What's Happening?
Montana and Connecticut have amended their privacy laws to remove broad exemptions for financial institutions under the Gramm-Leach-Bliley Act (GLBA). These amendments replace entity-level exemptions with more targeted carve-outs, marking a shift in state privacy laws. The changes reflect a growing recognition that financial institutions collect substantial amounts of consumer data not covered by GLBA, such as digital data from mobile apps and web services. This development follows a call to action by the Consumer Financial Protection Bureau, urging states to reconsider their privacy laws to better protect consumer financial information.
AD
Why It's Important?
The amendments in Montana and Connecticut signal a potential shift in how financial institutions must approach data compliance, moving away from a unified federal framework to a more fragmented state-by-state approach. This could lead to increased compliance burdens for financial institutions, requiring them to manage overlapping state and federal privacy obligations. The changes may also prompt other states to reconsider their privacy laws, potentially leading to a more complex regulatory environment for financial institutions. This evolution in privacy laws highlights the need for financial institutions to invest in scalable compliance infrastructure to adapt to changing regulations.
What's Next?
Financial institutions operating in Montana and Connecticut will need to align their data practices with both federal and state laws, mapping collected consumer data to determine applicable regulations. They must ensure privacy notices are compliant with both GLBA and state laws, and may need to refine systems for processing consumer requests. As more states may act on CFPB recommendations, financial institutions should track state privacy developments that could alter compliance obligations. The potential repeal of the CFPB’s Section 1033 Open Banking Rule may further complicate privacy notices, necessitating ongoing adjustments.
