If you process credit card payments, and if you run an auto repair shop, you almost certainly do, a quiet but important conversation is happening in Washington that could affect how your financial data is handled, stored, and shared.
The GLBA Is Getting a Facelift
The House Financial Services Committee recently held a hearing on modernizing the Gramm-Leach-Bliley Act (GLBA), the federal law that governs how financial institutions handle consumer data. The law has been on the books since 1999, and let's just say the payments landscape has changed a bit since then.
Rep. Bill Huizenga (R-MI) introduced a discussion draft proposing significant updates, including new consumer data rights like the ability to access and delete your information, updated consent frameworks, and a shift toward secure, API-based data sharing. In other words, the goal is to bring financial data privacy into the modern era, where digital payments, cloud-based systems, and real-time transactions are the norm.
Why This Matters for Small Business Owners
You might be thinking, "This sounds like a big-bank issue." But it's not. Every time a customer swipes a card at your shop, data flows through a chain of processors, networks, and financial institutions. The rules governing that data directly impact you, from the payment technology platforms you use to the compliance requirements you need to meet.
The proposed updates could simplify compliance by creating a single national standard, rather than the current patchwork of state-by-state rules. For shop owners juggling everything from parts orders to payroll, a streamlined framework would be welcome news.
The Debate Isn't Simple
Of course, not everyone agrees on the details. Lawmakers are debating several hot-button issues:
- Federal preemption: Should a national law override stricter state privacy rules? Some argue yes for consistency; others worry it could weaken protections.
- CFPB authority: The role of the Consumer Financial Protection Bureau in enforcing these rules is under scrutiny, with questions about how much power the agency should hold.
- AI and emerging data risks: As artificial intelligence becomes more embedded in payment processing and financial services, new questions arise about how consumer data is used by algorithms and automated systems.
The Electronic Transactions Association (ETA) is actively engaging with lawmakers on the draft, advocating for a technology-neutral privacy framework that streamlines compliance while preserving strong consumer protections.
What Should You Do Now?
For most small business operators looking at payment technology decisions, there's no immediate action required. This is still in the discussion phase. But it's worth paying attention to, because the outcome could reshape how payment processors handle your customers' data, and what compliance steps you'll need to take down the road.
In the meantime, make sure your current payment processing setup follows best practices: use secure, PCI-compliant systems, keep software updated, and work with a processor that prioritizes data security.
The payments industry is evolving fast, and staying informed is one of the best ways to protect your business. We'll keep watching this one and break down what it means for you as the legislation develops.