California Governor Gavin Newsom has signed five bills that will directly amend the California Consumer Privacy Act (CCPA). Signed into law by then-Governor Jerry Brown on June 28, 2018, the CCPA was designed to notify consumers that they can learn about their personal data that is being collected and sold or distributed to third-parties or affiliates and be given the opportunity to opt-out. The effective date of the CCPA is January 1, 2020, and the enforcement date will be on July 1, 2020.
Overview of CCPA
The CCPA applies to any for-profit business entity that does business in California, collects consumers’ personal data, and possesses the personal information of more than 50,000 consumers, houses or devices, has annual gross revenues of more than $25 million or earns more than half of its annual revenue from selling personal information.
Requirements for Financial Institutions
CCPA does differ from California SB-1, the California Financial Information Privacy Act, and will additionally require firms to:
1. Provide consumers with notice requirements, including consumer rights;
2. Obtain opt-in consent before “selling” personal information for individuals under 16;
3. Provide, upon request from the consumer, any information collected, whether it has been shared or sold, and to whom; and
4. Provide for deletion measures and allow consumers the ability to “opt-out” of the sale of personal information to third parties.
Additional Privacy-Related Bills
In addition to the CCPA amendments, Gov. Newsom also signed two other privacy-related laws. AB 1130 will now include governmental identifiers and biometric data as types of data businesses may be held liable for in data breaches, and AB 1202 requires that data brokerage firms register with and provide information to the Attorney General’s office.
Preparation for Compliance
While the amended laws provide some additional details on the CCPA, some vagueness and uncertainty remain. To date, there has been no sign of an extension to the January 1, 2020 effective date. As the date is quickly approaching, firms should proactively prepare for the compliance date.
Preparation will include assessing and mapping the data your firm currently possesses and collects, analyzing the CCPA along with firm activities to determine what activities will fall under regulation, and then taking necessary steps to comply with the CCPA’s notification and consent requirements. Your firm will also need to create policies and procedures in order to respond to consumer requests and train employees accordingly.
Jacko Law Group published a Legal Risk Management Tip earlier this year with detailed steps to prepare for the CCPA. Read the Legal Risk Management Tip.
Should your firm require guidance and assistance in assessing data, implementing privacy safeguards and/or counsel on considerations for strengthening internal controls, privacy policies and notices, and training employees on the CCPA, Jacko Law Group can assist. Contact our team of attorneys today.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers securities, corporate, real estate and employment law counsel to broker-dealers, investment advisers, investment companies ...
Add a comment
- New SEC Climate Change and ESG Task Force to Enhance Investor Protection by Red Flagging Examples of Corporate Greenwashing
- What Investment Advisers Must do to Qualify for the DOL’s Prohibited Transaction Exemption for IRA Rollovers
- SEC Division of Examinations Cites Enhanced Focus on Business Continuity Processes, Protection of Retail Investors and ESG-Related Risks Among its 2021 Priorities
- FINRA Report Suggests Growing Need for Enhanced Risk Management in Cybersecurity and Outside Business Activities
- Deadline Approaching: Considerations for Your Form ADV
- Leveraging JLG's Latest Service: Real Estate
- Safeguarding Your Firm Against Fraudulent or Improper Recognition of Revenue
- New Advisers Act Advertising Rule to Undergo Further Review
- Investors, Advisers Must be Mindful to Comply with New U.S. Ban on Estimated $1 Trillion of Chinese Securities
- Your First Meeting on the SEC’s New Investment Adviser Marketing Rule Should Address These Topics
- Securities and Exchange Commission (SEC)
- Investment Advisers
- Regulatory Examinations
- Policies and Procedures
- Social Media Marketing
- Due Diligence
- Transition Services
- California Consumer Privacy Act (CCPA)
- Aging Clients
- Advisers Act
- Virtual Currency
- Dodd-Frank Act
- Ponzi Scheme
- Office of Compliance Inspections and Examinations (OCIE)
- Broker Protocol
- Securities Law
- Form U5
- Private Equity
- Private Funds
- Hedge Funds
- Regulation Best Interest
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Wells Fargo