League Requests Amendments to State Data Privacy/Security Bills

The New Jersey Credit Union League (NJCUL) has requested amendments to two data privacy/security bills pending in the state Legislature.

One bill (A4640) would require businesses to notify individuals of the collection of personally identifiable information and establishes certain security standards. The other (A4902) would require commercial Web sites and online services to notify customers of the collection and disclosure of personally identifiable information and allows customers to opt out.

Both bills are pending in committee and have Senate companion measures (S3153; S2834) also pending committee consideration in the upper chamber.

The letters to the respective sponsors request the measures be amended to exempt from the legislation any financial institution or financial institution affiliate that is subject to the federal Gramm-Leach-Bliley Act of 1999 or New Jersey’s Insurance Information and Privacy Protection Act.

Suggested language was provided.

The letters said: “Since industry and ecommerce trends are moving well-beyond state lines, we believe that a federal standard is the proper solution to this problem. The absence of a broad regulatory regime may call for state action, but in the case of financial institutions, a proactive and robust regulatory regime is already in place. “

CUNA and the state leagues continue to press Capitol Hill lawmakers to establish a national data security standard that subjects all entities with access to personal financial data to the same privacy protections as financial institutions under Graham-Leach-Bliley, and holds any entity found responsible for a data breach liable for the resulting costs.    

Both the House Financial Services Committee and Senate Banking Committee have identified data security legislation as a priority for the 116th Congress to ensure consumers are protected.