House Lawmakers Introduce Dual-Bill Framework to Push For National Data Privacy Standard

House lawmakers late last week unveiled a coordinated legislative package aimed at creating a unified federal standard for consumer data privacy, signaling a renewed push to replace the current patchwork of state laws with a national framework.

The effort, led by the House Financial Services Committee and the House Energy and Commerce Committee, includes two bills: the GUARD Financial Data Act and the SECURE Data Act. Together, the proposals target both financial data governed by the Gramm-Leach-Bliley Act (GLBA) and broader categories of personal data across industries.

The legislation remains in the early stages of the congressional process and is expected to undergo significant revisions as it moves through committee consideration, House debate, and potential Senate review. 

GUARD Act Targets Financial Data Practices Under GLBA

The GUARD Financial Data Act focuses on modernizing how financial institutions collect, use, and share nonpublic personal information under the GLBA.

A central provision introduces a data minimization standard, requiring institutions to limit data collection and disclosure to what is reasonably necessary for a defined purpose. For debt collectors and creditors, this could affect how consumer data is gathered, enriched, and shared across servicing and recovery workflows.

The bill also strengthens consumer control over financial data, as it codifies a continuous opt-out right for sharing data with nonaffiliated third parties and introduces new access and deletion rights for consumers. Former customers, in particular, would be able to request deletion of their data, subject to certain legal and regulatory exceptions.

Additional requirements would expand transparency obligations. Financial institutions would need to disclose how data is used, retained, and processed, including whether AI is involved in handling consumer information. The bill also requires clear disclosures around data sharing with certain foreign jurisdictions.

The legislation further imposes new restrictions on the use of consumer access credentials, such as usernames and passwords, by third parties. Data aggregators and other nonaffiliated entities would need to provide detailed notice and obtain opt-out opportunities before using such credentials.

SECURE Data Act Establishes Broader Consumer Privacy Framework

The SECURE Data Act proposes a comprehensive set of consumer privacy rights that would apply across industries outside the scope of GLBA-covered financial data.

Under the bill, consumers would have the right to access, correct, delete, and obtain portable copies of their personal data. They would also be able to opt out of targeted advertising, the sale of personal data, and certain forms of automated decision-making that produce legal or similarly significant effects.

The bill introduces strict requirements for handling sensitive data, requiring affirmative consumer consent before processing categories such as biometric information, precise geolocation data, and certain demographic details.

For companies operating as data controllers, the legislation establishes clear obligations around data minimization, purpose limitation, and transparency. Organizations would be required to provide detailed privacy notices explaining how data is collected, used, and shared, along with mechanisms for consumers to exercise their rights.

The measure also places new oversight on data brokers, requiring registration with the FTC and public disclosure of data practices. Vendor relationships would face additional scrutiny through mandated contractual requirements between controllers and processors.

Federal Preemption and Scope Limitations

Both bills include provisions that would preempt state-level privacy laws, replacing them with a single federal standard. This approach has long been supported by industry groups seeking consistency across jurisdictions, though it is likely to face debate as the legislation advances.

At the same time, the SECURE Data Act includes notable exemptions. Financial institutions subject to GLBA, along with data regulated under the Fair Credit Reporting Act, would largely fall outside its scope. As a result, the GUARD Act is expected to carry greater direct impact for traditional debt collection and receivables operations.

What It Means Moving Forward

For accounts receivable management professionals, the GUARD Act introduces potential changes to how consumer data is collected, retained, and shared, particularly in areas such as skip tracing, vendor management, and analytics. 

The SECURE Data Act, while more limited in direct applicability, signals broader expectations around privacy practices that could influence marketing, digital engagement, and third-party relationships.

The combined package highlights several areas likely to draw continued attention, including data minimization requirements, expanded consumer rights, and oversight of third-party data flows.

Legislative Outlook

The bills remain subject to amendment and negotiation as they move through the legislative process. Changes during House debate and potential Senate consideration could significantly reshape both the scope and substance of the proposals.

Industry stakeholders are likely to monitor the legislation closely as an early indicator of federal priorities in data privacy and compliance. Even in draft form, the package provides insight into how lawmakers may approach future regulation of consumer data across the financial services and receivables landscape.