Financial Institutions and the CCPA: What Remains After the Law's Exceptions

Bloomberg Law

25 Oct 2019
Reprinted with permission.

Financial services companies subject to the Gramm-Leach-Bliley Act (GLBA) are treated somewhat differently under the CCPA. However, the CCPA does apply to some personal information that financial institutions handle. Kristen Mathews and Adam Fleisher, attorneys in Morrison & Foerster’s Privacy + Data Security Group, authored an article for Bloomberg Law that covers the compliance burdens that even financial institutions have under the California Consumer Privacy Act, and evaluates whether, how, and how fast, these burdens can be met.

“In general, it appears that the CCPA will apply to financial institutions with respect to information that is not collected for a GLBA purpose (i.e., not in the context of the provision of financial services primarily used for personal, family, or household purposes) and therefore is not collected ‘pursuant to’ the GLBA,” Kristen and Adam write. “One way to conceptualize how the CCPA could apply to a financial institution, therefore, is by considering people, activities, and information that could fall outside of the GLBA and therefore be subject to the CCPA.”

Kristen and Adam also advise that: “if they haven’t already, financial services companies that have personal information of individuals who reside in California should consider evaluating the personal information they collect that may be subject to the CCPA, the types of ‘consumers’ they interact with as defined under the CCPA as a result, and what they need to do to be ready for the law when it becomes operative.”



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.