March 15, 2019 – Today Financial Innovation Now weighed in with the Senate Banking Committee on data protection policy. In response to a request from Senators Mike Crapo (R-ID) and Sherrod Brown (D-OH), FIN voiced support for Congressional efforts to pass comprehensive national privacy legislation, stating that data protection legislation should be comprehensive and raise the bar for everyone.

Full text of the letter is below and available at


March 15th, 2019

The Honorable Mike Crapo, Chairman
The Honorable Sherrod Brown, Ranking Member
Committee on Banking, Housing, and Urban Affairs
United States Senate
534 Dirksen Senate Office Building
Washington, DC 20510

Dear Chairman Crapo and Ranking Member Brown:

Thank you for the opportunity to submit feedback on data privacy. Financial Innovation Now (“FIN”) is an alliance of leading innovators promoting policies that empower technology to make financial services more accessible, safe and affordable for everyone.[1]

FIN’s members share the Committee’s interest in maximizing data security and protecting the privacy of user information used in offering financial services and products, while at the same time minimizing the potential for fraud in the use of these services and products. As pioneering technology companies, FIN members have been at the forefront of new security capabilities and privacy features. Consumer-facing companies have created features like just-in-time notices or active notices, mobile alerts, granular privacy controls, and data portability; while enterprise and infrastructure companies have enabled similar features for thousands of non-technology companies.

Similarly, technology companies have often been the first to develop and adopt new security practices aimed at mitigating fraud in financial services, such as tokenization of payments, end-to-end encryption, and optional multi-factor or biometric authentication. These companies generally have no business other than their digital business, so maintaining user trust is uniquely critical. Additionally, FIN member companies’ financial products and services are subject to a wide range of state and federal regulatory obligations, as well as oversight from the Federal Trade Commission and the Consumer Financial Protection Bureau.

As the Committee examines various policy approaches to privacy and data security in financial services, FIN believes that data protection legislation should be comprehensive and raise the bar for everyone. Technology and financial services are rapidly becoming indistinguishable. As convergence accelerates, it makes little sense for the United States to continue with a sector-specific approach to data, financial or otherwise. Existing U.S. laws for financial privacy and data protection should be enhanced to encourage innovation in privacy and data security features to prevent fraudulent misuse and data breaches.

FIN supports Congressional efforts to enact comprehensive privacy and data breach legislation. Such legislation should pre-empt state laws; preserve data sharing necessary for enhanced security, authentication and fraud prevention; distinguish direct consumer services (“controllers”) from enterprise services (“processors”) acting on behalf of other businesses; and update relevant provisions of existing statutes to ensure consistent consumer expectations across many different services, or avoid duplicative coverage. Finally, Congress should assess whether prudential regulators are appropriate overseers of industry privacy and security, and consider unifying such oversight through comprehensive legislation.

Thank you for your interest in FIN’s views and we look forward to working with the committee on these issues going forward. Please let me know if I can be of further assistance.

Brian Peters
Executive Director
Financial Innovation Now

[1] Our member companies include Amazon, Apple, Google, Intuit, Square, Stripe, and PayPal. For more information regarding FIN’s policy priorities and principles, please visit

Start typing and press Enter to search