Congress Takes a Closer Look at Financial Data Privacy — Here’s What Property Managers Should Know

Legislative

March 20, 2026

On March 17, 2026, the House Financial Services Committee held a hearing titled “Updating America’s Financial Privacy Framework for the 21st Century.” The hearing examined a discussion draft bill that would update the Gramm-Leach-Bliley Act (GLBA) — the main federal law governing how financial institutions handle consumer data. While this may sound like a banking issue, several provisions could have a real impact on how property managers operate and what compliance obligations they and their vendors face. NARPM’s Advocacy Team is monitoring this legislation closely.

What Is the Gramm-Leach-Bliley Act?

The GLBA has been the foundation of federal financial privacy law since 1999. It requires financial institutions to protect consumers’ personal financial information, provide privacy notices, and give consumers the ability to opt out of having their data shared with third parties. The law covers a broad range of entities — not just banks — including many businesses that handle financial transactions and data on behalf of consumers.

What Is the Discussion Draft?

Rep. Bill Huizenga introduced the discussion draft, which would make several updates to the GLBA. Here is a plain-language breakdown of what it proposes:

  • Data Minimization. Financial institutions could only collect, use, and keep consumer data to the extent necessary for legitimate business, legal, or regulatory purposes. This would limit how much personal financial data vendors and platforms can hold onto.
  • Stronger Opt-Out Rights. Consumers would have the right to opt out of having their data shared with third parties — not just at the beginning of the relationship, but at any point going forward.
  • Limits on Credential Access. Companies that aggregate financial data (like apps that connect to bank accounts) would need to clearly disclose how they use a consumer’s login credentials and give consumers the ability to stop that access. This targets a practice known as “screen scraping.”
  • New Consumer Rights — Access and Deletion. Consumers could request a copy of the personal financial data a financial institution holds on them. Former customers could also request that their data be deleted, with some exceptions for legal and regulatory requirements.
  • AI Disclosure. For the first time at the federal level, financial institutions would be required to disclose how they use artificial intelligence in collecting and processing consumer financial data.
  • Expanded Coverage for Data Aggregators. The bill would formally add financial data aggregators — companies that collect, compile, and sell consumer financial data — to the definition of “financial institution” under the GLBA.
  • Federal Preemption of State Laws. This is the most debated provision. The draft would replace the current federal “floor” with a federal ceiling, meaning state privacy laws covering consumer financial data would no longer apply. States could not set stricter standards than the federal law.
  • Small Business Consideration. Regulators would be required to consider the compliance costs and resource limitations of financial institutions with $15 billion or less in assets when writing rules to implement the law.

Why Should Property Managers Pay Attention?

Property managers may not think of themselves as financial institutions, but the tools and platforms you use every day — tenant screening services, rent payment apps, income verification platforms, and lease management software — are squarely in the middle of this debate. Here is why this matters:

  • Your vendors could face new obligations. If the platforms you rely on for rent collection, tenant screening, or income verification are classified as financial data aggregators under the new law, they would need to meet new federal privacy and data minimization standards. That could change what data they collect, how long they keep it, and what they can do with it — which flows directly into the services they provide to you.
  • State compliance could get simpler — or protections could shrink. If federal preemption passes as written, you would no longer need to comply with varying state financial privacy rules. That could ease multi-state compliance burdens. However, consumer advocates raised strong concerns that this would eliminate stronger state-level protections — including California, Illinois, and Colorado laws — without replacing them with equally strong federal protections.
  • AI-driven tools are under scrutiny. The hearing included significant discussion of AI being used in pricing and tenant screening. If your company or your vendors use AI tools to set rent prices, screen applicants, or analyze tenant financial data, new disclosure requirements and potential future regulations could apply.
  • Tenant data rights are expanding. Tenants — as consumers — would gain new rights to access and delete their personal financial data held by financial institutions. While this applies primarily to the entities holding the data (banks, fintech platforms, aggregators), it signals a broader national shift toward stronger consumer data rights that is worth tracking.

What Witnesses Said

The Committee heard from five witnesses representing a range of perspectives:

  • A representative from the Bank Policy Institute emphasized that banks already operate under a strong regulatory framework and urged careful coordination between any GLBA updates and existing financial regulations.
  • The Financial Data and Technology Association supported updated privacy rules but warned against conflating customer-permissioned fintech tools (like budgeting apps) with data brokers, arguing that doing so could harm consumers and competition.
  • The U.S. Chamber of Commerce strongly supported federal preemption to create a single national standard, arguing that the current patchwork of state laws creates costly confusion — especially for small businesses.
  • A financial privacy law expert from Morrison Foerster provided a detailed overview of current GLBA requirements and suggested that modest, targeted updates — including access and deletion rights, plus preemption — were appropriate and reasonable.
  • UnidosUS, a civil rights organization, raised concerns that the draft does not go far enough to protect consumers, particularly those with limited English proficiency, and argued that federal preemption would eliminate state protections that are currently working.

What Happens Next?

This is a discussion draft — it has not been voted on by the Committee and is subject to significant changes. The preemption provision, in particular, is expected to generate continued debate. NARPM will keep a close eye on this legislation as it moves forward and will provide updates as the process develops.

Copyright © 2026 National Association of Residential Property Managers®. All Rights Reserved. Do not reprint without permission.