California Governor Gavin Newsom has signed five bills that will directly amend the California Consumer Privacy Act (CCPA). Signed into law by then-Governor Jerry Brown on June 28, 2018, the CCPA was designed to notify consumers that they can learn about their personal data that is being collected and sold or distributed to third-parties or affiliates and be given the opportunity to opt-out. The effective date of the CCPA is January 1, 2020, and the enforcement date will be on July 1, 2020.
Overview of CCPA
The CCPA applies to any for-profit business entity that does business in California, collects consumers’ personal data, and possesses the personal information of more than 50,000 consumers, houses or devices, has annual gross revenues of more than $25 million or earns more than half of its annual revenue from selling personal information.
Requirements for Financial Institutions
CCPA does differ from California SB-1, the California Financial Information Privacy Act, and will additionally require firms to:
1. Provide consumers with notice requirements, including consumer rights;
2. Obtain opt-in consent before “selling” personal information for individuals under 16;
3. Provide, upon request from the consumer, any information collected, whether it has been shared or sold, and to whom; and
4. Provide for deletion measures and allow consumers the ability to “opt-out” of the sale of personal information to third parties.
Additional Privacy-Related Bills
In addition to the CCPA amendments, Gov. Newsom also signed two other privacy-related laws. AB 1130 will now include governmental identifiers and biometric data as types of data businesses may be held liable for in data breaches, and AB 1202 requires that data brokerage firms register with and provide information to the Attorney General’s office.
Preparation for Compliance
While the amended laws provide some additional details on the CCPA, some vagueness and uncertainty remain. To date, there has been no sign of an extension to the January 1, 2020 effective date. As the date is quickly approaching, firms should proactively prepare for the compliance date.
Preparation will include assessing and mapping the data your firm currently possesses and collects, analyzing the CCPA along with firm activities to determine what activities will fall under regulation, and then taking necessary steps to comply with the CCPA’s notification and consent requirements. Your firm will also need to create policies and procedures in order to respond to consumer requests and train employees accordingly.
Jacko Law Group published a Legal Risk Management Tip earlier this year with detailed steps to prepare for the CCPA. Read the Legal Risk Management Tip.
Should your firm require guidance and assistance in assessing data, implementing privacy safeguards and/or counsel on considerations for strengthening internal controls, privacy policies and notices, and training employees on the CCPA, Jacko Law Group can assist. Contact our team of attorneys today.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers corporate and securities legal services to broker-dealers, investment advisers, investment companies, hedge/private funds and ...
Add a comment
- SEC Examination Focus: Four Considerations for Vendor Relationships Within Your Business Continuity Plans (BCP)
- Old, Familiar Fraud Found in New, Innovative Investments
- An Important Lesson About Marketing Materials and Risk
- Getting Ahead of the Curve: FINRA’s Areas of Focus for 2020
- Internal Control Failures Cost MetLife $10 million in SEC Settlement
- Another Technology Company Settles SEC Charges Over ICO Violations
- SEC Proposes Updated Definition of Accredited Investor, Qualified Institutional Buyer
- How to Avoid Legal Problems and Foster a Culture of Regulatory Compliance
- Inside the SEC’s Proposed New Rules for Financial Advisor Advertising
- A Costly Failure to Follow Written Policies and Procedures
- Securities and Exchange Commission (SEC)
- Investment Advisers
- Due Diligence
- Advisers Act
- Policies and Procedures
- Securities Law
- Office of Compliance Inspections and Examinations (OCIE)
- Ponzi Scheme
- Aging Clients
- Form U5
- California Consumer Privacy Act (CCPA)
- Virtual Currency
- Dodd-Frank Act
- Regulation Best Interest
- Private Equity
- Private Funds
- Transition Services
- Hedge Funds
- Regulatory Examinations
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Social Media Marketing
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Broker Protocol
- Wells Fargo