noted that "data privacy and security is a dynamic field with novel risks emerging on a constant basis," which is why "it is critical that state regulators and state law enforcement agencies retain the ability to protect consumers in their states."

Ryan said that a federal approach that would preserve states’ abilities to enact privacy laws would be consistent with previous statutes, including the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, and would allow “states to experiment with innovative approaches to advancing the ability of consumers to control the use of their information as novel threats emerge.”

“For this reason, CSBS would strongly oppose any federal proposal which seeks to preempt states from playing a leading role in advancing consumers protections in the areas of data privacy, security, and control,” Ryan said.

For reprint and licensing requests for this article, click here.
Data privacy Data privacy rules Cyber security Data breaches Sherrod Brown Mike Crapo CSBS Senate Banking Committee
MORE FROM AMERICAN BANKER