On March 17, 2026, the House Financial Services Committee held a hearing on “Updating America’s Financial Privacy Framework for the 21st Century.” EPIC filed a statement for the record outlining key ways in which the committee can advance financial privacy for American consumers.
EPIC’s statement for the record highlighted the sensitive nature of financial information. If financial information is breached, scammers may use it to defraud people or target victims for scams. Financial data security is also critical for national security. If criminals and foreign adversaries gain access to financial information, they could use the data to blackmail members of the military or government personal, fuel phishing attacks to access sensitive information, or use the data in other ways that put our country at risk.
To strengthen financial privacy and security, EPIC urged the committee not to expand or extend notice-and-choice style privacy regimes like the Gramm-Leach-Bliley Act (GLBA), which covers financial institutions. Given the GLBA’s shortcomings, EPIC also urged the committee not to amend the GLBA to preempt stronger state privacy laws that apply to financial institutions. As our statement explains, “[m]any states have already begun to adopt comprehensive privacy regimes. Making the GLBA a preemptive standard without amending the GLBA to include significantly stronger privacy protections would contract the scope of privacy protections by annulling already passed laws in many states.”
EPIC routinely advocates for strong financial privacy protections for consumers. In September 2025, EPIC, the National Consumer Law Center, and a coalition of other civil society organizations sent a letter and filed a comment with the House Financial Services Committee providing recommendations to strengthen financial privacy and security. In January 2024, EPIC filed comments with the Consumer Financial Protection Bureau (CFPB) in support of the proposed Personal Financial Data Right rules. The Personal Financial Data Rights rules are now being reconsidered by the CFPB, and, in October 2025, EPIC filed a comment urging the CFPB to maintain the strong privacy protections included in the previously finalized rule. EPIC also filed comments in support of the CFPB’s proposals related to medical debt and comments on the CFPB’s now withdrawn proposed revisions to Fair Credit Reporting Act rules, which among other changes would have clarified that data brokers must comply with FCRA. In December 2024, EPIC Executive Director Alan Butler testified before the House Financial Services Committee in a hearing entitled: “Innovation Revolution: How Technology is Shaping the Future of Finance.”