Data Security & Privacy Laws

Consumer data privacy and data security must be addressed uniformly to avoid a patchwork of confusion. 

Overview: Federal laws on consumer data privacy and data security cover various industries and individuals. Financial institutions are governed by the Gramm-Leach-Bliley Act (GLBA). However, there is no federal data breach notification law. In contrast, there are over 50 different non-federal data breach notification laws throughout the United States. MBA member companies cannot separate their information technology infrastructures to comply with varying state requirements, as well as those of the federal government. MBA continues to advocate for federal standards on matters of data privacy and data security and a federal preemptive data breach notification law. Recently, California enacted the California Consumer Privacy Act (CCPA), which takes effect January 1, 2020. Other states have begun introducing privacy bills mirroring the CCPA many with their own variations. Some of these bills, like the CCPA, contain an exemption for data subject to the GLBA, while others require confusing conflict analysis to determine whether a federal or state requirement is applicable. At a minimum, any state-level data privacy legislation must include a clear and simple GLBA exemption.

Read More 

Ways to Get Involved and Make a Difference

Data Protection Principles Overview