Taking effect in just two months on January 1, 2020, The听听of 2018 (鈥淐CPA鈥) empowers consumers with various rights when their personal information is collected by most businesses. Many of the legislation鈥檚 critics believe the CCPA will likely place a substantial burden on the financial services provider industry since the law regulates the collection, analysis, aggregation, and transfer of consumer data, a central component of financial services.
The CCPA establishes specific notice, opt-out/opt-in, access, and erasure rights for consumers, as well as a private right of action for data breaches.
The CCPA applies to legal, for-profit entities that operate in California and collect consumers鈥 personal information if they meet听any听of the following requirements:
- Have an annual gross revenue that totals $25 million or higher;
- Buy, receive, sell, or share consumer data from 50,000 or more consumers, households, or devices; or
- Earn most of their annual revenue from selling personal data.
While the CCPA provides exemptions for some data that is subject to and , much of the personal information collected regularly by financial services providers is still subject to the CCPA鈥檚 requirements.
Based on its鈥 definition of 鈥減ersonal information,鈥 the CCPA is the broadest protection of information in any jurisdiction in the United States. This definition applies to all information that 鈥渋dentifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,鈥 including name, email address, biometric information, IP address, device identifiers, and browser-derived information (such as information stored in cookies, web beacons, and web pixels).
The GLBA applies only to 鈥減ersonally identifiable financial information鈥 鈥 information that a consumer provides to obtain a financial product or service, that results from a consumer transaction, or that is otherwise obtained in connection with providing a financial product or service.
The CCPA does 鈥渘ot apply to the sale of personal information to or from a consumer reporting agency if that information is to be reported in, or used to generate, a consumer report,鈥 and the information is regulated by the FCRA. .
Financial services providers face a higher risk of liability for data breaches since the CCPA creates a private right of action for the unauthorized access and exfiltration, theft, or disclosure of information covered by , California鈥檚 data breach law, which includes financial data. This private right of action also allows the recovery of statutory damages. Thus, plaintiffs do not have to establish that the data breach caused actual harm to recover damages.
Companies doing business in California need to start preparing now for the CCPA going into effect on January 1, 2020, especially since the CCPA applies to all personal information, regardless of the means of collection, and across businesses, regardless of industry.
Companies that plan on starting to do business in California in 2020 will need to devote a significant part of their budget to prepare for compliance with the CCPA. Businesses that do not comply by the effective date could incur $7,500 fines for each violation听that isn鈥檛 addressed after 30 days.
The attorneys at 天美传媒& Goldberg in California provide high quality, cost-effective legal services and advice for clients in all aspects of commercial compliance, business litigation, and transactional law. Call us at (818) 888-2220, send an email inquiry to info@glassgoldberg.com or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.
听
