As of January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) is now the law of the land, having gone into effect at the beginning of this year. One of the more complex issues concerning the CCPA pertains to the extent to which financial institutions governed by the Gramm-Leach-Bliley Act (GLBA) must adhere to the mandates of the CCPA. While California’s new privacy law does afford a carve-out for financial institutions, it does not provide a comprehensive, across-the-board “get out of jail free” card for the financial services industry. Consequently, at this juncture it is imperative that all covered financial institutions ensure that they are in compliance with the CCPA to minimize the potential liability risk that now exists for noncompliance with the law.

Originally published in the Summer 2020 edition of the NY Business Law Journal (Vol. 24, No. 1).