United States of America: Guidelines for Use, Access, and Responsible Disclosure of Financial Data Act (GUARD Financial Data Act) was introduced to House of Representatives

On 21 April 2026, the Guidelines for Use, Access, and Responsible Disclosure of Financial Data Act (GUARD Financial Data Act) was introduced to the House of Representatives. The Bill would amend Title V of the Gramm-Leach-Bliley Act of 1999 and would apply to financial institutions and financial data aggregators handling consumer nonpublic personal information. The Bill would require collection and disclosure to be limited to what is adequate, relevant, and reasonably necessary for each purpose. Sensitive nonpublic personal information, covering racial or ethnic origin, religious belief, health diagnosis, sexual orientation, citizenship or immigration status, biometric data, and precise geolocation data, could only be collected or disclosed with affirmative opt-in consent, revocable at any time. Customers and former customers would be entitled to request disclosure of their data and the categories of recipients, and former customers could request deletion within 45 days, extendable once by a further 45 days, with 2 requests per year free of charge. Privacy notices would have to disclose whether nonpublic personal information is processed in, retained in, or disclosed to a covered nation. The Bill would also supersede and preempt State consumer data privacy and security requirements covering financial institutions subject to Title V, while preserving State insurance authorities' enforcement powers. The Bill stands referred to committee for review, with the data minimisation, deletion, and preemption provisions taking effect 2 years after enactment and the access-credentials and sensitive-information opt-in provisions taking effect 1 year after enactment.