U.S. House Committee on Financial Services seeks public input on potential updates to federal consumer financial data privacy rules under the Gramm-Leach-Bliley Act

The U.S. House Committee on Financial Services issued a request for public feedback on current federal consumer financial data privacy law and potential legislative changes, focusing on Title V, Subtitle A of the Gramm-Leach-Bliley Act (GLBA), to reflect developments in the consumer financial services sector. The request asks whether GLBA should be amended or replaced with a broader approach, and whether a federal preemptive GLBA standard should be considered instead of the current federal-floor model, including how a preemptive standard would interact with state privacy regimes and other federal privacy laws. It also seeks views on possible revisions to key definitions (including “non-public personal information,” “personally identifiable financial information,” “consumer,” “customer relationship,” and “financial institution”), whether GLBA should more clearly cover entities such as data aggregators, and whether elements of state privacy frameworks should inform federal policy. Operational proposals raised include requiring consent before collecting certain data types such as PIN numbers and IP addresses, mandating deletion of data tied to accounts inactive for over a year after notice and no response, providing consumers a list of entities receiving their data, revisiting liability where data shared with third parties is later breached, and setting expectations for data minimization and retention limits. Comments are requested by August 28, 2025.