In a changing digital world, many consumers continually weigh convenience and customized experiences with the privacy of their personal information. Consumers become accustomed to perks like scanning their loyalty card for an extra five dollars off, seeing an ad or coupon that fits their needs, enjoying faster searching, or matching a weather report with their exact location. Simultaneously, they demand increased protection of their personal information and transparency over how the information is used.
While today’s data privacy concerns generally target tech companies, these consumer calls may also impact credit unions where strict data privacy laws already drive action.
Financial services has long been subject to various state and federal laws requiring privacy protections for personal financial information, like the Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)). These laws establish a framework that balance consumer control over personal information with operational feasibility and data security. Meanwhile, other sectors of the economy have been operating with few or no privacy restrictions, giving rise to consumer concerns about the collection, use, and sharing of their personal information.
Policymakers are taking note of these tensions around data and engaging in debates on data privacy at the state, federal, and global levels – and these efforts merit the attention of credit union leaders.
- In May 2018, the European Union implemented the General Data Protection Regulation (GDPR), creating one set of data protection rules for all EU member states and establishing new rights for individuals related to access, deletion, and consent for the collection of information.
- Passed in 2018, the California Consumer Privacy Act (CCPA) is now effective. The CCPA broadens the definition of personal information, increases disclosure requirements, and grants California residents new privacy rights. The CCPA layers on top of existing state and federal financial information privacy laws.
- In 2019, more than 20 state legislatures introduced data privacy legislation. Already in 2020, comprehensive data privacy legislation is under consideration in at least nine states with additional states still likely to follow this year.
- Congress is considering data privacy legislation, too. Republicans and Democrats agree a federal bill is the solution but disagree on what the bill should require. We expect lawmakers will eventually come to consensus and pass a federal bill, but not before states pass a patchwork of data privacy legislation.
What does this movement in the realm of data privacy mean for credit unions?
Data privacy policy has the potential to significantly change the way our organizations, products, and services help people build brighter financial futures. For credit unions and others in financial services, data privacy legislation may limit marketing collaborations (e.g. joint marketing), digital profiling, and the purchase of marketing data. Legislation may also impact how organizations coordinate to bring data-driven services to credit unions and members and create new obligations around transparency, consumer control, and required responsiveness when consumers exercise new rights.
CUNA Mutual Group joins credit unions in data privacy advocacy efforts by supporting balanced privacy protections for credit unions and members. During data privacy debates in California and across the country last year, CUNA Mutual Group proudly partnered with credit union leagues and trade associations to champion strict provisions relied upon by credit unions for entities or information covered by existing financial information privacy laws such as GLBA and FCRA.
With California’s data privacy law now in effect, we are living in the CCPA era. We expect the adoption of additional data privacy bills that are like California’s, but not the same. Varying state data privacy laws will likely create a patchwork of data privacy standards and further complicate compliance efforts for credit unions serving consumers in multiple states.
As state lawmakers and members of Congress consider the data privacy topic, CUNA Mutual Group will continue to join credit unions in advocating for current, strong financial information privacy laws, while other sectors of the economy, including tech companies, catch up to the standards our industry has followed for more than 20 years. The credit union system continues to be responsible stewards of members’ financial information and advocates for sound data security measures.