The California Consumer Privacy Act of 2018 (CCPA) is set to become largely effective on January 1, 2020. At first blush, fund managers – particularly those without offices in California – may be tempted to assume that a privacy statute designed to protect “California consumers” does not apply to them. Upon closer inspection, however, many fund managers are appreciating the broad reaches of the CCPA and recognizing that it may apply to their advisory businesses, requiring them to comply with various affirmative notice obligations and subjecting them to potential private litigation for failing to implement and maintain reasonable security practices and procedures. In a recent interview with the Private Equity Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan discussed how the CCPA will affect the businesses of fund managers. This first article in our two-part series presents their insights on how fund managers can determine whether they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the Gramm-Leach-Bliley Act will provide partial relief from compliance with the CCPA. The second article will provide their thoughts on how fund managers can complete data-mapping exercises and outline next steps for managers that believe they are subject to the CCPA. For more on data privacy regimes, see “How Fund Managers Should Prepare for the Cayman Islands Data Protection Law
” (Nov. 12, 2019); and “Dechert Attorneys Consider Impact of the GDPR (Part One of Two)
” (Feb. 21, 2019).