Congress Focuses on Credit Reporting and Personal Data
This week, the Senate Banking Committee held a hearing on the credit bureaus and the Fair Credit Reporting Act. The hearing comes amidst a growing interest in Congress to see that industry ensures the protection of consumers' personal data. Witnesses from the FTC and CFPB testified at the hearing. Notably, in his opening statement, Committee Chairman Mike Crapo (R-ID) cited key actions being taken by state regulators and lawmakers.
States have begun to react in their own ways to various aspects of the public debate on privacy, data security, and the Equifax data breach.
Two weeks ago, California enacted the California Consumer Privacy Act, which will take effect on January 1, 2020. The Act, which applies to certain organizations conducting business in California, establishes a new privacy framework by creating data privacy rights, imposing special rules for the collection of minors' consumers data, and creating a damages framework for violation and businesses failing to implement reasonable security procedures. Many members are interested in learning more about what California and other states are doing on this front.
Additionally, two weeks ago, eight state banking commissioners jointly took action against Equifax in a consent order requiring the company to take various actions regarding risk assessment and information security. I have long been concerned about data collection and data privacy protections by the government and private industry. Given Americans' increases reliance and use of technology where information can be shared by the swipe of a finger, we should ensure that companies and government entities who have such information use it responsibly and keep it safe.
Senator Sherrod Brown (D-OH), the committee's ranking member, underscored the important of consumer privacy protections:
"The Fair Credit Reporting Act is almost 50 years old. The amount and type of information being collected today would have been unthinkable when it was created...I hope the committee will not only listen to the advice we get today, but will also take action to give people control over what should be their personal information."
Here is Senator Brown's full statement.
One action Congress can take is to enable more coordinated supervision by financial regulators. In a statement to the committee, CSBS encouraged Senators to enact a House bill that would improve coordinated supervision of technology companies that work with banks:
CSBS encourages enactment of H.R. 3626, the Bank Service Company Act Examination Coordination Act. The legislation will enhance state and federal regulators' ability to coordinate examinations of, and share information on, banks' technology vendors in an effective and efficient manner.
Banks partner with third-party service providers (TSPs) to outsource a variety of critical banking services. The Bank Company Service Act (BSCA) authorizes federal regulators to examine TSPs to assess the potential risks they pose to individual client banks and the broader banking system. Currently, 38 states have similar authority under state law. The BCSA is silent regarding authorities and/or roles of state banking regulators, limiting the ability of federal and state regulators to share information on TSPs.
Amending the BCSA to appropriately reflect states' authority to examine TSPs will improve state-federal coordination and information sharing, and promote more efficient supervision of TSPs that provide critical services to a broad range of banks.