In 2018, the state of California passed The California Consumer Privacy Act of 2018 (CCPA), which becomes effective on January 1, 2020, as the most expansive piece of privacy legislation in the U.S. to date. SEC-registered investment advisers have not, however, received a blanket exemption by virtue of already being subject to the Gramm-Leach-Bliley Act and its implementing regulation – Regulation S‑P. In a recent interview with the Private Equity Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan discussed how the CCPA will affect fund managers. This second article in our two-part series reviews two recent amendments to the CCPA that would help address areas where the GLBA exemption falls short and next steps for managers that believe they are subject to the CCPA, including an explanation of how fund managers can complete a data-mapping exercise. The first article
presented their thoughts on how fund managers can determine whether they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the GLBA will provide some, but likely not complete, relief from compliance with the CCPA. For more on privacy considerations, see “Attorneys Consider Impact of the GDPR (Part One of Two)
” (Feb. 21, 2019); and “How Managers Can Mitigate Improper Dissemination of Sensitive Information (Part One of Two)
” (Sep. 22, 2016).