Our Position

Privacy and Personal Information


  • ICBA supports privacy measures that hold all entities that handle personal information to the same standards to which community banks and other financial institutions are held through the Gramm-Leach-Bliley Act (“GLBA”) and other financial regulatory oversight.
  • ICBA supports GLBA entity-level exemption from proposed state and national privacy laws.
  • ICBA supports a national privacy standard as opposed to a patchwork of state privacy acts and standards.
  • ICBA has significant concerns about the privacy implications to consumers stemming from recently promulgated and proposed regulations, including sections 1071 and 1033 of the Dodd-Frank Act.


Community banks collect sensitive nonpublic personally identifiable information (“PII”) about customers to meet their banking needs. Safeguarding customer information is central to community banks maintaining public trust and retaining customers.

Third Party and Non-Bank Privacy Standards. Customers have limited control over their personal and financial information held by entities outside of the financial services industry. This is due to a lack of standards for safeguarding sensitive nonpublic PII. For this reason, ICBA supports privacy measures that hold all entities that handle PII to GLBA-like privacy protections.

GLBA Exemption. ICBA supports an entity-level exemption for community banks from proposed laws due to the strict privacy requirements in GLBA and stringent enforcement by federal regulators. The patchwork of state privacy laws in place, or being considered, creates an unnecessarily burdensome and duplicative regulatory environment that does not serve to better protect customer privacy.

Privacy Standards. ICBA supports data privacy laws to protect consumer financial information and PII. However, a patchwork of differing state privacy laws and requirements creates unnecessary cost and burden for community banks and other small businesses. It is important to maintain one national standard as opposed to many complex and potentially competing state-level standards.

Forthcoming Regulations. ICBA is concerned with any new regulations that may pose privacy concerns to consumers. In particular, regulations such as sections 1071 and 1033 of the Dodd Frank Act will compromise consumers’ privacy. Section 1071 will require lenders to collect and report data on small business loan applications. This risks the privacy and reidentification of borrowers, especially those in rural areas. Section 1033 will result in more entities accessing and transferring banking data, thereby increasing the possibility that data privacy will be compromised.

Staff Contacts

Steven Estep

Assistant Vice President, Operational Risk

Washington, DC


Susan Sullivan

Senior Vice President, Congressional Relations

Washington, DC