CCPA Enforcement Begins July 1, 2020 – Violators Already Being Pursued

Financial institutions are down to one week left to update their privacy notices and privacy practices in order to comply with the California Consumer Privacy Act. The CCPA will be enforced by California’s Attorney General starting July 1, 2020 following six months of breathing room since the law took effect January 1, 2020. In addition to the enforcement by California’s AG, private actions for CCPA violations have already been filed against a number of companies – signifying that the law has teeth and noncompliance is being pursued aggressively.

In a previous blog post, we identified the various requirements imposed by the CCPA, many of which are similar to data protections for individuals under the GDPR. Noncompliance can result in a penalty of up to $2,500 per violation ($7,500 per violation if deemed intentional), which can quickly rack up given the number of California clients a financial institution may have.

Final regulations implementing the CCPA were published June 1, 2020 and are available here.

At CSS, we are receiving inquiries from financial firms looking to update their privacy notices ahead of the enforcement date. If you would like assistance in reviewing your privacy practices for CCPA or conducting a data classification assessment, or to inquire about any of our cybersecurity service offerings, please contact our experts at:

Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

Service Provider Due Diligence – Building Effective Partnerships

In 2009, the SEC stated at its CCOutreach Program that “when a service provider is utilized, the adviser still retains its fiduciary responsibilities for the delegated services.” This philosophy is as true today as it was 10-plus years ago. Therefore, the question becomes how do you establish a due diligence oversight program for your firm’s … Continued

SEC Adopts Changes to Reporting Forms

Regulation of Derivatives Use by RICs and BDCs Recognizing the proliferation of new derivate products in our markets, the SEC voted to adopt a new regulatory framework for the use of derivatives by mutual funds, ETFs, closed-end funds, and business development companies. The SEC’s press release stated that, “The new rule and rule amendments will … Continued

Time to Use the Bat Phone: Who to Call When a Compliance Officer Needs Help?

It seems that the burden of work continues to increase for compliance professionals in the investment management industry. While also ensuring that their compliance program is effective, compliance officers must also be aware of cybersecurity threats, business continuity plans, new regulations, changes in business strategy, and more – all while doing this under a work … Continued