On Wednesday, the U.S. House Committee on Financial Services Subcommittee on Financial Institutions and Monetary Policy held a hearing entitled, “Revamping and Revitalizing Banking in the 21st Century." The hearing covered several topics, including proposed modifications to existing consumer data privacy and breach notification frameworks.

Committee leadership has signaled their intention to make privacy a priority in the new Congress and has released draft legislation that would amend and bolster the privacy requirements created by the 1999 Gramm-Leach-Bliley Act (GLBA). GLBA required insurance agencies, insurers, and other financial institutions to disclose their information-sharing policies and to inform consumers of their ability to prevent the sharing of nonpublic personal information with certain nonaffiliated third parties.

The Big “I" submitted written testimony as the committee begins its work on privacy legislation. The testimony emphasized several key areas that are important to independent insurance agents, such as the manner in which any requirements should be implemented and enforced in the insurance market; the need to ensure that any new requirements are clear, objective, and workable for our financial sector; and the importance of considering the impact of new obligations on small businesses.

The Big “I" strongly advocated for state insurance regulators to remain responsible for the implementation of the GLBA standards and the adoption of any necessary sector-specific guidance within the insurance industry. This common-sense approach has worked well for more than 20 years, and there is no public policy rationale for abandoning it now.

The Big “I" statement also stressed that there is no reason to significantly alter the law's existing enforcement mechanism. Some have suggested that any privacy legislation should establish a private right of action that would allow trial lawyers to become de facto regulators and enforce the law through litigation. The Big “I" argued that such a mechanism would be costly and counterproductive and that enforcement of any revised GLBA privacy requirements should remain in the hands of the appropriate functional regulators.

Finally, the Big “I" testimony urged the committee to consider the unique impact and compliance burdens that changes to the GLBA privacy framework and any related guidance adopted by regulators will have on small businesses and expressed appreciation that the initial legislative drafts do so.

The committee is expected to hold a markup of the privacy legislation in the coming weeks. As Congress continues discussing data privacy and breach notification legislation, the Big “I" will continue to provide members with updates in the weekly News & Views e-newsletter.

Raaed Haddad is Big “I" director of federal government affairs.